[Bug 60362] Missing reason phrase in response

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #75 from Ralf Hauser  ---
(In reply to Michael Osipov from comment #73)
> No, use a given status code and augment it with application/problem+json or
> similar. The Status text cannot be set via Servlet API anyway.

Just for completeness, Michael appears to reference

https://tools.ietf.org/html/rfc7807 (Problem Details for HTTP APIs)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60362] Missing reason phrase in response

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #74 from Christopher Schultz  ---
(In reply to Michael Osipov from comment #73)
> (In reply to Ralf Hauser from comment #72)
> > First, there are many error conditions for which no precise 4xx or 5xx code
> > is defined. So in this way, the reason might be helpful.
> 
> No, use a given status code and augment it with application/problem+json or
> similar. The Status text cannot be set via Servlet API anyway.

https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#sendError(int,%20java.lang.String)
?

I was surprised to see that Tomcat actively strips-out the reason phrase. I had
initially thought this was simply Tomcat removing reason-phrases from every
response generated by Tomcat (e.g. everything coming from the DefaultServlet,
various internal errors, etc.), but it's actively stripping reason phrases
explicitly-set by applications. :(

At any rate, this should be discussed in dev@ and not in bugzilla at this
point.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62371

Christopher Schultz  changed:

   What|Removed |Added

  Attachment #35931|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62371

--- Comment #18 from Christopher Schultz  ---
(In reply to Alex from comment #16)
> > This issue highlights that Tomcat can always use more real-world testing 
> > and I would encourage folks to download the release candidates as the votes 
> > are announced and test them in their environments. The more folks that do 
> > this, the more issues like this we will catch and the sooner we will catch 
> > them.
> 
> Maybe adding workaround flag in one version, changing the default behaviour
> and then dropping flag some versions later may be better in terms of
> real-world testing then logging and testing RC's as an approach for such a
> serious things?

You are presuming that there were no 9.0.x releases (beta!) which included this
change with no comments for months. In fact, it was included in 9.0.2 with
logging, then completed in 9.0.5 as Mark details in comment #14. I think this
qualifies as a reasonably-slow roll-out. There is no reason to wait many years
to change things... the alternative is an internet where it takes 20 years to
widely-deploy new encryption capabilities (TLS) and effectively NEVER to
properly-implement some IETF specifications (e.g. cookies). Sometimes you have
to just have to remove the headphone jack.

You took the big step of a 4-major-release-version jump and seem incensed that
things aren't working exactly as they had worked before. This is the purpose of
testing. In this case, you found a problem, engaged the community, and got a
fix. Instead of complaining bitterly, how about a "thanks for the 5-day
turnaround on a blocking issue I'm having"? If you wanted zero changes, you
should have stayed on the version where you were.

If you'd like to debate Tomcat's development methodologies, release cycles, or
test-coverage, you are welcome to join the dev mailing list.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60362] Missing reason phrase in response

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #73 from Michael Osipov <1983-01...@gmx.net> ---
(In reply to Ralf Hauser from comment #72)
> First, there are many error conditions for which no precise 4xx or 5xx code
> is defined. So in this way, the reason might be helpful.

No, use a given status code and augment it with application/problem+json or
similar. The Status text cannot be set via Servlet API anyway.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-8-trunk

[buildbot]

The Buildbot has detected a new failure on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/1322

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1831729
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[Mark Thomas]

On 16/05/18 15:25, Konstantin Kolinko wrote:
> 2018-05-16 16:47 GMT+03:00 Mark Thomas :
>> On 16/05/18 14:31, Konstantin Kolinko wrote:
>>> 2018-05-16 13:03 GMT+03:00  :
> 
 @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J
  jspc.webxml.footer=\n\
  \n\
  \n
 +jspc.webfrg.header=\n\
 +http://java.sun.com/xml/ns/javaee"\n\
 +\xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\n\
 +\xsi:schemaLocation="http://java.sun.com/xml/ns/javaee\n\
 +\
 http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"\n\
 +\version="3.0"\n\
>>>
>>> 4) Update version, namespace, schema to 3.1 for Tomcat 8.0, 8.5,  4.0
>>> for Tomcat 9 ?
>>
>> The web.xml generation sticks to Servlet 2.5. I decided to stick to the
>> lowest useable version number for the fragment as well since I could not
>> see any benefit in generating a file with later version number.
>>
> 
> As precompilation targets a specific release of Tomcat, and is not guaranteed
> to be compatible with a different build release, I see no benefit in
> trying to be compatible.

Fair point. I'll update the generated files to use the current versions
on that basis.

> Regarding "Servlet 2.5" (or 2.3 actually)
> comment 4 (April 2014) in this bug 50234 has a complaint about it:
> [quote]
> At the moment (Tomcat 7), a dummy web.xml has to be defined in order
> to define the version (i.e. for expresions within the JSPs).
> [/quote]

With the pre-compiled JSPs in a web-fragment-xml, there is no
requirement for a web.xml so that request has been met.

> https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
> 
> Sticking to 2.3 is OK when inserting a fragment into existing web.xml.

For the content that is being inserted, the syntax is unchanged so this
should not be an issue.

> When generating a new web.xml, one ends up with a web application that
> uses a different version of spec as opposed to a web app without a
> web.xml file.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-trunk

[buildbot]

The Buildbot has detected a new failure on builder tomcat-trunk while building 
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3273

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1831726
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62343] CORS security: reflecting any origin header value when configured to * is dangerous

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62343

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #2 from Mark Thomas  ---
Potential security issues should not be reported via a public bug tracker.

Please see the following for details of how to report security issues in Apache
Tomcat:
http://tomcat.apache.org/security.html

Please see the following for details of how to report security issues in any
other Apache project:
http://www.apache.org/security/


Fixed in:
- trunk for 9.0.9 onwards
- 8.5.x for 8.5.32 onwards
- 8.0.x for 8.0.53 onwards
- 7.0.x for 7.0.89 onwards


The lack of response was due to the Tomcat committers not wishing to draw
further attention to the issue until it had been addressed.


This issue has been assigned CVE-2018-8014.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[SECURITY] CVE-2018-8014 Insecure defaults for CORS filter

[Mark Thomas]

CVE-2018-8014 Insecure defaults for CORS filter

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.8
Apache Tomcat 8.5.0 to 8.5.31
Apache Tomcat 8.0.0.RC1 to 8.0.52
Apache Tomcat 7.0.41 to 7.0.88

Description:
The defaults settings for the CORS filter are insecure and enable
'supportsCredentials' for all origins.
It is expected that users of the CORS filter will have configured it
appropriately for their environment rather than using it in the default
configuration. Therefore, it is expected that most users will not be
impacted by this issue.

Mitigation:
Users of the affected versions should apply one of the following
mitigations.
- Configure the filter appropriately for your environment

Secure defaults will be provided in the following versions:
- Apache Tomcat 9.0.9 or later when released
- Apache Tomcat 8.5.32 or later when released
- Apache Tomcat 8.0.53 or later when released
- Apache Tomcat 7.0.89 or later when released

History:
2018-05-15 Original advisory

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1831731 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

[markt]

Author: markt
Date: Wed May 16 14:57:44 2018
New Revision: 1831731

URL: http://svn.apache.org/viewvc?rev=1831731=rev
Log:
Add info for CVE-2018-8014

Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-7.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1831731=1831730=1831731=diff
==
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed May 16 14:57:44 2018
@@ -222,6 +222,9 @@
 Apache Tomcat 7.x 
vulnerabilities
 
 
+Fixed in Apache Tomcat 7.0.89
+
+
 Fixed in Apache Tomcat 7.0.85
 
 
@@ -393,6 +396,32 @@
 
   
 
+
+not yet released Fixed in Apache Tomcat 
7.0.89
+
+  
+
+
+Low: CORS filter has insecure defaults
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; 
rel="nofollow">CVE-2018-8014
+
+
+
+The defaults settings for the CORS filter are insecure and enable
+   supportsCredentials for all origins. It is expected that
+   users of the CORS filter will have configured it appropriately for their
+   environment rather than using it in the default configuration. 
Therefore,
+   it is expected that most users will not be impacted by this issue.
+
+
+This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1831730;>1831730.
+
+
+This issue was reported publicly on 1 May 2018 and formally announced as
+   a vulnerability on 16 May 2018.
+
+  
+
 
 13 February 2018 Fixed in Apache Tomcat 
7.0.85
 

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1831731=1831730=1831731=diff
==
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Wed May 16 14:57:44 2018
@@ -222,6 +222,12 @@
 Apache Tomcat 8.x 
vulnerabilities
 
 
+Fixed in Apache Tomcat 8.0.53
+
+
+Fixed in Apache Tomcat 8.5.32
+
+
 Fixed in Apache Tomcat 8.0.50
 
 
@@ -366,6 +372,58 @@
 
   
 
+
+not yet released Fixed in Apache Tomcat 
8.0.53
+
+  
+
+
+Low: CORS filter has insecure defaults
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; 
rel="nofollow">CVE-2018-8014
+
+
+
+The defaults settings for the CORS filter are insecure and enable
+   supportsCredentials for all origins. It is expected that
+   users of the CORS filter will have configured it appropriately for their
+   environment rather than using it in the default configuration. 
Therefore,
+   it is expected that most users will not be impacted by this issue.
+
+
+This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1831729;>1831729.
+
+
+This issue was reported publicly on 1 May 2018 and formally announced as
+   a vulnerability on 16 May 2018.
+
+  
+
+
+not yet released Fixed in Apache Tomcat 
8.5.32
+
+  
+
+
+Low: CORS filter has insecure defaults
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; 
rel="nofollow">CVE-2018-8014
+
+
+
+The defaults settings for the CORS filter are insecure and enable
+   supportsCredentials for all origins. It is expected that
+   users of the CORS filter will have configured it appropriately for their
+   environment rather than using it in the default configuration. 
Therefore,
+   it is expected that most users will not be impacted by this issue.
+
+
+This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1831728;>1831728.
+
+
+This issue was reported publicly on 1 May 2018 and formally announced as
+   a vulnerability on 16 May 2018.
+
+  
+
 
 13 February 2018 Fixed in Apache Tomcat 
8.0.50
 

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1831731=1831730=1831731=diff
==
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Wed May 16 14:57:44 2018
@@ -225,6 +225,9 @@
 Fixed in Apache Tomcat 9.0.5
 
 
+Fixed in Apache Tomcat 9.0.5
+
+
 Fixed in Apache Tomcat 9.0.2
 
 
@@ -309,6 +312,32 @@
 
   
 
+
+not yet released Fixed in Apache Tomcat 
9.0.5
+
+  
+
+
+Low: CORS filter has insecure defaults
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; 
rel="nofollow">CVE-2018-8014
+
+
+
+The defaults settings for the CORS filter are insecure and enable
+   supportsCredentials for all origins. It is expected that
+   users of the CORS filter will have configured it appropriately for their
+   environment rather than using 

svn commit: r1831730 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

[markt]

Author: markt
Date: Wed May 16 14:56:34 2018
New Revision: 1831730

URL: http://svn.apache.org/viewvc?rev=1831730=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc7.0.x/trunk/test/org/apache/catalina/filters/TestCorsFilter.java

tomcat/tc7.0.x/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 14:56:34 2018
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 
725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
 

svn commit: r1831729 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

[markt]

Author: markt
Date: Wed May 16 14:54:51 2018
New Revision: 1831729

URL: http://svn.apache.org/viewvc?rev=1831729=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestCorsFilter.java

tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 14:54:51 2018
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1779898,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880,1809831,1812093,1812143,1812145,1812319,1814975,1815945,1815956,1820207,1822186,1823164,1823497,1824960,1826872-1826873,1827862,1829310,1829777,1829796,1829935,1830215,1830991,1831042,1831557,1831569
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 

svn commit: r1831728 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

[markt]

Author: markt
Date: Wed May 16 14:54:09 2018
New Revision: 1831728

URL: http://svn.apache.org/viewvc?rev=1831728=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/CorsFilter.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc8.5.x/trunk/test/org/apache/catalina/filters/TestCorsFilter.java

tomcat/tc8.5.x/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 14:54:09 2018
@@ -1,2 +1,2 @@
 /tomcat/tc8.0.x/trunk:1809644
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
 
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
 
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
 
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
 

svn commit: r1831726 - in /tomcat/trunk: java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

[markt]

Author: markt
Date: Wed May 16 14:53:21 2018
New Revision: 1831726

URL: http://svn.apache.org/viewvc?rev=1831726=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.

Modified:
tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java
tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1831726=1831725=1831726=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Wed May 16 
14:53:21 2018
@@ -256,17 +256,14 @@ public class CorsFilter extends GenericF
 
 // Section 6.1.3
 // Add a single Access-Control-Allow-Origin header.
-if (anyOriginAllowed && !supportsCredentials) {
-// If resource doesn't support credentials and if any origin is
-// allowed
-// to make CORS request, return header with '*'.
+if (anyOriginAllowed) {
+// If any origin is allowed, return header with '*'.
 response.addHeader(
 CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
 "*");
 } else {
-// If the resource supports credentials add a single
-// Access-Control-Allow-Origin header, with the value of the Origin
-// header as value.
+// Add a single Access-Control-Allow-Origin header, with the value
+// of the Origin header as value.
 response.addHeader(
 CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
 origin);
@@ -764,6 +761,10 @@ public class CorsFilter extends GenericF
 // For any value other then 'true' this will be false.
 this.supportsCredentials = Boolean.parseBoolean(supportsCredentials);
 
+if (this.supportsCredentials && this.anyOriginAllowed) {
+throw new 
ServletException(sm.getString("corsFilter.invalidSupportsCredentials"));
+}
+
 try {
 if (!preflightMaxAge.isEmpty()) {
 this.preflightMaxAge = Long.parseLong(preflightMaxAge);
@@ -1073,7 +1074,7 @@ public class CorsFilter extends GenericF
 /**
  * By default, all origins are allowed to make requests.
  */
-public static final String DEFAULT_ALLOWED_ORIGINS = "*";
+public static final String DEFAULT_ALLOWED_ORIGINS = "";
 
 /**
  * By default, following methods are supported: GET, POST, HEAD and 
OPTIONS.
@@ -1089,7 +1090,7 @@ public class CorsFilter extends GenericF
 /**
  * By default, support credentials is turned on.
  */
-public static final String DEFAULT_SUPPORTS_CREDENTIALS = "true";
+public static final String DEFAULT_SUPPORTS_CREDENTIALS = "false";
 
 /**
  * By default, following headers are supported:

Modified: tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties?rev=1831726=1831725=1831726=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties Wed 
May 16 14:53:21 2018
@@ -14,6 +14,8 @@
 # limitations under the License.
 
 addDefaultCharset.unsupportedCharset=Specified character set [{0}] is not 
supported
+
+corsFilter.invalidSupportsCredentials=It is not allowed to configure 
supportsCredentials=[true] when allowedOrigins=[*]
 corsFilter.invalidPreflightMaxAge=Unable to parse preflightMaxAge
 corsFilter.nullRequest=HttpServletRequest object is null
 corsFilter.nullRequestType=CORSRequestType object is null

Modified: tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java?rev=1831726=1831725=1831726=diff
==
--- tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java (original)
+++ tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java Wed May 
16 14:53:21 2018
@@ -55,8 +55,7 @@ public class TestCorsFilter {
 corsFilter.doFilter(request, response, filterChain);
 
 Assert.assertTrue(response.getHeader(
-CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
-

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[Konstantin Kolinko]

2018-05-16 16:47 GMT+03:00 Mark Thomas :
> On 16/05/18 14:31, Konstantin Kolinko wrote:
>> 2018-05-16 13:03 GMT+03:00  :

>>> @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J
>>>  jspc.webxml.footer=\n\
>>>  \n\
>>>  \n
>>> +jspc.webfrg.header=\n\
>>> +http://java.sun.com/xml/ns/javaee"\n\
>>> +\xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\n\
>>> +\xsi:schemaLocation="http://java.sun.com/xml/ns/javaee\n\
>>> +\
>>> http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"\n\
>>> +\version="3.0"\n\
>>
>> 4) Update version, namespace, schema to 3.1 for Tomcat 8.0, 8.5,  4.0
>> for Tomcat 9 ?
>
> The web.xml generation sticks to Servlet 2.5. I decided to stick to the
> lowest useable version number for the fragment as well since I could not
> see any benefit in generating a file with later version number.
>

As precompilation targets a specific release of Tomcat, and is not guaranteed
to be compatible with a different build release, I see no benefit in
trying to be compatible.

Regarding "Servlet 2.5" (or 2.3 actually)
comment 4 (April 2014) in this bug 50234 has a complaint about it:
[quote]
At the moment (Tomcat 7), a dummy web.xml has to be defined in order
to define the version (i.e. for expresions within the JSPs).
[/quote]

https://bz.apache.org/bugzilla/show_bug.cgi?id=50234

Sticking to 2.3 is OK when inserting a fragment into existing web.xml.

When generating a new web.xml, one ends up with a web application that
uses a different version of spec as opposed to a web app without a
web.xml file.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1831721 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml

[markt]

Author: markt
Date: Wed May 16 14:11:47 2018
New Revision: 1831721

URL: http://svn.apache.org/viewvc?rev=1831721=rev
Log:
Follow-up to 1831695
kkolinko review comments

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java

tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/tc7.0.x/trunk/webapps/docs/jasper-howto.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 14:11:47 2018
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 
725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
 

svn commit: r1831720 - /tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties

[markt]

Author: markt
Date: Wed May 16 14:10:54 2018
New Revision: 1831720

URL: http://svn.apache.org/viewvc?rev=1831720=rev
Log:
Fix merge

Modified:

tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831720=1831719=1831720=diff
==
--- 
tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
(original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
Wed May 16 14:10:54 2018
@@ -161,7 +161,6 @@ where jsp files is\n\
 or any number of\n\
 \ A file to be parsed as a JSP page\n\
 where options include:\n\
-<<< .working
 \-help  Print this help message\n\
 \-v Verbose mode\n\
 \-dOutput Directory (default -Djava.io.tmpdir)\n\



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1831719 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml

[markt]

Author: markt
Date: Wed May 16 14:09:47 2018
New Revision: 1831719

URL: http://svn.apache.org/viewvc?rev=1831719=rev
Log:
Follow-up to 1831694
kkolinko review comments

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/jasper/JspC.java

tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/tc8.5.x/trunk/webapps/docs/jasper-howto.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 14:09:47 2018
@@ -1,2 +1,2 @@
 /tomcat/tc8.0.x/trunk:1809644
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
 
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
 
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
 
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
 

svn commit: r1831718 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml

[markt]

Author: markt
Date: Wed May 16 14:08:02 2018
New Revision: 1831718

URL: http://svn.apache.org/viewvc?rev=1831718=rev
Log:
Follow-up to 1831691
kkolinko review comments

Modified:
tomcat/trunk/java/org/apache/jasper/JspC.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/trunk/webapps/docs/jasper-howto.xml

Modified: tomcat/trunk/java/org/apache/jasper/JspC.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1831718=1831717=1831718=diff
==
--- tomcat/trunk/java/org/apache/jasper/JspC.java (original)
+++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed May 16 14:08:02 2018
@@ -341,6 +341,11 @@ public class JspC extends Task implement
 if (webxmlFile != null) {
 webxmlLevel = INC_WEBXML;
 }
+} else if (tok.equals(SWITCH_WEBAPP_FRG)) {
+webxmlFile = nextArg();
+if (webxmlFile != null) {
+webxmlLevel = FRG_WEBXML;
+}
 } else if (tok.equals(SWITCH_WEBAPP_XML)) {
 webxmlFile = nextArg();
 if (webxmlFile != null) {

Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831718=1831717=1831718=diff
==
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Wed 
May 16 14:08:02 2018
@@ -178,7 +178,7 @@ where options include:\n\
 \-compile  Compiles generated servlets\n\
 \-failFast Stop on first compile error\n\
 \-webinc Creates a partial servlet mappings in the file\n\
-\-webfrg Creates a complete web-fragment.xml the file\n\
+\-webfrg Creates a complete web-fragment.xml file\n\
 \-webxml Creates a complete web.xml in the file\n\
 \-webxmlencoding  Set the encoding charset used to read and write the 
web.xml\n\
 \  file (default is UTF-8)\n\

Modified: tomcat/trunk/webapps/docs/jasper-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/jasper-howto.xml?rev=1831718=1831717=1831718=diff
==
--- tomcat/trunk/webapps/docs/jasper-howto.xml (original)
+++ tomcat/trunk/webapps/docs/jasper-howto.xml Wed May 16 14:08:02 2018
@@ -296,7 +296,7 @@ download) to precompile a webapp:
 
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[Mark Thomas]

On 16/05/18 14:31, Konstantin Kolinko wrote:
> 2018-05-16 13:03 GMT+03:00  :
>> Author: markt
>> Date: Wed May 16 10:03:30 2018
>> New Revision: 1831691



> 1). There is an example in
> http://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html
> -> Web Application Compilation
> -> webXmlFragment="${webapp.path}/WEB-INF/generated_web.xml"
> 
> It needs updating?

Probably. I'll take a look.

>> Modified: 
>> tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
>> URL: 
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831691=1831690=1831691=diff
>> ==
>> --- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
>> (original)
>> +++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
>> Wed May 16 10:03:30 2018
>> @@ -178,6 +178,7 @@ where options include:\n\
>>  \-compile  Compiles generated servlets\n\
>>  \-failFast Stop on first compile error\n\
>>  \-webinc Creates a partial servlet mappings in the file\n\
>> +\-webfrg Creates a complete web-fragment.xml the file\n\
> 
> 2) s/"the file"/"in the file", as in sibling options?

I'll fix that wording.

> 3) I do not see where JspC processes the "-webfrg" switch.
> 
> SWITCH_WEBAPP_FRG in JspC is declared, but not used.
> 
> A sibling "webinc" switch (SWITCH_WEBAPP_INC) is processed in
> #setArgs() (line 339).

I went back and forth naming. I may have missed that change. I'll take a
look and add it if necessary.

>> @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J
>>  jspc.webxml.footer=\n\
>>  \n\
>>  \n
>> +jspc.webfrg.header=\n\
>> +http://java.sun.com/xml/ns/javaee"\n\
>> +\xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\n\
>> +\xsi:schemaLocation="http://java.sun.com/xml/ns/javaee\n\
>> +\
>> http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"\n\
>> +\version="3.0"\n\
> 
> 4) Update version, namespace, schema to 3.1 for Tomcat 8.0, 8.5,  4.0
> for Tomcat 9 ?

The web.xml generation sticks to Servlet 2.5. I decided to stick to the
lowest useable version number for the fragment as well since I could not
see any benefit in generating a file with later version number.

Thanks for the review.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[Konstantin Kolinko]

2018-05-16 13:03 GMT+03:00  :
> Author: markt
> Date: Wed May 16 10:03:30 2018
> New Revision: 1831691
>
> URL: http://svn.apache.org/viewvc?rev=1831691=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
> Add the capability to generate a web-fragment.xml file to JspC.
>
> Modified:
> tomcat/trunk/java/org/apache/jasper/JspC.java
> tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
> tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/jasper/JspC.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1831691=1831690=1831691=diff
> ==
> --- tomcat/trunk/java/org/apache/jasper/JspC.java (original)
> +++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed May 16 10:03:30 2018
> @@ -121,6 +121,7 @@ public class JspC extends Task implement
>  protected static final String SWITCH_URI_ROOT = "-uriroot";
>  protected static final String SWITCH_FILE_WEBAPP = "-webapp";
>  protected static final String SWITCH_WEBAPP_INC = "-webinc";
> +protected static final String SWITCH_WEBAPP_FRG = "-webfrg";
>  protected static final String SWITCH_WEBAPP_XML = "-webxml";
>  protected static final String SWITCH_WEBAPP_XML_ENCODING = 
> "-webxmlencoding";
>  protected static final String SWITCH_ADD_WEBAPP_XML_MAPPINGS = 
> "-addwebxmlmappings";
> @@ -142,6 +143,7 @@ public class JspC extends Task implement
>  protected static final String SHOW_SUCCESS ="-s";
>  protected static final String LIST_ERRORS = "-l";
>  protected static final int INC_WEBXML = 10;
> +protected static final int FRG_WEBXML = 15;
>  protected static final int ALL_WEBXML = 20;
>  protected static final int DEFAULT_DIE_LEVEL = 1;
>  protected static final int NO_DIE_LEVEL = 0;
> @@ -996,13 +998,36 @@ public class JspC extends Task implement
>  /**
>   * File where we generate a web.xml fragment with the class definitions.
>   * @param s New value
> + * @deprecated Will be removed in Tomcat 10.
> + * Use {@link #setWebXmlInclude(String)}
>   */
> +@Deprecated
>  public void setWebXmlFragment( String s ) {
>  webxmlFile=resolveFile(s).getAbsolutePath();
>  webxmlLevel=INC_WEBXML;
>  }

1). There is an example in
http://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html
-> Web Application Compilation
-> webXmlFragment="${webapp.path}/WEB-INF/generated_web.xml"

It needs updating?

>  /**
> + * File where we generate configuration with the class definitions to be
> + * included in a web.xml file.
> + * @param s New value
> + */
> +public void setWebXmlInclude( String s ) {
> +webxmlFile=resolveFile(s).getAbsolutePath();
> +webxmlLevel=INC_WEBXML;
> +}
> +
> +/**
> + * File where we generate a complete web-fragment.xml with the class
> + * definitions.
> + * @param s New value
> + */
> +public void setWebFragmentXml( String s ) {
> +webxmlFile=resolveFile(s).getAbsolutePath();
> +webxmlLevel=FRG_WEBXML;
> +}
> +
> +/**
>   * File where we generate a complete web.xml with the class definitions.
>   * @param s New value
>   */
> @@ -1513,6 +1538,9 @@ public class JspC extends Task implement
>  if (webxmlLevel >= ALL_WEBXML) {
>  mapout.write(Localizer.getMessage("jspc.webxml.header", 
> webxmlEncoding));
>  mapout.flush();
> +} else if (webxmlLevel >= FRG_WEBXML) {
> +mapout.write(Localizer.getMessage("jspc.webfrg.header", 
> webxmlEncoding));
> +mapout.flush();
>  } else if ((webxmlLevel>= INC_WEBXML) && !addWebXmlMappings) {
>  mapout.write(Localizer.getMessage("jspc.webinc.header"));
>  mapout.flush();
> @@ -1532,6 +1560,8 @@ public class JspC extends Task implement
>  mappingout.writeTo(mapout);
>  if (webxmlLevel >= ALL_WEBXML) {
>  mapout.write(Localizer.getMessage("jspc.webxml.footer"));
> +} else if (webxmlLevel >= FRG_WEBXML) {
> +
> mapout.write(Localizer.getMessage("jspc.webfrg.footer"));
>  } else if ((webxmlLevel >= INC_WEBXML) && 
> !addWebXmlMappings) {
>  mapout.write(Localizer.getMessage("jspc.webinc.footer"));
>  }
>
> Modified: 
> tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831691=1831690=1831691=diff
> ==
> --- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
> (original)
> +++ 

svn commit: r1831702 - /tomcat/trunk/res/findbugs/filter-false-positives.xml

[markt]

Author: markt
Date: Wed May 16 11:29:31 2018
New Revision: 1831702

URL: http://svn.apache.org/viewvc?rev=1831702=rev
Log:
A couple more false positives

Modified:
tomcat/trunk/res/findbugs/filter-false-positives.xml

Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1831702=1831701=1831702=diff
==
--- tomcat/trunk/res/findbugs/filter-false-positives.xml (original)
+++ tomcat/trunk/res/findbugs/filter-false-positives.xml Wed May 16 11:29:31 
2018
@@ -1173,6 +1173,12 @@
 
   
   
+
+
+
+
+  
+  
 
 
 
@@ -1318,6 +1324,15 @@
 
   
   
+
+
+
+  
+  
+
+
+  
+  
 
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1831701 - /tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

[markt]

Author: markt
Date: Wed May 16 11:11:56 2018
New Revision: 1831701

URL: http://svn.apache.org/viewvc?rev=1831701=rev
Log:
Clean-up
Mostly auto-format from Eclipse
A few additional line length fixes made manually

Modified:
tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java?rev=1831701=1831700=1831701=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java Wed May 16 
11:11:56 2018
@@ -14,11 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-
 package org.apache.tomcat.util.modeler;
 
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.InputStream;
@@ -49,15 +46,15 @@ import org.apache.tomcat.util.modeler.mo
- double check the interfaces
- start removing the use of the experimental methods in tomcat, then remove
  the methods ( before 1.1 final )
-   - is the security enough to prevent Registry being used to avoid the 
permission
-checks in the mbean server ?
+   - is the security enough to prevent Registry being used to avoid the
+ permission checks in the mbean server ?
 */
 
 /**
  * Registry for modeler MBeans.
  *
- * This is the main entry point into modeler. It provides methods to create
- * and manipulate model mbeans and simplify their use.
+ * This is the main entry point into modeler. It provides methods to create and
+ * manipulate model mbeans and simplify their use.
  *
  * This class is itself an mbean.
  *
@@ -67,7 +64,8 @@ import org.apache.tomcat.util.modeler.mo
  * @author Craig R. McClanahan
  * @author Costin Manolache
  */
-public class Registry implements RegistryMBean, MBeanRegistration  {
+public class Registry implements RegistryMBean, MBeanRegistration {
+
 /**
  * The Log instance to which we will write our log messages.
  */
@@ -75,13 +73,14 @@ public class Registry implements Registr
 
 // Support for the factory methods
 
-/** Will be used to isolate different apps and enhance security.
+/**
+ * Will be used to isolate different apps and enhance security.
  */
-private static final HashMap perLoaderRegistries = null;
+private static final HashMap perLoaderRegistries = null;
 
 /**
- * The registry instance created by our factory method the first time
- * it is called.
+ * The registry instance created by our factory method the first time it is
+ * called.
  */
 private static Registry registry = null;
 
@@ -95,68 +94,66 @@ public class Registry implements Registr
 private final Object serverLock = new Object();
 
 /**
- * The set of ManagedBean instances for the beans this registry
- * knows about, keyed by name.
+ * The set of ManagedBean instances for the beans this registry knows 
about,
+ * keyed by name.
  */
-private Map descriptors = new HashMap<>();
+private Map descriptors = new HashMap<>();
 
-/** List of managed beans, keyed by class name
+/**
+ * List of managed beans, keyed by class name
  */
-private Map descriptorsByClass = new HashMap<>();
+private Map descriptorsByClass = new HashMap<>();
 
 // map to avoid duplicated searching or loading descriptors
-private Map searchedPaths = new HashMap<>();
+private Map searchedPaths = new HashMap<>();
 
 private Object guard;
 
 // Id - small ints to use array access. No reset on stop()
 // Used for notifications
-private final Hashtable> idDomains =
-new Hashtable<>();
-private final Hashtable ids = new Hashtable<>();
+private final Hashtable> idDomains = 
new Hashtable<>();
+private final Hashtable ids = new Hashtable<>();
 
 
 // --- Constructors
 
-/**
- */
- public Registry() {
+public Registry() {
 super();
 }
 
-//  Static methods  
+
+//  Static methods 
 // Factories
 
 /**
  * Factory method to create (if necessary) and return our
  * Registry instance.
  *
- * The current version uses a static - future versions could use
- * the thread class loader.
+ * The current version uses a static - future versions could use the thread
+ * class loader.
  *
  * @param key Support for application isolation. If null, the context 

svn commit: r1831700 - /tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

[markt]

Author: markt
Date: Wed May 16 11:07:18 2018
New Revision: 1831700

URL: http://svn.apache.org/viewvc?rev=1831700=rev
Log:
Fix a SpotBugs warning (inconsistent sync)
Make setting of server thread-safe
Fix potential NPEs

Modified:
tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java?rev=1831700=1831699=1831700=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java Wed May 16 
11:07:18 2018
@@ -91,7 +91,8 @@ public class Registry implements Registr
  * The MBeanServer instance that we will use to register
  * management beans.
  */
-private MBeanServer server = null;
+private volatile MBeanServer server = null;
+private final Object serverLock = new Object();
 
 /**
  * The set of ManagedBean instances for the beans this registry
@@ -367,7 +368,7 @@ public class Registry implements Registr
 String type=null;
 MBeanInfo info=null;
 try {
-info=server.getMBeanInfo(oname);
+info = getMBeanServer().getMBeanInfo(oname);
 } catch (Exception e) {
 log.info( "Can't find metadata for object" + oname );
 return null;
@@ -394,7 +395,7 @@ public class Registry implements Registr
 {
 MBeanInfo info=null;
 try {
-info=server.getMBeanInfo(oname);
+info = getMBeanServer().getMBeanInfo(oname);
 } catch (Exception e) {
 log.info( "Can't find metadata " + oname );
 return null;
@@ -429,18 +430,22 @@ public class Registry implements Registr
  * MBeanServer instance.
  * @return the MBean server
  */
-public synchronized MBeanServer getMBeanServer() {
+public MBeanServer getMBeanServer() {
 if (server == null) {
-long t1 = System.currentTimeMillis();
-if (MBeanServerFactory.findMBeanServer(null).size() > 0) {
-server = MBeanServerFactory.findMBeanServer(null).get(0);
-if (log.isDebugEnabled()) {
-log.debug("Using existing MBeanServer " + 
(System.currentTimeMillis() - t1));
-}
-} else {
-server = ManagementFactory.getPlatformMBeanServer();
-if (log.isDebugEnabled()) {
-log.debug("Creating MBeanServer" + 
(System.currentTimeMillis() - t1));
+synchronized (serverLock) {
+if (server == null) {
+long t1 = System.currentTimeMillis();
+if (MBeanServerFactory.findMBeanServer(null).size() > 0) {
+server = 
MBeanServerFactory.findMBeanServer(null).get(0);
+if (log.isDebugEnabled()) {
+log.debug("Using existing MBeanServer " + 
(System.currentTimeMillis() - t1));
+}
+} else {
+server = ManagementFactory.getPlatformMBeanServer();
+if (log.isDebugEnabled()) {
+log.debug("Creating MBeanServer" + 
(System.currentTimeMillis() - t1));
+}
+}
 }
 }
 }
@@ -719,10 +724,10 @@ public class Registry implements Registr
 //  Registration  
 
 @Override
-public ObjectName preRegister(MBeanServer server,
-  ObjectName name) throws Exception
-{
-this.server=server;
+public ObjectName preRegister(MBeanServer server, ObjectName name) throws 
Exception {
+synchronized (serverLock) {
+this.server = server;
+}
 return name;
 }
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 50670] Tribes | RpcChannel | Add option to specify external class loaders to support custom message classes

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=50670

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---
I've no strong view on this so I am going to follow Filip's view that this is
not necessary.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 50234] JspC use servlet 3.0 features

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=50234

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #5 from Mark Thomas  ---
Fixed in:
- trunk for 9.0.9 onwards
- 8.5.x for 8.5.32 onwards
- 7.0.x for 7.0.89 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1831695 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[markt]

Author: markt
Date: Wed May 16 10:06:54 2018
New Revision: 1831695

URL: http://svn.apache.org/viewvc?rev=1831695=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Add the capability to generate a web-fragment.xml file to JspC.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java

tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 10:06:54 2018
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 
725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
 

svn commit: r1831694 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[markt]

Author: markt
Date: Wed May 16 10:06:22 2018
New Revision: 1831694

URL: http://svn.apache.org/viewvc?rev=1831694=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Add the capability to generate a web-fragment.xml file to JspC.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/jasper/JspC.java

tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 16 10:06:22 2018
@@ -1,2 +1,2 @@
 /tomcat/tc8.0.x/trunk:1809644
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
 
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
 
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
 
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
 

svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

[markt]

Author: markt
Date: Wed May 16 10:03:30 2018
New Revision: 1831691

URL: http://svn.apache.org/viewvc?rev=1831691=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Add the capability to generate a web-fragment.xml file to JspC.

Modified:
tomcat/trunk/java/org/apache/jasper/JspC.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/jasper/JspC.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1831691=1831690=1831691=diff
==
--- tomcat/trunk/java/org/apache/jasper/JspC.java (original)
+++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed May 16 10:03:30 2018
@@ -121,6 +121,7 @@ public class JspC extends Task implement
 protected static final String SWITCH_URI_ROOT = "-uriroot";
 protected static final String SWITCH_FILE_WEBAPP = "-webapp";
 protected static final String SWITCH_WEBAPP_INC = "-webinc";
+protected static final String SWITCH_WEBAPP_FRG = "-webfrg";
 protected static final String SWITCH_WEBAPP_XML = "-webxml";
 protected static final String SWITCH_WEBAPP_XML_ENCODING = 
"-webxmlencoding";
 protected static final String SWITCH_ADD_WEBAPP_XML_MAPPINGS = 
"-addwebxmlmappings";
@@ -142,6 +143,7 @@ public class JspC extends Task implement
 protected static final String SHOW_SUCCESS ="-s";
 protected static final String LIST_ERRORS = "-l";
 protected static final int INC_WEBXML = 10;
+protected static final int FRG_WEBXML = 15;
 protected static final int ALL_WEBXML = 20;
 protected static final int DEFAULT_DIE_LEVEL = 1;
 protected static final int NO_DIE_LEVEL = 0;
@@ -996,13 +998,36 @@ public class JspC extends Task implement
 /**
  * File where we generate a web.xml fragment with the class definitions.
  * @param s New value
+ * @deprecated Will be removed in Tomcat 10.
+ * Use {@link #setWebXmlInclude(String)}
  */
+@Deprecated
 public void setWebXmlFragment( String s ) {
 webxmlFile=resolveFile(s).getAbsolutePath();
 webxmlLevel=INC_WEBXML;
 }
 
 /**
+ * File where we generate configuration with the class definitions to be
+ * included in a web.xml file.
+ * @param s New value
+ */
+public void setWebXmlInclude( String s ) {
+webxmlFile=resolveFile(s).getAbsolutePath();
+webxmlLevel=INC_WEBXML;
+}
+
+/**
+ * File where we generate a complete web-fragment.xml with the class
+ * definitions.
+ * @param s New value
+ */
+public void setWebFragmentXml( String s ) {
+webxmlFile=resolveFile(s).getAbsolutePath();
+webxmlLevel=FRG_WEBXML;
+}
+
+/**
  * File where we generate a complete web.xml with the class definitions.
  * @param s New value
  */
@@ -1513,6 +1538,9 @@ public class JspC extends Task implement
 if (webxmlLevel >= ALL_WEBXML) {
 mapout.write(Localizer.getMessage("jspc.webxml.header", 
webxmlEncoding));
 mapout.flush();
+} else if (webxmlLevel >= FRG_WEBXML) {
+mapout.write(Localizer.getMessage("jspc.webfrg.header", 
webxmlEncoding));
+mapout.flush();
 } else if ((webxmlLevel>= INC_WEBXML) && !addWebXmlMappings) {
 mapout.write(Localizer.getMessage("jspc.webinc.header"));
 mapout.flush();
@@ -1532,6 +1560,8 @@ public class JspC extends Task implement
 mappingout.writeTo(mapout);
 if (webxmlLevel >= ALL_WEBXML) {
 mapout.write(Localizer.getMessage("jspc.webxml.footer"));
+} else if (webxmlLevel >= FRG_WEBXML) {
+
mapout.write(Localizer.getMessage("jspc.webfrg.footer"));
 } else if ((webxmlLevel >= INC_WEBXML) && !addWebXmlMappings) {
 mapout.write(Localizer.getMessage("jspc.webinc.footer"));
 }

Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831691=1831690=1831691=diff
==
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Wed 
May 16 10:03:30 2018
@@ -178,6 +178,7 @@ where options include:\n\
 \-compile  Compiles generated servlets\n\
 \-failFast Stop on first compile error\n\
 \-webinc Creates a partial servlet mappings in the file\n\
+\-webfrg Creates a complete web-fragment.xml the file\n\
 \-webxml Creates a complete web.xml in the file\n\
 \