Re: Next release

2020-08-26 Thread Filip Hanik 
On Wed, Aug 26, 2020 at 12:12 Rémy Maucherat  wrote:

> On Wed, Aug 26, 2020 at 6:25 PM Filip Hanik  wrote:
>
>>
>>
>> On Wed, Aug 26, 2020 at 09:15 Mark Thomas  wrote:
>>
>>> On 26/08/2020 17:12, Filip Hanik wrote:
>>>
>>> > Our cadence seems fairly predictable.
>>>
>>> >
>>>
>>> > Any thoughts on the timeline of the  on the next batch of releases?
>>>
>>>
>>>
>>> I skipped the August releases as I was away. I'm planning on the
>>>
>>> September releases as usual. I'd like to get Tomcat Native and Commons
>>>
>>> Daemon updates into those releases if possible.
>>
>>
>> Thanks, that sounds like a good plan. I’m reviewing the PRs too.
>>
>
> Can res/graal/java be moved to the main sources ?
>

It can, I didn’t want to pollute it while I marked it as experimental to
get it field tested. but main/sources makes my life easier.

Filip

>
> Rémy
>
>
>>
>>>
>>>
>>>
>>> Mark
>>>
>>>
>>>
>>> -
>>>
>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>>>
>>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>>
>>>
>>>
>>>
>>
>>
>
>

Re: Next release

2020-08-26 Thread Rémy Maucherat 
On Wed, Aug 26, 2020 at 6:25 PM Filip Hanik  wrote:

>
>
> On Wed, Aug 26, 2020 at 09:15 Mark Thomas  wrote:
>
>> On 26/08/2020 17:12, Filip Hanik wrote:
>>
>> > Our cadence seems fairly predictable.
>>
>> >
>>
>> > Any thoughts on the timeline of the  on the next batch of releases?
>>
>>
>>
>> I skipped the August releases as I was away. I'm planning on the
>>
>> September releases as usual. I'd like to get Tomcat Native and Commons
>>
>> Daemon updates into those releases if possible.
>
>
> Thanks, that sounds like a good plan. I’m reviewing the PRs too.
>

Can res/graal/java be moved to the main sources ?

Rémy


>
>>
>>
>>
>> Mark
>>
>>
>>
>> -
>>
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>>
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>>
>>
>>

Re: [tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread Mark Thomas 
On 26/08/2020 18:43, Christopher Schultz wrote:



> Is there a particular reason we don't just shade the commons-dbcp and
> commons-pool code at build-time rather than manually merging-in
> patches to our private copy?

The short answer is greater flexibility.

The longer answer is that there are various reasons and that the
relative importance of those reasons has varied over time and between
components. They include:
- the ability to remove code we don't need / want
  - we only use a small subset of BCEL
  - we generally remove deprecated code immediately
  - we ignore parts of FileUpload and 8.5.x ignores part of DBCP
- the ability to fix issues / avoid regressions
  - there was an 'improvement' in the DBCP abandoned connection tracing
that caused problems so we backed that change out in our copy
  - we have applied various fixes / clean-up globally to the Tomcat code
base over time and then contributed them to Commons (there are a few
of those we still need to contribute)
- the ability to handle the Java EE / Jakarta EE transition (both DBCP
  and FileUpload have Java EE / Jakarta EE imports)
- the ability to update to any tag or commit
- the ability to skip commits that make use of newer Java features (e.g.
  lamdas) that are not available in the Java version we have to compile
  with

My sense currently is that setting up shading and then handling the
various edge cases is more work than generating a patch every ~6 months,
applying it and dealing with a small number of conflicts.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/26/20 13:36, Mark Thomas wrote:
> On 26/08/2020 17:56, Christopher Schultz wrote:
>> Mark,
>>
>> On 8/26/20 11:19, ma...@apache.org wrote:
>>> This is an automated email from the ASF dual-hosted git
>>> repository.
>>
>>> markt pushed a commit to branch master in repository
>>> https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>> commit f1c4210470a268ec6830a95ab219f418a7e775fb Author: Mark
>>> Thomas  AuthorDate: Wed Aug 26 16:15:50 2020
>>> +0100
>>
>>> Update Commons DBCP to latest
>>
>> It looks like, among other things, this includes the fix for
>> https://issues.apache.org/jira/browse/DBCP-559
>>
>> If so: hooray!
>>
>> Can you confirm?
>
> Confirmed. There were sufficient meaningful changes to DBCP since
> the last release so I took the latest code.

Sounds great.

Is there a particular reason we don't just shade the commons-dbcp and
commons-pool code at build-time rather than manually merging-in
patches to our private copy?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9Gny4ACgkQHPApP6U8
pFjWWRAAnOx86BJqnoHUt3abvXUMWz0d92kFRwG7gauMqMt6WZ/6zzyiXepRqmU9
oUvh0RH9hh5Ri0nDT+Hjl5PsRuhJ7zzrnA7QBtohFR1q+J7IWq3RpIIwuOmzLgMk
16Yc9m+T5JTH0c1bpZXgwvUyS9WrinIQfE7gBTtO/rDaSU9q7wC0K3S9/BTiED0b
j8y257CMKLPY8rcRoGaXPOwmFLKREli1m7havdatjPqHJF9HhiQiLyFXEN1NDXKb
tNJVxcAv1r9KJ6R1CRbb5/jmzLxncEBBX0IjtpX2YblGMfV5JxtAfJCO72UhTA3g
KGAQEKxRTonbKHkF8vTzAPHpz+r54tpxL5iYyk9M4a+K8Pxaw3wmwgmgbUpqyfJI
gWUgBKSgOP/aA6W2ccjP//D7xtHwcdABJn725zKHnmFb827BjUdFHZW9uxwGnKA3
XTRWeNgF0HNVzRKja3HXJK37vhd3LSUC9L5AG6jwQUqy/CdCUs4F0LbhrbYQcxg1
o3XjYoEp4KVQUtReMNKAiL4tzcneajdml6MFITAvg6wJ57XeSWrramKlkHtFz+bQ
WCl+zatzibH3SVOOsGWghZanzOZcPOxmSIS31hYMn1eAatOj9imCE9t9xA/bJ0FD
zzUqL0oaTe4tfsOecQDeu/HC5OkSjRbXsvHzkXWW7RoRA90RF6c=
=De8e
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Fwd: Security concern about Tomcat's default value for HSTS MaxAge

2020-08-26 Thread Dave Wichers 
OK. Fair point. If you believe it is dangerous to just turn it on for real,
as someone might do that in prod without knowing what they are doing, then
I think Tomcat should generate a WARNING during startup that explains that
HSTS is ON, but not yet doing anything, and maybe point them to an article
that explains the uses/dangers of HSTS and how to configure it right, and
test it thoroughly, before they actually turn it on in prod.

As I said, I think turning it ON, but not really, and being silent about it
is dangerous to the non-expert. And you say turning it ON automatically for
the non-expert is dangerous too, and I agree. So what do you think about
generating some kind of warning during startup along the lines I suggest?

Maybe point them at an article like this:
https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it -
Although I would prefer a vendor neutral article provided by Apache or
OWASP or something like that. I couldn't find one I liked with a quick
Google search.

-Dave


On Wed, Aug 26, 2020 at 1:01 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dave,
>
> On 8/25/20 14:05, Dave Wichers wrote:
> > Per:
> > https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Heade
> r_Security_Filter
> >
> >
> and
> https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_
> Security_Filter
> >
> > they both say:
> >
> > hstsMaxAgeSeconds  - The max age value that should be used in the
> > HSTS header. Negative values will be treated as zero. If not
> > specified, the default value of 0 will be used.
> >
> > So, if a Tomcat user (like I did at first), configures
> > hstsEnabled=true, the HSTS response header is set by Tomcat, but
> > with a max age of zero (since that is the default).
> >
> > However, per the HSTS RFC:
> > https://tools.ietf.org/html/rfc6797#section-6.1.1 it says:
> >
> > NOTE:  A max-age value of zero (i.e., "max-age=0") signals the UA
> > to cease regarding the host as a Known HSTS Host, including the
> > includeSubDomains directive (if asserted for that HSTS Host).
> >
> > I noticed this problem when I first enabled HSTS on my Tomcat dev
> > instance, and then passively scanned my web app with OWASP ZAP
> > (https://owasp.org/www-project-zap/). ZAP, correctly I believe,
> > pointed out that enabling HSTS with a MaxAge of zero is effectively
> > a no-op. (i.e., does nothing).
>
> Correct.
>
> > If I'm correct, then I think having a default of zero is dangerous
> > and should instead default to something useful and effective.
>
> I disagree.
>
> > Such as one year (in seconds) which is what many developers
> > set/configure this value.  Otherwise, I think turning HSTS ON in
> > Tomcat might be giving people a false sense of security because it
> > really doesn't doing anything unless you also set MaxAge (which to
> > me isn't intuitive that you should have to do that).
> >
> > Do you agree with me that this is a problem that should be fixed?
> Here's why I disagree: if you configure your server to reply with
> HSTS=on with a meaningful expiration, then the browser is *going to
> enforce it*. If you have not configured it correctly, or you are just
> testing, you can basically lock your site out from all clients for
> e.g. a year before they are willing to re-connect to you.
>
> AFAIK, there is no recognized mitigation for "oops we enabled HSTS for
> our site but actually we need parts of it to remain non-encrypted so
> please please please forget we ever said anything about HSTS". If you
> enable it and don't know what you are doing, you can SERIOUSLY fubar
> your infrastructure.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9GlU0ACgkQHPApP6U8
> pFgQfQ//XnGay5wOwEIixUb/8PoioJHNLZLgqwShePVRnAkgyzCxRl+yWDonC7pX
> BcA4MwI5d/UcivGILor2VH5WXZYeI0e/zlneMT5P9hz9cBrUM4YTSx/wdUNA8a12
> mznC7T9fRZiUrgCHhEcgJaAL+rrPXDSAMVq6vVZBhTQBPd0igLmqxf1I8vA2hc8p
> Rk8oa6mb2YLSNvIjJAGqYaV1VIg4oMyNjowi5RmpFn/4h3Kk3rnPWY3kFlvi8t3W
> JGM3l7tGU8aFxrdCEVO+ypsCCtNsRbGWFGCaETITAHwYVnXEwk9wZNnOA51sJeQE
> aRyyo6KyJi7nqKEjlsXV2DBqCmjv8ToWv1INyZrGxJXNojThbeWhexKjrKu8FOXW
> RZMnOc6BMfQPb8673lGjLoGzcyjlgLSRhUTNwHaIwTGV8a6nK5+E/GNPr+x00Wei
> KumMnm/AB1haBLRPgX+A5elneOnedPweWE00KqH7uBOkUbHCquwOf/9YnmsJBji+
> KGIXecNk5pC2bwZF17ULYoC25UEBePyDbJNV5wEOZGLL+ayUtNFhtCSYB30+AWJT
> 3CqbHb0oMsb9kGQkEqScklzOBRsmHxvDZ4JSswO3rmKEUY+yGWKUbpxdZu6s/HSj
> DeaCEnqTByBocQDl8UWRruWwGXX7QC3Dk4z7CZdU1gLFAgMncm0=
> =tfoo
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread Mark Thomas 
On 26/08/2020 17:56, Christopher Schultz wrote:
> Mark,
> 
> On 8/26/20 11:19, ma...@apache.org wrote:
>> This is an automated email from the ASF dual-hosted git
>> repository.
> 
>> markt pushed a commit to branch master in repository
>> https://gitbox.apache.org/repos/asf/tomcat.git
> 
>> commit f1c4210470a268ec6830a95ab219f418a7e775fb Author: Mark Thomas
>>  AuthorDate: Wed Aug 26 16:15:50 2020 +0100
> 
>> Update Commons DBCP to latest
> 
> It looks like, among other things, this includes the fix for
> https://issues.apache.org/jira/browse/DBCP-559
> 
> If so: hooray!
> 
> Can you confirm?

Confirmed. There were sufficient meaningful changes to DBCP since the
last release so I took the latest code.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Security concern about Tomcat's default value for HSTS MaxAge

2020-08-26 Thread Mark Thomas 
On 26/08/2020 08:20, Martin Grigorov wrote:
> Hi,
> 
> On Tue, Aug 25, 2020 at 9:05 PM Dave Wichers  > wrote:
> 
> Per: 
> 
> https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Header_Security_Filter
> and 
> https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_Security_Filter
> 
> they both say: 
> 
> hstsMaxAgeSeconds  - The max age value that should be used in the
> HSTS header. Negative values will be treated as zero. If not
> specified, the default value of 0 will be used.
> 
> So, if a Tomcat user (like I did at first), configures
> hstsEnabled=true, the HSTS response header is set by Tomcat, but
> with a max age of zero (since that is the default).
> 
> However, per the HSTS
> RFC: https://tools.ietf.org/html/rfc6797#section-6.1.1 it says:
> 
> NOTE:  A max-age value of zero (i.e., "max-age=0") signals the UA to
> cease regarding the host as a Known HSTS Host, including the
> includeSubDomains directive (if asserted for that HSTS Host).
> 
> I noticed this problem when I first enabled HSTS on my Tomcat dev
> instance, and then passively scanned my web app with OWASP ZAP
> (https://owasp.org/www-project-zap/). ZAP, correctly I believe,
> pointed out that enabling HSTS with a MaxAge of zero is effectively
> a no-op. (i.e., does nothing).
> 
> If I'm correct, then I think having a default of zero is dangerous
> and should instead default to something useful and effective. Such
> as one year (in seconds) which is what many developers set/configure
> this value.  Otherwise, I think turning HSTS ON in Tomcat might be
> giving people a false sense of security because it really doesn't
> doing anything unless you also set MaxAge (which to me isn't
> intuitive that you should have to do that).
> 
> Do you agree with me that this is a problem that should be fixed?
> 
> 
> I agree that either a better default should be set or Tomcat should
> report this misconfiguration somehow to the user!

Generally I concur with what Chris said about the risks of HSTS. Given
the risks, I think the current default is appropriate.

I'd be happy with a log message at WARN level if Tomcat is started with
the HSTS enabled with the default value. I think we probably need add a
warning to the docs so the log message can refer to the user to the
documentation for information on appropriate values.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Fwd: Security concern about Tomcat's default value for HSTS MaxAge

2020-08-26 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dave,

On 8/25/20 14:05, Dave Wichers wrote:
> Per:
> https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Heade
r_Security_Filter
>
>
and
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_
Security_Filter
>
> they both say:
>
> hstsMaxAgeSeconds  - The max age value that should be used in the
> HSTS header. Negative values will be treated as zero. If not
> specified, the default value of 0 will be used.
>
> So, if a Tomcat user (like I did at first), configures
> hstsEnabled=true, the HSTS response header is set by Tomcat, but
> with a max age of zero (since that is the default).
>
> However, per the HSTS RFC:
> https://tools.ietf.org/html/rfc6797#section-6.1.1 it says:
>
> NOTE:  A max-age value of zero (i.e., "max-age=0") signals the UA
> to cease regarding the host as a Known HSTS Host, including the
> includeSubDomains directive (if asserted for that HSTS Host).
>
> I noticed this problem when I first enabled HSTS on my Tomcat dev
> instance, and then passively scanned my web app with OWASP ZAP
> (https://owasp.org/www-project-zap/). ZAP, correctly I believe,
> pointed out that enabling HSTS with a MaxAge of zero is effectively
> a no-op. (i.e., does nothing).

Correct.

> If I'm correct, then I think having a default of zero is dangerous
> and should instead default to something useful and effective.

I disagree.

> Such as one year (in seconds) which is what many developers
> set/configure this value.  Otherwise, I think turning HSTS ON in
> Tomcat might be giving people a false sense of security because it
> really doesn't doing anything unless you also set MaxAge (which to
> me isn't intuitive that you should have to do that).
>
> Do you agree with me that this is a problem that should be fixed?
Here's why I disagree: if you configure your server to reply with
HSTS=on with a meaningful expiration, then the browser is *going to
enforce it*. If you have not configured it correctly, or you are just
testing, you can basically lock your site out from all clients for
e.g. a year before they are willing to re-connect to you.

AFAIK, there is no recognized mitigation for "oops we enabled HSTS for
our site but actually we need parts of it to remain non-encrypted so
please please please forget we ever said anything about HSTS". If you
enable it and don't know what you are doing, you can SERIOUSLY fubar
your infrastructure.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9GlU0ACgkQHPApP6U8
pFgQfQ//XnGay5wOwEIixUb/8PoioJHNLZLgqwShePVRnAkgyzCxRl+yWDonC7pX
BcA4MwI5d/UcivGILor2VH5WXZYeI0e/zlneMT5P9hz9cBrUM4YTSx/wdUNA8a12
mznC7T9fRZiUrgCHhEcgJaAL+rrPXDSAMVq6vVZBhTQBPd0igLmqxf1I8vA2hc8p
Rk8oa6mb2YLSNvIjJAGqYaV1VIg4oMyNjowi5RmpFn/4h3Kk3rnPWY3kFlvi8t3W
JGM3l7tGU8aFxrdCEVO+ypsCCtNsRbGWFGCaETITAHwYVnXEwk9wZNnOA51sJeQE
aRyyo6KyJi7nqKEjlsXV2DBqCmjv8ToWv1INyZrGxJXNojThbeWhexKjrKu8FOXW
RZMnOc6BMfQPb8673lGjLoGzcyjlgLSRhUTNwHaIwTGV8a6nK5+E/GNPr+x00Wei
KumMnm/AB1haBLRPgX+A5elneOnedPweWE00KqH7uBOkUbHCquwOf/9YnmsJBji+
KGIXecNk5pC2bwZF17ULYoC25UEBePyDbJNV5wEOZGLL+ayUtNFhtCSYB30+AWJT
3CqbHb0oMsb9kGQkEqScklzOBRsmHxvDZ4JSswO3rmKEUY+yGWKUbpxdZu6s/HSj
DeaCEnqTByBocQDl8UWRruWwGXX7QC3Dk4z7CZdU1gLFAgMncm0=
=tfoo
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/26/20 11:19, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> markt pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit f1c4210470a268ec6830a95ab219f418a7e775fb Author: Mark Thomas
>  AuthorDate: Wed Aug 26 16:15:50 2020 +0100
>
> Update Commons DBCP to latest

It looks like, among other things, this includes the fix for
https://issues.apache.org/jira/browse/DBCP-559

If so: hooray!

Can you confirm?

Thanks,
- -chris

> --- MERGE.txt  |   2 +-
> .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 187
> +-
> .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
> .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  29 +++
> .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
> .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
> .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
> .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220
> +++--
> .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
> .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
> .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
> .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
> .../dbcp/dbcp2/managed/BasicManagedDataSource.java |   3 +-
> .../dbcp2/managed/LocalXAConnectionFactory.java|  21 +-
> webapps/docs/changelog.xml |   4 + 15 files
> changed, 323 insertions(+), 216 deletions(-)
>
> diff --git a/MERGE.txt b/MERGE.txt index 79fc82e..b8c152d 100644
> --- a/MERGE.txt +++ b/MERGE.txt @@ -69,4 +69,4 @@ Sub-tree
> src/main/java/org/apache/commons/dbcp2
> src/main/resources/org/apache/commons/dbcp2 The SHA1 ID / tag for
> the most recent commit to be merged to Tomcat is:
> -a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
> +6d232e547d5725e419832fc514fc0348aa897e7c (2020-08-11) diff --git
> a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
> b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java index
> 0293e9a..31faa61 100644 ---
> a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java +++
> b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java @@ -63,17
> +63,6 @@ import
> org.apache.tomcat.dbcp.pool2.impl.GenericObjectPoolConfig; */
> public class BasicDataSource implements DataSource,
> BasicDataSourceMXBean, MBeanRegistration, AutoCloseable {
>
> -/** - * @since 2.0 - */ -private class
> PaGetConnection implements PrivilegedExceptionAction {
> - -@Override -public Connection run() throws
> SQLException { -return
> createDataSource().getConnection(); -} -} - private
> static final Log log = LogFactory.getLog(BasicDataSource.class);
>
> static { @@ -220,6 +209,8 @@ public class BasicDataSource
> implements DataSource, BasicDataSourceMXBean, MBean */ private
> boolean poolPreparedStatements = false;
>
> +private boolean clearStatementPoolOnReturn = false; + /** *
>  * The maximum number of open statements that can be allocated
> from the statement pool at the same time, or negative @@ -402,7
> +393,7 @@ public class BasicDataSource implements DataSource,
> BasicDataSourceMXBean, MBean *  *  * Attempts to acquire
> connections using {@link #getConnection()} after this method has
> been invoked result in - * SQLExceptions. + *
> SQLExceptions.  To reopen a datasource that has been closed using
> this method, use {@link #start()}. *  *  * This method is
> idempotent - i.e., closing an already closed BasicDataSource has no
> effect and does not generate @@ -448,7 +439,7 @@ public class
> BasicDataSource implements DataSource, BasicDataSourceMXBean,
> MBean }
>
> /** - * Creates a JDBC connection factory for this datasource.
> The JDBC driver is loaded using the following algorithm: + *
> Creates a JDBC connection factory for this data source. The JDBC
> driver is loaded using the following algorithm: *  * If a
> Driver instance has been specified via {@link #setDriver(Driver)}
> use it * If no Driver instance was specified and {@link
> #driverClassName} is specified that class is loaded using the @@
> -471,6 +462,7 @@ public class BasicDataSource implements
> DataSource, BasicDataSourceMXBean, MBean return
> ConnectionFactoryFactory.createConnectionFactory(this,
> DriverFactory.createDriver(this)); }
>
> + /** * Creates a connection pool for this datasource. This method
> only exists so subclasses can replace the * implementation class.
> @@ -530,7 +522,6 @@ public class BasicDataSource implements
> DataSource, BasicDataSourceMXBean, MBean if (dataSource != null) {
> return dataSource; } - jmxRegister();
>
> // create factory which returns raw physical connections @@ -544,10
> +535,8 @@ public class BasicDataSource implements DataSource,
> BasicDataSourceMXBean, MBean
>

buildbot success in on tomcat-9-trunk

2020-08-26 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-9-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-9-trunk/builds/395

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9-commit' 
triggered this build
Build Source Stamp: [branch 9.0.x] 6c17d912913502eb4f92461e24e31dda80086aaa
Blamelist: Mark Thomas 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Next release

2020-08-26 Thread Filip Hanik 
On Wed, Aug 26, 2020 at 09:15 Mark Thomas  wrote:

> On 26/08/2020 17:12, Filip Hanik wrote:
>
> > Our cadence seems fairly predictable.
>
> >
>
> > Any thoughts on the timeline of the  on the next batch of releases?
>
>
>
> I skipped the August releases as I was away. I'm planning on the
>
> September releases as usual. I'd like to get Tomcat Native and Commons
>
> Daemon updates into those releases if possible.


Thanks, that sounds like a good plan. I’m reviewing the PRs too.

>
>
>
>
> Mark
>
>
>
> -
>
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
>
>

Re: Next release

2020-08-26 Thread Mark Thomas 
On 26/08/2020 17:12, Filip Hanik wrote:
> Our cadence seems fairly predictable. 
> 
> Any thoughts on the timeline of the  on the next batch of releases?

I skipped the August releases as I was away. I'm planning on the
September releases as usual. I'd like to get Tomcat Native and Commons
Daemon updates into those releases if possible.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Next release

2020-08-26 Thread Filip Hanik 
Our cadence seems fairly predictable.

Any thoughts on the timeline of the  on the next batch of releases?

Filip

[GitHub] [tomcat] tomchiverton opened a new pull request #345: Clarify where wildcards are allowed in Host and Alias directives

2020-08-26 Thread GitBox 


tomchiverton opened a new pull request #345:
URL: https://github.com/apache/tomcat/pull/345


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (82ef275 -> 27f81e4)

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 82ef275  Update Commons Pool to 2.8.1
 new b545a63  Update changelog
 new 27f81e4  Update Commons DBCP to latest

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 MERGE.txt  |   2 +-
 .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 166 +---
 .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  27 +++
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
 .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
 .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
 .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220 +++--
 .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
 .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
 .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
 .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
 webapps/docs/changelog.xml |   8 +
 13 files changed, 301 insertions(+), 195 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 27f81e4fe98725c85a9d0b8411a056b95dca9cd9
Author: Mark Thomas 
AuthorDate: Wed Aug 26 16:15:50 2020 +0100

Update Commons DBCP to latest
---
 MERGE.txt  |   2 +-
 .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 166 +---
 .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  27 +++
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
 .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
 .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
 .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220 +++--
 .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
 .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
 .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
 .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
 webapps/docs/changelog.xml |   4 +
 13 files changed, 297 insertions(+), 195 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 79fc82e..b8c152d 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -69,4 +69,4 @@ Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
 The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
+6d232e547d5725e419832fc514fc0348aa897e7c (2020-08-11)
diff --git a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java 
b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
index 0293e9a..70a052a 100644
--- a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
+++ b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
@@ -220,6 +220,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
  */
 private boolean poolPreparedStatements = false;
 
+private boolean clearStatementPoolOnReturn = false;
+
 /**
  * 
  * The maximum number of open statements that can be allocated from the 
statement pool at the same time, or negative
@@ -402,7 +404,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
  * 
  * 
  * Attempts to acquire connections using {@link #getConnection()} after 
this method has been invoked result in
- * SQLExceptions.
+ * SQLExceptions.  To reopen a datasource that has been closed using this 
method, use {@link #start()}.
  * 
  * 
  * This method is idempotent - i.e., closing an already closed 
BasicDataSource has no effect and does not generate
@@ -448,7 +450,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 }
 
 /**
- * Creates a JDBC connection factory for this datasource. The JDBC driver 
is loaded using the following algorithm:
+ * Creates a JDBC connection factory for this data source. The JDBC driver 
is loaded using the following algorithm:
  * 
  * If a Driver instance has been specified via {@link 
#setDriver(Driver)} use it
  * If no Driver instance was specified and {@link #driverClassName} is 
specified that class is loaded using the
@@ -471,6 +473,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 return ConnectionFactoryFactory.createConnectionFactory(this, 
DriverFactory.createDriver(this));
 }
 
+
 /**
  * Creates a connection pool for this datasource. This method only exists 
so subclasses can replace the
  * implementation class.
@@ -530,7 +533,6 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 if (dataSource != null) {
 return dataSource;
 }
-
 jmxRegister();
 
 // create factory which returns raw physical connections
@@ -544,10 +546,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 
poolableConnectionFactory.setPoolStatements(poolPreparedStatements);
 
poolableConnectionFactory.setMaxOpenPreparedStatements(maxOpenPreparedStatements);
 success = true;
-} catch (final SQLException se) {
+} catch (final SQLException | RuntimeException se) {
 throw se;
-} catch (final RuntimeException rte) {
-throw rte;
 } catch (final Exception ex) {
 throw new SQLException("Error creating connection factory", 
ex);
 }
@@ -564,10 +564,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 newDataSource = createDataSourceInstance();
 newDataSource.setLogWriter(logWriter);
 success = true;
-} catch (final SQLException se) {
+} catch

[tomcat] 01/02: Update changelog

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b545a630766eb9cbccee26601b5b54bfff764fc0
Author: Mark Thomas 
AuthorDate: Wed Aug 26 15:54:49 2020 +0100

Update changelog
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7b8172b..74f20b0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -184,6 +184,10 @@
 Update the internal fork of Apache Commons FileUpload to c25a4e3
 (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
   
+  
+Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up
+and improved abandoned pool handling. (markt)
+  
 
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 6c17d912913502eb4f92461e24e31dda80086aaa
Author: Mark Thomas 
AuthorDate: Wed Aug 26 16:15:50 2020 +0100

Update Commons DBCP to latest
---
 MERGE.txt  |   2 +-
 .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 187 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  29 +++
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
 .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
 .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
 .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220 +++--
 .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
 .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
 .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
 .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
 .../dbcp/dbcp2/managed/BasicManagedDataSource.java |   3 +-
 .../dbcp2/managed/LocalXAConnectionFactory.java|  21 +-
 webapps/docs/changelog.xml |   4 +
 15 files changed, 323 insertions(+), 216 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 79fc82e..b8c152d 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -69,4 +69,4 @@ Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
 The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
+6d232e547d5725e419832fc514fc0348aa897e7c (2020-08-11)
diff --git a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java 
b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
index 0293e9a..31faa61 100644
--- a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
+++ b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
@@ -63,17 +63,6 @@ import 
org.apache.tomcat.dbcp.pool2.impl.GenericObjectPoolConfig;
  */
 public class BasicDataSource implements DataSource, BasicDataSourceMXBean, 
MBeanRegistration, AutoCloseable {
 
-/**
- * @since 2.0
- */
-private class PaGetConnection implements 
PrivilegedExceptionAction {
-
-@Override
-public Connection run() throws SQLException {
-return createDataSource().getConnection();
-}
-}
-
 private static final Log log = LogFactory.getLog(BasicDataSource.class);
 
 static {
@@ -220,6 +209,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
  */
 private boolean poolPreparedStatements = false;
 
+private boolean clearStatementPoolOnReturn = false;
+
 /**
  * 
  * The maximum number of open statements that can be allocated from the 
statement pool at the same time, or negative
@@ -402,7 +393,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
  * 
  * 
  * Attempts to acquire connections using {@link #getConnection()} after 
this method has been invoked result in
- * SQLExceptions.
+ * SQLExceptions.  To reopen a datasource that has been closed using this 
method, use {@link #start()}.
  * 
  * 
  * This method is idempotent - i.e., closing an already closed 
BasicDataSource has no effect and does not generate
@@ -448,7 +439,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 }
 
 /**
- * Creates a JDBC connection factory for this datasource. The JDBC driver 
is loaded using the following algorithm:
+ * Creates a JDBC connection factory for this data source. The JDBC driver 
is loaded using the following algorithm:
  * 
  * If a Driver instance has been specified via {@link 
#setDriver(Driver)} use it
  * If no Driver instance was specified and {@link #driverClassName} is 
specified that class is loaded using the
@@ -471,6 +462,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 return ConnectionFactoryFactory.createConnectionFactory(this, 
DriverFactory.createDriver(this));
 }
 
+
 /**
  * Creates a connection pool for this datasource. This method only exists 
so subclasses can replace the
  * implementation class.
@@ -530,7 +522,6 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 if (dataSource != null) {
 return dataSource;
 }
-
 jmxRegister();
 
 // create factory which returns raw physical connections
@@ -544,10 +535,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 
poolableConnectionFactory.setPoolStatements(poolPreparedStatements);
 
poolableConnectionFactory.setMaxOpenPreparedStatements(maxOpenPreparedStatements);
 success = true;

[tomcat] 01/02: Update changelog

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0c98f85816a8e210a88f3b3ef78fa7a0293395f9
Author: Mark Thomas 
AuthorDate: Wed Aug 26 15:54:49 2020 +0100

Update changelog
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1086838..0558539 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -206,6 +206,10 @@
 Update the internal fork of Apache Commons FileUpload to c25a4e3
 (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
   
+  
+Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up
+and improved abandoned pool handling. (markt)
+  
 
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (c4e35de -> 6c17d91)

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from c4e35de  Update Commons Pool to 2.8.1
 new 0c98f85  Update changelog
 new 6c17d91  Update Commons DBCP to latest

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 MERGE.txt  |   2 +-
 .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 187 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  29 +++
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
 .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
 .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
 .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220 +++--
 .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
 .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
 .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
 .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
 .../dbcp/dbcp2/managed/BasicManagedDataSource.java |   3 +-
 .../dbcp2/managed/LocalXAConnectionFactory.java|  21 +-
 webapps/docs/changelog.xml |   8 +
 15 files changed, 327 insertions(+), 216 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (253283a -> f1c4210)

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 253283a  Update Commons Pool to 2.8.1
 new 8e745f8  Update changelog
 new f1c4210  Update Commons DBCP to latest

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 MERGE.txt  |   2 +-
 .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 187 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  29 +++
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
 .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
 .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
 .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220 +++--
 .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
 .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
 .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
 .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
 .../dbcp/dbcp2/managed/BasicManagedDataSource.java |   3 +-
 .../dbcp2/managed/LocalXAConnectionFactory.java|  21 +-
 webapps/docs/changelog.xml |   8 +
 15 files changed, 327 insertions(+), 216 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Update Commons DBCP to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f1c4210470a268ec6830a95ab219f418a7e775fb
Author: Mark Thomas 
AuthorDate: Wed Aug 26 16:15:50 2020 +0100

Update Commons DBCP to latest
---
 MERGE.txt  |   2 +-
 .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java  | 187 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java  |  11 +-
 .../tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java   |  29 +++
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|   4 +-
 .../tomcat/dbcp/dbcp2/PoolableConnection.java  |   3 +
 .../dbcp/dbcp2/PoolableConnectionFactory.java  |  14 ++
 .../tomcat/dbcp/dbcp2/PoolingConnection.java   | 220 +++--
 .../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java  |  28 +--
 .../dbcp2/datasources/CPDSConnectionFactory.java   |   3 +-
 .../dbcp2/datasources/InstanceKeyDataSource.java   |   8 +-
 .../dbcp/dbcp2/datasources/package-info.java   |   2 +-
 .../dbcp/dbcp2/managed/BasicManagedDataSource.java |   3 +-
 .../dbcp2/managed/LocalXAConnectionFactory.java|  21 +-
 webapps/docs/changelog.xml |   4 +
 15 files changed, 323 insertions(+), 216 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 79fc82e..b8c152d 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -69,4 +69,4 @@ Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
 The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
+6d232e547d5725e419832fc514fc0348aa897e7c (2020-08-11)
diff --git a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java 
b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
index 0293e9a..31faa61 100644
--- a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
+++ b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
@@ -63,17 +63,6 @@ import 
org.apache.tomcat.dbcp.pool2.impl.GenericObjectPoolConfig;
  */
 public class BasicDataSource implements DataSource, BasicDataSourceMXBean, 
MBeanRegistration, AutoCloseable {
 
-/**
- * @since 2.0
- */
-private class PaGetConnection implements 
PrivilegedExceptionAction {
-
-@Override
-public Connection run() throws SQLException {
-return createDataSource().getConnection();
-}
-}
-
 private static final Log log = LogFactory.getLog(BasicDataSource.class);
 
 static {
@@ -220,6 +209,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
  */
 private boolean poolPreparedStatements = false;
 
+private boolean clearStatementPoolOnReturn = false;
+
 /**
  * 
  * The maximum number of open statements that can be allocated from the 
statement pool at the same time, or negative
@@ -402,7 +393,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
  * 
  * 
  * Attempts to acquire connections using {@link #getConnection()} after 
this method has been invoked result in
- * SQLExceptions.
+ * SQLExceptions.  To reopen a datasource that has been closed using this 
method, use {@link #start()}.
  * 
  * 
  * This method is idempotent - i.e., closing an already closed 
BasicDataSource has no effect and does not generate
@@ -448,7 +439,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 }
 
 /**
- * Creates a JDBC connection factory for this datasource. The JDBC driver 
is loaded using the following algorithm:
+ * Creates a JDBC connection factory for this data source. The JDBC driver 
is loaded using the following algorithm:
  * 
  * If a Driver instance has been specified via {@link 
#setDriver(Driver)} use it
  * If no Driver instance was specified and {@link #driverClassName} is 
specified that class is loaded using the
@@ -471,6 +462,7 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 return ConnectionFactoryFactory.createConnectionFactory(this, 
DriverFactory.createDriver(this));
 }
 
+
 /**
  * Creates a connection pool for this datasource. This method only exists 
so subclasses can replace the
  * implementation class.
@@ -530,7 +522,6 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 if (dataSource != null) {
 return dataSource;
 }
-
 jmxRegister();
 
 // create factory which returns raw physical connections
@@ -544,10 +535,8 @@ public class BasicDataSource implements DataSource, 
BasicDataSourceMXBean, MBean
 
poolableConnectionFactory.setPoolStatements(poolPreparedStatements);
 
poolableConnectionFactory.setMaxOpenPreparedStatements(maxOpenPreparedStatements);
 success = true;

[tomcat] 01/02: Update changelog

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 8e745f8f24e9825e22c0f2529fc5514f9172bf78
Author: Mark Thomas 
AuthorDate: Wed Aug 26 15:54:49 2020 +0100

Update changelog
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bac2c21..0d64135 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -215,6 +215,10 @@
 Update the internal fork of Apache Commons FileUpload to c25a4e3
 (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
   
+  
+Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up
+and improved abandoned pool handling. (markt)
+  
 
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-9-trunk

2020-08-26 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-9-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-9-trunk/builds/394

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9-commit' 
triggered this build
Build Source Stamp: [branch 9.0.x] c4e35de7639e846fa7344bb0b11cc57897cdff2d
Blamelist: Mark Thomas 

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Update Commons Pool to 2.8.1

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 82ef275  Update Commons Pool to 2.8.1
82ef275 is described below

commit 82ef2758388fcc30f3378aae747974c2cddcce3b
Author: Mark Thomas 
AuthorDate: Wed Aug 26 14:09:38 2020 +0100

Update Commons Pool to 2.8.1
---
 MERGE.txt  |  10 +-
 .../dbcp/pool2/BaseKeyedPooledObjectFactory.java   |   4 +-
 .../apache/tomcat/dbcp/pool2/BaseObjectPool.java   |   8 +-
 .../tomcat/dbcp/pool2/BasePooledObjectFactory.java |   2 +-
 .../apache/tomcat/dbcp/pool2/KeyedObjectPool.java  |  44 ++---
 .../dbcp/pool2/KeyedPooledObjectFactory.java   |  16 +-
 java/org/apache/tomcat/dbcp/pool2/ObjectPool.java  |  10 +-
 java/org/apache/tomcat/dbcp/pool2/PoolUtils.java   |  55 +++---
 .../org/apache/tomcat/dbcp/pool2/PooledObject.java |   4 +-
 .../tomcat/dbcp/pool2/PooledObjectFactory.java |  12 +-
 .../tomcat/dbcp/pool2/impl/AbandonedConfig.java|  10 +-
 .../dbcp/pool2/impl/BaseGenericObjectPool.java | 213 -
 .../dbcp/pool2/impl/BaseObjectPoolConfig.java  |   6 +-
 .../tomcat/dbcp/pool2/impl/CallStackUtils.java |   6 +-
 .../dbcp/pool2/impl/DefaultPooledObject.java   |   4 +-
 .../pool2/impl/DefaultPooledObjectInfoMBean.java   |   6 +-
 .../tomcat/dbcp/pool2/impl/EvictionPolicy.java |   4 +-
 .../tomcat/dbcp/pool2/impl/EvictionTimer.java  | 118 ++--
 .../dbcp/pool2/impl/GenericKeyedObjectPool.java|  40 ++--
 .../tomcat/dbcp/pool2/impl/GenericObjectPool.java  |  24 +--
 .../dbcp/pool2/impl/LinkedBlockingDeque.java   |  33 +---
 .../dbcp/pool2/impl/SoftReferenceObjectPool.java   |  16 +-
 22 files changed, 376 insertions(+), 269 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 088393b..79fc82e 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -42,7 +42,7 @@ Codec
 -
 Sub-tree:
 src/main/java/org/apache/commons/codec
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 53c93d0ffccb65d182306c74d1230ce814889dc1 (2020-08-18)
 Note: Only classes required for Base64 encoding/decoding. The rest are removed.
 
@@ -50,7 +50,7 @@ FileUpload
 --
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 c25a4e33553a5f098ab6065a54e1ae7985025d26 (2020-08-26)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
@@ -61,12 +61,12 @@ DBCP
 Pool2
 Sub-tree
 src/main/java/org/apache/commons/pool2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-6092f924b36061353ff92b18c88400ab3bc05327 (2019-12-06)
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
+rel/commons-pool-2.8.1
 
 DBCP2
 Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
diff --git 
a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
index dfbc5a9..b0f0c34 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
@@ -17,7 +17,7 @@
 package org.apache.tomcat.dbcp.pool2;
 
 /**
- * A base implementation of KeyedPooledObjectFactory.
+ * A base implementation of {@code KeyedPooledObjectFactory}.
  * 
  * All operations defined here are essentially no-op's.
  * 
@@ -85,7 +85,7 @@ public abstract class BaseKeyedPooledObjectFactory 
extends BaseObject
  *
  * @param key the key used when selecting the object
  * @param p a {@code PooledObject} wrapping the instance to be validated
- * @return always true in the default implementation
+ * @return always {@code true} in the default implementation
  */
 @Override
 public boolean validateObject(final K key, final PooledObject p) {
diff --git a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
index 96d3c00..da49173 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
@@ -102,8 +102,8 @@ public abstract class BaseObjectPool extends BaseObject 
implements ObjectPool
 /**
  * {@inheritDoc}
  * 
- * This affects the behavior of isClosed and
- * assertOpen.
+ * This affects the behavior of {@code isClosed} and
+ * {@code assertOpen}.
  * 
  */
 @Override
@@ -114,14 +114,14 @@ public

[tomcat] branch 9.0.x updated: Update Commons Pool to 2.8.1

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new c4e35de  Update Commons Pool to 2.8.1
c4e35de is described below

commit c4e35de7639e846fa7344bb0b11cc57897cdff2d
Author: Mark Thomas 
AuthorDate: Wed Aug 26 14:09:38 2020 +0100

Update Commons Pool to 2.8.1
---
 MERGE.txt  |  10 +-
 .../dbcp/pool2/BaseKeyedPooledObjectFactory.java   |   4 +-
 .../apache/tomcat/dbcp/pool2/BaseObjectPool.java   |   8 +-
 .../tomcat/dbcp/pool2/BasePooledObjectFactory.java |   2 +-
 .../apache/tomcat/dbcp/pool2/KeyedObjectPool.java  |  44 ++---
 .../dbcp/pool2/KeyedPooledObjectFactory.java   |  16 +-
 java/org/apache/tomcat/dbcp/pool2/ObjectPool.java  |  10 +-
 java/org/apache/tomcat/dbcp/pool2/PoolUtils.java   |  70 ---
 .../org/apache/tomcat/dbcp/pool2/PooledObject.java |   4 +-
 .../tomcat/dbcp/pool2/PooledObjectFactory.java |  12 +-
 .../tomcat/dbcp/pool2/impl/AbandonedConfig.java|  10 +-
 .../dbcp/pool2/impl/BaseGenericObjectPool.java | 213 -
 .../dbcp/pool2/impl/BaseObjectPoolConfig.java  |   6 +-
 .../tomcat/dbcp/pool2/impl/CallStackUtils.java |   6 +-
 .../dbcp/pool2/impl/DefaultPooledObject.java   |   4 +-
 .../pool2/impl/DefaultPooledObjectInfoMBean.java   |   6 +-
 .../tomcat/dbcp/pool2/impl/EvictionPolicy.java |   4 +-
 .../tomcat/dbcp/pool2/impl/EvictionTimer.java  | 118 ++--
 .../dbcp/pool2/impl/GenericKeyedObjectPool.java|  40 ++--
 .../tomcat/dbcp/pool2/impl/GenericObjectPool.java  |  24 +--
 .../dbcp/pool2/impl/LinkedBlockingDeque.java   |  33 +---
 .../dbcp/pool2/impl/SecurityManagerCallStack.java  |   2 +-
 .../dbcp/pool2/impl/SoftReferenceObjectPool.java   |  16 +-
 23 files changed, 392 insertions(+), 270 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 088393b..79fc82e 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -42,7 +42,7 @@ Codec
 -
 Sub-tree:
 src/main/java/org/apache/commons/codec
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 53c93d0ffccb65d182306c74d1230ce814889dc1 (2020-08-18)
 Note: Only classes required for Base64 encoding/decoding. The rest are removed.
 
@@ -50,7 +50,7 @@ FileUpload
 --
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 c25a4e33553a5f098ab6065a54e1ae7985025d26 (2020-08-26)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
@@ -61,12 +61,12 @@ DBCP
 Pool2
 Sub-tree
 src/main/java/org/apache/commons/pool2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-6092f924b36061353ff92b18c88400ab3bc05327 (2019-12-06)
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
+rel/commons-pool-2.8.1
 
 DBCP2
 Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
diff --git 
a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
index dfbc5a9..b0f0c34 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
@@ -17,7 +17,7 @@
 package org.apache.tomcat.dbcp.pool2;
 
 /**
- * A base implementation of KeyedPooledObjectFactory.
+ * A base implementation of {@code KeyedPooledObjectFactory}.
  * 
  * All operations defined here are essentially no-op's.
  * 
@@ -85,7 +85,7 @@ public abstract class BaseKeyedPooledObjectFactory 
extends BaseObject
  *
  * @param key the key used when selecting the object
  * @param p a {@code PooledObject} wrapping the instance to be validated
- * @return always true in the default implementation
+ * @return always {@code true} in the default implementation
  */
 @Override
 public boolean validateObject(final K key, final PooledObject p) {
diff --git a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
index df23b12..d17b494 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
@@ -85,8 +85,8 @@ public abstract class BaseObjectPool extends BaseObject 
implements ObjectPool
 /**
  * {@inheritDoc}
  * 
- * This affects the behavior of isClosed and
- * assertOpen.
+ * This affects the behavior of {@code isClosed} and
+ * {@code assertOpen}.

[tomcat] branch master updated: Update Commons Pool to 2.8.1

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 253283a  Update Commons Pool to 2.8.1
253283a is described below

commit 253283a5927a449bb10ba4396b8eb41680b78132
Author: Mark Thomas 
AuthorDate: Wed Aug 26 14:09:38 2020 +0100

Update Commons Pool to 2.8.1
---
 MERGE.txt  |  10 +-
 .../dbcp/pool2/BaseKeyedPooledObjectFactory.java   |   4 +-
 .../apache/tomcat/dbcp/pool2/BaseObjectPool.java   |   8 +-
 .../tomcat/dbcp/pool2/BasePooledObjectFactory.java |   2 +-
 .../apache/tomcat/dbcp/pool2/KeyedObjectPool.java  |  44 ++---
 .../dbcp/pool2/KeyedPooledObjectFactory.java   |  16 +-
 java/org/apache/tomcat/dbcp/pool2/ObjectPool.java  |  10 +-
 java/org/apache/tomcat/dbcp/pool2/PoolUtils.java   |  70 ---
 .../org/apache/tomcat/dbcp/pool2/PooledObject.java |   4 +-
 .../tomcat/dbcp/pool2/PooledObjectFactory.java |  12 +-
 .../tomcat/dbcp/pool2/impl/AbandonedConfig.java|  10 +-
 .../dbcp/pool2/impl/BaseGenericObjectPool.java | 213 -
 .../dbcp/pool2/impl/BaseObjectPoolConfig.java  |   6 +-
 .../tomcat/dbcp/pool2/impl/CallStackUtils.java |   6 +-
 .../dbcp/pool2/impl/DefaultPooledObject.java   |   4 +-
 .../pool2/impl/DefaultPooledObjectInfoMBean.java   |   6 +-
 .../tomcat/dbcp/pool2/impl/EvictionPolicy.java |   4 +-
 .../tomcat/dbcp/pool2/impl/EvictionTimer.java  | 118 ++--
 .../dbcp/pool2/impl/GenericKeyedObjectPool.java|  40 ++--
 .../tomcat/dbcp/pool2/impl/GenericObjectPool.java  |  24 +--
 .../dbcp/pool2/impl/LinkedBlockingDeque.java   |  33 +---
 .../dbcp/pool2/impl/SecurityManagerCallStack.java  |   2 +-
 .../dbcp/pool2/impl/SoftReferenceObjectPool.java   |  16 +-
 23 files changed, 392 insertions(+), 270 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 088393b..79fc82e 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -42,7 +42,7 @@ Codec
 -
 Sub-tree:
 src/main/java/org/apache/commons/codec
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 53c93d0ffccb65d182306c74d1230ce814889dc1 (2020-08-18)
 Note: Only classes required for Base64 encoding/decoding. The rest are removed.
 
@@ -50,7 +50,7 @@ FileUpload
 --
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 c25a4e33553a5f098ab6065a54e1ae7985025d26 (2020-08-26)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
@@ -61,12 +61,12 @@ DBCP
 Pool2
 Sub-tree
 src/main/java/org/apache/commons/pool2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-6092f924b36061353ff92b18c88400ab3bc05327 (2019-12-06)
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
+rel/commons-pool-2.8.1
 
 DBCP2
 Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
diff --git 
a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
index dfbc5a9..b0f0c34 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
@@ -17,7 +17,7 @@
 package org.apache.tomcat.dbcp.pool2;
 
 /**
- * A base implementation of KeyedPooledObjectFactory.
+ * A base implementation of {@code KeyedPooledObjectFactory}.
  * 
  * All operations defined here are essentially no-op's.
  * 
@@ -85,7 +85,7 @@ public abstract class BaseKeyedPooledObjectFactory 
extends BaseObject
  *
  * @param key the key used when selecting the object
  * @param p a {@code PooledObject} wrapping the instance to be validated
- * @return always true in the default implementation
+ * @return always {@code true} in the default implementation
  */
 @Override
 public boolean validateObject(final K key, final PooledObject p) {
diff --git a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
index df23b12..d17b494 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
@@ -85,8 +85,8 @@ public abstract class BaseObjectPool extends BaseObject 
implements ObjectPool
 /**
  * {@inheritDoc}
  * 
- * This affects the behavior of isClosed and
- * assertOpen.
+ * This affects the behavior of {@code isClosed} and
+ * {@code assertOpen}.

buildbot success in on tomcat-trunk

2020-08-26 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5378

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch master] 38cc9148a9e0614330a71d247bd97ffdf523797f
Blamelist: Mark Thomas 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Update Commons FileUpload to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 49204dc  Update Commons FileUpload to latest
49204dc is described below

commit 49204dcd10ad07612e89f47a4cd446e6db9e5166
Author: Mark Thomas 
AuthorDate: Wed Aug 26 11:27:45 2020 +0100

Update Commons FileUpload to latest
---
 .../tomcat/util/http/fileupload/FileItem.java  |  30 ++---
 .../util/http/fileupload/FileItemFactory.java  |   4 +-
 .../util/http/fileupload/FileItemHeaders.java  |  28 ++---
 .../util/http/fileupload/FileItemStream.java   |  12 +-
 .../tomcat/util/http/fileupload/FileUpload.java|   6 +-
 .../util/http/fileupload/FileUploadBase.java   |  61 +-
 .../util/http/fileupload/FileUploadException.java  |  34 +-
 .../util/http/fileupload/MultipartStream.java  |  96 +++
 .../util/http/fileupload/ParameterParser.java  |   8 +-
 .../util/http/fileupload/disk/DiskFileItem.java|  46 +++
 .../http/fileupload/disk/DiskFileItemFactory.java  |   8 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java |  14 +--
 .../http/fileupload/impl/FileItemStreamImpl.java   |   8 +-
 .../impl/FileSizeLimitExceededException.java   |   2 +-
 .../fileupload/impl/FileUploadIOException.java |   2 +-
 .../impl/InvalidContentTypeException.java  |   6 +-
 .../impl/SizeLimitExceededException.java   |   2 +-
 .../tomcat/util/http/fileupload/package-info.java  |   2 +-
 .../http/fileupload/servlet/ServletFileUpload.java |  18 +--
 .../util/http/fileupload/servlet/package-info.java |   2 +-
 .../http/fileupload/util/FileItemHeadersImpl.java  |   8 +-
 .../http/fileupload/util/LimitedInputStream.java   |  32 ++---
 .../tomcat/util/http/fileupload/util/Streams.java  |   9 +-
 .../http/fileupload/util/mime/RFC2231Utility.java  | 133 +
 webapps/docs/changelog.xml |   4 +
 25 files changed, 368 insertions(+), 207 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/fileupload/FileItem.java 
b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
index b69a51e..b7bdb55 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileItem.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
@@ -24,7 +24,7 @@ import java.io.UnsupportedEncodingException;
 
 /**
  *  This class represents a file or form item that was received within a
- * multipart/form-data POST request.
+ * {@code multipart/form-data} POST request.
  *
  *  After retrieving an instance of this class from a {@link
  * org.apache.tomcat.util.http.fileupload.FileUpload FileUpload} instance (see
@@ -36,11 +36,11 @@ import java.io.UnsupportedEncodingException;
  * it into memory, which may come handy with large files.
  *
  *  While this interface does not extend
- * javax.activation.DataSource per se (to avoid a seldom used
+ * {@code javax.activation.DataSource} per se (to avoid a seldom used
  * dependency), several of the defined methods are specifically defined with
  * the same signatures as methods in that interface. This allows an
  * implementation of this interface to also implement
- * javax.activation.DataSource with minimal additional work.
+ * {@code javax.activation.DataSource} with minimal additional work.
  *
  * @since 1.3 additionally implements FileItemHeadersSupport
  */
@@ -60,10 +60,10 @@ public interface FileItem extends FileItemHeadersSupport {
 InputStream getInputStream() throws IOException;
 
 /**
- * Returns the content type passed by the browser or null if
+ * Returns the content type passed by the browser or {@code null} if
  * not defined.
  *
- * @return The content type passed by the browser or null if
+ * @return The content type passed by the browser or {@code null} if
  * not defined.
  */
 String getContentType();
@@ -88,8 +88,8 @@ public interface FileItem extends FileItemHeadersSupport {
  * Provides a hint as to whether or not the file contents will be read
  * from memory.
  *
- * @return true if the file contents will be read from memory;
- * false otherwise.
+ * @return {@code true} if the file contents will be read from memory;
+ * {@code false} otherwise.
  */
 boolean isInMemory();
 
@@ -141,7 +141,7 @@ public interface FileItem extends FileItemHeadersSupport {
  * example, file renaming, where possible, rather than copying all of the
  * underlying data, thus gaining a significant performance benefit.
  *
- * @param file The File into which the uploaded item should
+ * @param file The {@code File} into which the uploaded item should
  * be stored.
  *
  * @throws Exception if an error occurs.
@@ -151,7 +151,7 @@ public interface FileItem extends FileItemHeadersSupport {

[tomcat] branch 9.0.x updated: Update Commons FileUpload to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 6657f91  Update Commons FileUpload to latest
6657f91 is described below

commit 6657f91cea0abcb21063c1a21117b7b0ad6e8049
Author: Mark Thomas 
AuthorDate: Wed Aug 26 11:27:45 2020 +0100

Update Commons FileUpload to latest
---
 MERGE.txt  |   2 +-
 .../tomcat/util/http/fileupload/FileItem.java  |  30 ++---
 .../util/http/fileupload/FileItemFactory.java  |   4 +-
 .../util/http/fileupload/FileItemHeaders.java  |  28 ++---
 .../util/http/fileupload/FileItemStream.java   |  12 +-
 .../tomcat/util/http/fileupload/FileUpload.java|   6 +-
 .../util/http/fileupload/FileUploadBase.java   |  63 +-
 .../util/http/fileupload/FileUploadException.java  |  34 +-
 .../util/http/fileupload/MultipartStream.java  |  96 +++
 .../util/http/fileupload/ParameterParser.java  |   8 +-
 .../util/http/fileupload/disk/DiskFileItem.java|  46 +++
 .../http/fileupload/disk/DiskFileItemFactory.java  |   8 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java |  18 ++-
 .../http/fileupload/impl/FileItemStreamImpl.java   |   8 +-
 .../impl/FileSizeLimitExceededException.java   |   2 +-
 .../fileupload/impl/FileUploadIOException.java |   2 +-
 .../impl/InvalidContentTypeException.java  |   6 +-
 .../impl/SizeLimitExceededException.java   |   2 +-
 .../tomcat/util/http/fileupload/package-info.java  |   2 +-
 .../http/fileupload/servlet/ServletFileUpload.java |  18 +--
 .../util/http/fileupload/servlet/package-info.java |   2 +-
 .../http/fileupload/util/FileItemHeadersImpl.java  |   8 +-
 .../http/fileupload/util/LimitedInputStream.java   |  32 ++---
 .../tomcat/util/http/fileupload/util/Streams.java  |   9 +-
 .../http/fileupload/util/mime/RFC2231Utility.java  | 133 +
 webapps/docs/changelog.xml |   4 +
 26 files changed, 370 insertions(+), 213 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index fd084e5..088393b 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-2317552993fd5180a84083d599b8cbdb05a07bab (2019-12-06)
+c25a4e33553a5f098ab6065a54e1ae7985025d26 (2020-08-26)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
   Commons IO.
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileItem.java 
b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
index b69a51e..b7bdb55 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileItem.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
@@ -24,7 +24,7 @@ import java.io.UnsupportedEncodingException;
 
 /**
  *  This class represents a file or form item that was received within a
- * multipart/form-data POST request.
+ * {@code multipart/form-data} POST request.
  *
  *  After retrieving an instance of this class from a {@link
  * org.apache.tomcat.util.http.fileupload.FileUpload FileUpload} instance (see
@@ -36,11 +36,11 @@ import java.io.UnsupportedEncodingException;
  * it into memory, which may come handy with large files.
  *
  *  While this interface does not extend
- * javax.activation.DataSource per se (to avoid a seldom used
+ * {@code javax.activation.DataSource} per se (to avoid a seldom used
  * dependency), several of the defined methods are specifically defined with
  * the same signatures as methods in that interface. This allows an
  * implementation of this interface to also implement
- * javax.activation.DataSource with minimal additional work.
+ * {@code javax.activation.DataSource} with minimal additional work.
  *
  * @since 1.3 additionally implements FileItemHeadersSupport
  */
@@ -60,10 +60,10 @@ public interface FileItem extends FileItemHeadersSupport {
 InputStream getInputStream() throws IOException;
 
 /**
- * Returns the content type passed by the browser or null if
+ * Returns the content type passed by the browser or {@code null} if
  * not defined.
  *
- * @return The content type passed by the browser or null if
+ * @return The content type passed by the browser or {@code null} if
  * not defined.
  */
 String getContentType();
@@ -88,8 +88,8 @@ public interface FileItem extends FileItemHeadersSupport {
  * Provides a hint as to whether or not the file contents will be read
  * from memory.
  *
- * @return true if the file contents will be read from memory;
- * false otherwise.
+ * @return {@code true} if the file contents will be read from memory;
+ * {@code false} otherwise.
  */
 boolean isInMemory();
 
@@ -141,7 +141,7 @@ public

[tomcat] branch 8.5.x updated: Update Commons FileUpload to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 73507d4  Update Commons FileUpload to latest
73507d4 is described below

commit 73507d4e5a3807cf79758b38551132348b6cd540
Author: Mark Thomas 
AuthorDate: Wed Aug 26 11:27:45 2020 +0100

Update Commons FileUpload to latest
---
 MERGE.txt  |   2 +-
 .../tomcat/util/http/fileupload/FileItem.java  |  30 ++---
 .../util/http/fileupload/FileItemFactory.java  |   4 +-
 .../util/http/fileupload/FileItemHeaders.java  |  28 ++---
 .../util/http/fileupload/FileItemStream.java   |  12 +-
 .../tomcat/util/http/fileupload/FileUpload.java|   6 +-
 .../util/http/fileupload/FileUploadBase.java   |  63 +-
 .../util/http/fileupload/FileUploadException.java  |  34 +-
 .../util/http/fileupload/MultipartStream.java  |  96 +++
 .../util/http/fileupload/ParameterParser.java  |   8 +-
 .../util/http/fileupload/disk/DiskFileItem.java|  46 +++
 .../http/fileupload/disk/DiskFileItemFactory.java  |   8 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java |  18 ++-
 .../http/fileupload/impl/FileItemStreamImpl.java   |   8 +-
 .../impl/FileSizeLimitExceededException.java   |   2 +-
 .../fileupload/impl/FileUploadIOException.java |   2 +-
 .../impl/InvalidContentTypeException.java  |   6 +-
 .../impl/SizeLimitExceededException.java   |   2 +-
 .../tomcat/util/http/fileupload/package-info.java  |   2 +-
 .../http/fileupload/servlet/ServletFileUpload.java |  18 +--
 .../util/http/fileupload/servlet/package-info.java |   2 +-
 .../http/fileupload/util/FileItemHeadersImpl.java  |   8 +-
 .../http/fileupload/util/LimitedInputStream.java   |  32 ++---
 .../tomcat/util/http/fileupload/util/Streams.java  |   9 +-
 .../http/fileupload/util/mime/RFC2231Utility.java  | 133 +
 webapps/docs/changelog.xml |   4 +
 26 files changed, 370 insertions(+), 213 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index fd084e5..088393b 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-2317552993fd5180a84083d599b8cbdb05a07bab (2019-12-06)
+c25a4e33553a5f098ab6065a54e1ae7985025d26 (2020-08-26)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
   Commons IO.
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileItem.java 
b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
index b69a51e..b7bdb55 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileItem.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
@@ -24,7 +24,7 @@ import java.io.UnsupportedEncodingException;
 
 /**
  *  This class represents a file or form item that was received within a
- * multipart/form-data POST request.
+ * {@code multipart/form-data} POST request.
  *
  *  After retrieving an instance of this class from a {@link
  * org.apache.tomcat.util.http.fileupload.FileUpload FileUpload} instance (see
@@ -36,11 +36,11 @@ import java.io.UnsupportedEncodingException;
  * it into memory, which may come handy with large files.
  *
  *  While this interface does not extend
- * javax.activation.DataSource per se (to avoid a seldom used
+ * {@code javax.activation.DataSource} per se (to avoid a seldom used
  * dependency), several of the defined methods are specifically defined with
  * the same signatures as methods in that interface. This allows an
  * implementation of this interface to also implement
- * javax.activation.DataSource with minimal additional work.
+ * {@code javax.activation.DataSource} with minimal additional work.
  *
  * @since 1.3 additionally implements FileItemHeadersSupport
  */
@@ -60,10 +60,10 @@ public interface FileItem extends FileItemHeadersSupport {
 InputStream getInputStream() throws IOException;
 
 /**
- * Returns the content type passed by the browser or null if
+ * Returns the content type passed by the browser or {@code null} if
  * not defined.
  *
- * @return The content type passed by the browser or null if
+ * @return The content type passed by the browser or {@code null} if
  * not defined.
  */
 String getContentType();
@@ -88,8 +88,8 @@ public interface FileItem extends FileItemHeadersSupport {
  * Provides a hint as to whether or not the file contents will be read
  * from memory.
  *
- * @return true if the file contents will be read from memory;
- * false otherwise.
+ * @return {@code true} if the file contents will be read from memory;
+ * {@code false} otherwise.
  */
 boolean isInMemory();
 
@@ -141,7 +141,7 @@ public

[tomcat] branch master updated: Update Commons FileUpload to latest

2020-08-26 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 38cc914  Update Commons FileUpload to latest
38cc914 is described below

commit 38cc9148a9e0614330a71d247bd97ffdf523797f
Author: Mark Thomas 
AuthorDate: Wed Aug 26 11:27:45 2020 +0100

Update Commons FileUpload to latest
---
 MERGE.txt  |   2 +-
 .../tomcat/util/http/fileupload/FileItem.java  |  30 ++---
 .../util/http/fileupload/FileItemFactory.java  |   4 +-
 .../util/http/fileupload/FileItemHeaders.java  |  28 ++---
 .../util/http/fileupload/FileItemStream.java   |  12 +-
 .../tomcat/util/http/fileupload/FileUpload.java|   6 +-
 .../util/http/fileupload/FileUploadBase.java   |  63 +-
 .../util/http/fileupload/FileUploadException.java  |  34 +-
 .../util/http/fileupload/MultipartStream.java  |  96 +++
 .../util/http/fileupload/ParameterParser.java  |   8 +-
 .../util/http/fileupload/disk/DiskFileItem.java|  46 +++
 .../http/fileupload/disk/DiskFileItemFactory.java  |   8 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java |  18 ++-
 .../http/fileupload/impl/FileItemStreamImpl.java   |   8 +-
 .../impl/FileSizeLimitExceededException.java   |   2 +-
 .../fileupload/impl/FileUploadIOException.java |   2 +-
 .../impl/InvalidContentTypeException.java  |   6 +-
 .../impl/SizeLimitExceededException.java   |   2 +-
 .../tomcat/util/http/fileupload/package-info.java  |   2 +-
 .../http/fileupload/servlet/ServletFileUpload.java |  18 +--
 .../util/http/fileupload/servlet/package-info.java |   2 +-
 .../http/fileupload/util/FileItemHeadersImpl.java  |   8 +-
 .../http/fileupload/util/LimitedInputStream.java   |  32 ++---
 .../tomcat/util/http/fileupload/util/Streams.java  |   9 +-
 .../http/fileupload/util/mime/RFC2231Utility.java  | 133 +
 webapps/docs/changelog.xml |   4 +
 26 files changed, 370 insertions(+), 213 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index fd084e5..088393b 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-2317552993fd5180a84083d599b8cbdb05a07bab (2019-12-06)
+c25a4e33553a5f098ab6065a54e1ae7985025d26 (2020-08-26)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
   Commons IO.
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileItem.java 
b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
index b69a51e..b7bdb55 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileItem.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileItem.java
@@ -24,7 +24,7 @@ import java.io.UnsupportedEncodingException;
 
 /**
  *  This class represents a file or form item that was received within a
- * multipart/form-data POST request.
+ * {@code multipart/form-data} POST request.
  *
  *  After retrieving an instance of this class from a {@link
  * org.apache.tomcat.util.http.fileupload.FileUpload FileUpload} instance (see
@@ -36,11 +36,11 @@ import java.io.UnsupportedEncodingException;
  * it into memory, which may come handy with large files.
  *
  *  While this interface does not extend
- * javax.activation.DataSource per se (to avoid a seldom used
+ * {@code javax.activation.DataSource} per se (to avoid a seldom used
  * dependency), several of the defined methods are specifically defined with
  * the same signatures as methods in that interface. This allows an
  * implementation of this interface to also implement
- * javax.activation.DataSource with minimal additional work.
+ * {@code javax.activation.DataSource} with minimal additional work.
  *
  * @since 1.3 additionally implements FileItemHeadersSupport
  */
@@ -60,10 +60,10 @@ public interface FileItem extends FileItemHeadersSupport {
 InputStream getInputStream() throws IOException;
 
 /**
- * Returns the content type passed by the browser or null if
+ * Returns the content type passed by the browser or {@code null} if
  * not defined.
  *
- * @return The content type passed by the browser or null if
+ * @return The content type passed by the browser or {@code null} if
  * not defined.
  */
 String getContentType();
@@ -88,8 +88,8 @@ public interface FileItem extends FileItemHeadersSupport {
  * Provides a hint as to whether or not the file contents will be read
  * from memory.
  *
- * @return true if the file contents will be read from memory;
- * false otherwise.
+ * @return {@code true} if the file contents will be read from memory;
+ * {@code false} otherwise.
  */
 boolean isInMemory();
 
@@ -141,7 +141,7 @@ public

[GitHub] [tomcat] malaysf commented on a change in pull request #332: Support sending the 100 continue response when the servlet reads the …

2020-08-26 Thread GitBox 


malaysf commented on a change in pull request #332:
URL: https://github.com/apache/tomcat/pull/332#discussion_r477099224



##
File path: test/org/apache/catalina/core/TestStandardContextValve.java
##
@@ -182,4 +186,123 @@ public void requestDestroyed(ServletRequestEvent sre) {
 }
 
 }
+
+@Test
+public void test100ContinueDefaultPolicy() throws Exception {
+// the default policy is IMMEDIATELY
+// This test verifies that we get proper 100 Continue responses
+// when the continueHandlingResponsePolicy property is not set
+test100Continue(ContinueHandlingResponsePolicy.IMMEDIATELY);
+}
+
+@Test
+public void test100ContinueSentImmediately() throws Exception {
+final Tomcat tomcat = getTomcatInstance();
+
+final Connector connector = tomcat.getConnector();
+connector.setProperty("continueHandlingResponsePolicy", "immediately");
+
+test100Continue(ContinueHandlingResponsePolicy.IMMEDIATELY);
+}
+
+@Test
+public void test100ContinueSentOnRequestContentRead() throws Exception {
+final Tomcat tomcat = getTomcatInstance();
+
+final Connector connector = tomcat.getConnector();
+final String policyString = 
ContinueHandlingResponsePolicy.ON_REQUEST_BODY_READ.toString()
+.toLowerCase(Locale.ENGLISH);
+connector.setProperty("continueHandlingResponsePolicy", policyString);
+
+test100Continue(ContinueHandlingResponsePolicy.ON_REQUEST_BODY_READ);
+}
+
+public void test100Continue(ContinueHandlingResponsePolicy expectedPolicy) 
throws Exception {
+final Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+final Context ctx = tomcat.addContext("", null);
+
+// configure the servlet to wait 1 second before reading the request 
body
+Tomcat.addServlet(ctx, "echo", new DelayingEchoBodyServlet(1000));
+ctx.addServletMappingDecoded("/echo", "echo");
+
+tomcat.start();
+
+final ExpectationClient client = new ExpectationClient();
+
+client.setPort(tomcat.getConnector().getLocalPort());
+// Expected content doesn't end with a CR-LF so if it isn't chunked 
make
+// sure the content length is used as reading it line-by-line will fail
+// since there is no "line".
+client.setUseContentLength(true);
+
+client.connect();
+
+// time how long it takes to send the request headers and get the
+// 100 continue response
+final long startTime = System.currentTimeMillis();
+client.doRequestHeaders();
+final long endTime = System.currentTimeMillis();
+
+final long duration = endTime - startTime;
+
+if(expectedPolicy == ContinueHandlingResponsePolicy.IMMEDIATELY) {
+// the 100 response should be received immediately while
+// the servlet will wait 1 second before responding. 500 ms
+// should be enough  time to allow for any slowness that may
+// occur but still differentiate from the 1 second or more
+// expected delay by the ON_REQUEST_BODY_READ policy.
+Assert.assertTrue(duration < 500);

Review comment:
   @martin-g I've reworked the interface and tests to differentiate the two 
policies without requiring checking the time elapsed. Basically, it can't be 
determined which policy was used simply by making a request and checking the 
response, so I also added a unit test for Coyote Request directly that mocks 
out classes to check that `sendAcknowledgement` is only called when expected. 
Can you please take a look at the latest version?





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Security concern about Tomcat's default value for HSTS MaxAge

2020-08-26 Thread Martin Grigorov 
Hi,

On Tue, Aug 25, 2020 at 9:05 PM Dave Wichers  wrote:

> Per:
> https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Header_Security_Filter
> and
> https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_Security_Filter
>
> they both say:
>
> hstsMaxAgeSeconds  - The max age value that should be used in the HSTS
> header. Negative values will be treated as zero. If not specified, the
> default value of 0 will be used.
>
> So, if a Tomcat user (like I did at first), configures hstsEnabled=true,
> the HSTS response header is set by Tomcat, but with a max age of zero
> (since that is the default).
>
> However, per the HSTS RFC:
> https://tools.ietf.org/html/rfc6797#section-6.1.1 it says:
>
> NOTE:  A max-age value of zero (i.e., "max-age=0") signals the UA to cease
> regarding the host as a Known HSTS Host, including the includeSubDomains
> directive (if asserted for that HSTS Host).
>
> I noticed this problem when I first enabled HSTS on my Tomcat dev
> instance, and then passively scanned my web app with OWASP ZAP (
> https://owasp.org/www-project-zap/). ZAP, correctly I believe, pointed
> out that enabling HSTS with a MaxAge of zero is effectively a no-op. (i.e.,
> does nothing).
>
> If I'm correct, then I think having a default of zero is dangerous and
> should instead default to something useful and effective. Such as one year
> (in seconds) which is what many developers set/configure this value.
> Otherwise, I think turning HSTS ON in Tomcat might be giving people a false
> sense of security because it really doesn't doing anything unless you also
> set MaxAge (which to me isn't intuitive that you should have to do that).
>
> Do you agree with me that this is a problem that should be fixed?
>

I agree that either a better default should be set or Tomcat should report
this misconfiguration somehow to the user!


>
> -Dave
>
>

[GitHub] [tomcat] jfclere commented on a change in pull request #334: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64614

2020-08-26 Thread GitBox 


jfclere commented on a change in pull request #334:
URL: https://github.com/apache/tomcat/pull/334#discussion_r477077159



##
File path: java/org/apache/tomcat/util/net/LocalStrings.properties
##
@@ -176,3 +176,4 @@ sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This 
protocol is known to be
 sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support 
authentication after the initial handshake and is therefore incompatible with 
optional client authentication
 sslUtilBase.trustedCertNotChecked=The validity dates of the trusted 
certificate with alias [{0}] were not checked as the certificate was of an 
unknown type
 sslUtilBase.trustedCertNotValid=The trusted certificate with alias [{0}] and 
DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted 
certificate WILL be accepted
+sslUtilBase.alias_ignored=Alias name [{0}] is ignored

Review comment:
   Sure I will change the message.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org