[Bug 60362] Missing reason phrase in response
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #75 from Ralf Hauser--- (In reply to Michael Osipov from comment #73) > No, use a given status code and augment it with application/problem+json or > similar. The Status text cannot be set via Servlet API anyway. Just for completeness, Michael appears to reference https://tools.ietf.org/html/rfc7807 (Problem Details for HTTP APIs) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60362] Missing reason phrase in response
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #74 from Christopher Schultz--- (In reply to Michael Osipov from comment #73) > (In reply to Ralf Hauser from comment #72) > > First, there are many error conditions for which no precise 4xx or 5xx code > > is defined. So in this way, the reason might be helpful. > > No, use a given status code and augment it with application/problem+json or > similar. The Status text cannot be set via Servlet API anyway. https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#sendError(int,%20java.lang.String) ? I was surprised to see that Tomcat actively strips-out the reason phrase. I had initially thought this was simply Tomcat removing reason-phrases from every response generated by Tomcat (e.g. everything coming from the DefaultServlet, various internal errors, etc.), but it's actively stripping reason phrases explicitly-set by applications. :( At any rate, this should be discussed in dev@ and not in bugzilla at this point. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62371] Improve logging in AbstractProcessor.parseHost()
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Christopher Schultzchanged: What|Removed |Added Attachment #35931|0 |1 is obsolete|| -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62371] Improve logging in AbstractProcessor.parseHost()
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #18 from Christopher Schultz--- (In reply to Alex from comment #16) > > This issue highlights that Tomcat can always use more real-world testing > > and I would encourage folks to download the release candidates as the votes > > are announced and test them in their environments. The more folks that do > > this, the more issues like this we will catch and the sooner we will catch > > them. > > Maybe adding workaround flag in one version, changing the default behaviour > and then dropping flag some versions later may be better in terms of > real-world testing then logging and testing RC's as an approach for such a > serious things? You are presuming that there were no 9.0.x releases (beta!) which included this change with no comments for months. In fact, it was included in 9.0.2 with logging, then completed in 9.0.5 as Mark details in comment #14. I think this qualifies as a reasonably-slow roll-out. There is no reason to wait many years to change things... the alternative is an internet where it takes 20 years to widely-deploy new encryption capabilities (TLS) and effectively NEVER to properly-implement some IETF specifications (e.g. cookies). Sometimes you have to just have to remove the headphone jack. You took the big step of a 4-major-release-version jump and seem incensed that things aren't working exactly as they had worked before. This is the purpose of testing. In this case, you found a problem, engaged the community, and got a fix. Instead of complaining bitterly, how about a "thanks for the 5-day turnaround on a blocking issue I'm having"? If you wanted zero changes, you should have stayed on the version where you were. If you'd like to debate Tomcat's development methodologies, release cycles, or test-coverage, you are welcome to join the dev mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60362] Missing reason phrase in response
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #73 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Ralf Hauser from comment #72) > First, there are many error conditions for which no precise 4xx or 5xx code > is defined. So in this way, the reason might be helpful. No, use a given status code and augment it with application/problem+json or similar. The Status text cannot be set via Servlet API anyway. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-8-trunk
The Buildbot has detected a new failure on builder tomcat-8-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-8-trunk/builds/1322 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1831729 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
On 16/05/18 15:25, Konstantin Kolinko wrote: > 2018-05-16 16:47 GMT+03:00 Mark Thomas: >> On 16/05/18 14:31, Konstantin Kolinko wrote: >>> 2018-05-16 13:03 GMT+03:00 : > @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J jspc.webxml.footer=\n\ \n\ \n +jspc.webfrg.header=\n\ +http://java.sun.com/xml/ns/javaee"\n\ +\xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\n\ +\xsi:schemaLocation="http://java.sun.com/xml/ns/javaee\n\ +\ http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"\n\ +\version="3.0"\n\ >>> >>> 4) Update version, namespace, schema to 3.1 for Tomcat 8.0, 8.5, 4.0 >>> for Tomcat 9 ? >> >> The web.xml generation sticks to Servlet 2.5. I decided to stick to the >> lowest useable version number for the fragment as well since I could not >> see any benefit in generating a file with later version number. >> > > As precompilation targets a specific release of Tomcat, and is not guaranteed > to be compatible with a different build release, I see no benefit in > trying to be compatible. Fair point. I'll update the generated files to use the current versions on that basis. > Regarding "Servlet 2.5" (or 2.3 actually) > comment 4 (April 2014) in this bug 50234 has a complaint about it: > [quote] > At the moment (Tomcat 7), a dummy web.xml has to be defined in order > to define the version (i.e. for expresions within the JSPs). > [/quote] With the pre-compiled JSPs in a web-fragment-xml, there is no requirement for a web.xml so that request has been met. > https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 > > Sticking to 2.3 is OK when inserting a fragment into existing web.xml. For the content that is being inserted, the syntax is unchanged so this should not be an issue. > When generating a new web.xml, one ends up with a web application that > uses a different version of spec as opposed to a web app without a > web.xml file. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3273 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1831726 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62343] CORS security: reflecting any origin header value when configured to * is dangerous
https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Mark Thomas --- Potential security issues should not be reported via a public bug tracker. Please see the following for details of how to report security issues in Apache Tomcat: http://tomcat.apache.org/security.html Please see the following for details of how to report security issues in any other Apache project: http://www.apache.org/security/ Fixed in: - trunk for 9.0.9 onwards - 8.5.x for 8.5.32 onwards - 8.0.x for 8.0.53 onwards - 7.0.x for 7.0.89 onwards The lack of response was due to the Tomcat committers not wishing to draw further attention to the issue until it had been addressed. This issue has been assigned CVE-2018-8014. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2018-8014 Insecure defaults for CORS filter
CVE-2018-8014 Insecure defaults for CORS filter Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.8 Apache Tomcat 8.5.0 to 8.5.31 Apache Tomcat 8.0.0.RC1 to 8.0.52 Apache Tomcat 7.0.41 to 7.0.88 Description: The defaults settings for the CORS filter are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. Mitigation: Users of the affected versions should apply one of the following mitigations. - Configure the filter appropriately for your environment Secure defaults will be provided in the following versions: - Apache Tomcat 9.0.9 or later when released - Apache Tomcat 8.5.32 or later when released - Apache Tomcat 8.0.53 or later when released - Apache Tomcat 7.0.89 or later when released History: 2018-05-15 Original advisory References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1831731 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml
Author: markt Date: Wed May 16 14:57:44 2018 New Revision: 1831731 URL: http://svn.apache.org/viewvc?rev=1831731=rev Log: Add info for CVE-2018-8014 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1831731=1831730=1831731=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Wed May 16 14:57:44 2018 @@ -222,6 +222,9 @@ Apache Tomcat 7.x vulnerabilities +Fixed in Apache Tomcat 7.0.89 + + Fixed in Apache Tomcat 7.0.85 @@ -393,6 +396,32 @@ + +not yet released Fixed in Apache Tomcat 7.0.89 + + + + +Low: CORS filter has insecure defaults + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; rel="nofollow">CVE-2018-8014 + + + +The defaults settings for the CORS filter are insecure and enable + supportsCredentials for all origins. It is expected that + users of the CORS filter will have configured it appropriately for their + environment rather than using it in the default configuration. Therefore, + it is expected that most users will not be impacted by this issue. + + +This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1831730;>1831730. + + +This issue was reported publicly on 1 May 2018 and formally announced as + a vulnerability on 16 May 2018. + + + 13 February 2018 Fixed in Apache Tomcat 7.0.85 Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1831731=1831730=1831731=diff == --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Wed May 16 14:57:44 2018 @@ -222,6 +222,12 @@ Apache Tomcat 8.x vulnerabilities +Fixed in Apache Tomcat 8.0.53 + + +Fixed in Apache Tomcat 8.5.32 + + Fixed in Apache Tomcat 8.0.50 @@ -366,6 +372,58 @@ + +not yet released Fixed in Apache Tomcat 8.0.53 + + + + +Low: CORS filter has insecure defaults + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; rel="nofollow">CVE-2018-8014 + + + +The defaults settings for the CORS filter are insecure and enable + supportsCredentials for all origins. It is expected that + users of the CORS filter will have configured it appropriately for their + environment rather than using it in the default configuration. Therefore, + it is expected that most users will not be impacted by this issue. + + +This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1831729;>1831729. + + +This issue was reported publicly on 1 May 2018 and formally announced as + a vulnerability on 16 May 2018. + + + + +not yet released Fixed in Apache Tomcat 8.5.32 + + + + +Low: CORS filter has insecure defaults + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; rel="nofollow">CVE-2018-8014 + + + +The defaults settings for the CORS filter are insecure and enable + supportsCredentials for all origins. It is expected that + users of the CORS filter will have configured it appropriately for their + environment rather than using it in the default configuration. Therefore, + it is expected that most users will not be impacted by this issue. + + +This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1831728;>1831728. + + +This issue was reported publicly on 1 May 2018 and formally announced as + a vulnerability on 16 May 2018. + + + 13 February 2018 Fixed in Apache Tomcat 8.0.50 Modified: tomcat/site/trunk/docs/security-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1831731=1831730=1831731=diff == --- tomcat/site/trunk/docs/security-9.html (original) +++ tomcat/site/trunk/docs/security-9.html Wed May 16 14:57:44 2018 @@ -225,6 +225,9 @@ Fixed in Apache Tomcat 9.0.5 +Fixed in Apache Tomcat 9.0.5 + + Fixed in Apache Tomcat 9.0.2 @@ -309,6 +312,32 @@ + +not yet released Fixed in Apache Tomcat 9.0.5 + + + + +Low: CORS filter has insecure defaults + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014; rel="nofollow">CVE-2018-8014 + + + +The defaults settings for the CORS filter are insecure and enable + supportsCredentials for all origins. It is expected that + users of the CORS filter will have configured it appropriately for their + environment rather than using
svn commit: r1831730 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/
Author: markt Date: Wed May 16 14:56:34 2018 New Revision: 1831730 URL: http://svn.apache.org/viewvc?rev=1831730=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties tomcat/tc7.0.x/trunk/test/org/apache/catalina/filters/TestCorsFilter.java tomcat/tc7.0.x/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 14:56:34 2018 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
svn commit: r1831729 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/
Author: markt Date: Wed May 16 14:54:51 2018 New Revision: 1831729 URL: http://svn.apache.org/viewvc?rev=1831729=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestCorsFilter.java tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 14:54:51 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1779898,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880,1809831,1812093,1812143,1812145,1812319,1814975,1815945,1815956,1820207,1822186,1823164,1823497,1824960,1826872-1826873,1827862,1829310,1829777,1829796,1829935,1830215,1830991,1831042,1831557,1831569 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1831728 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/
Author: markt Date: Wed May 16 14:54:09 2018 New Revision: 1831728 URL: http://svn.apache.org/viewvc?rev=1831728=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/CorsFilter.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties tomcat/tc8.5.x/trunk/test/org/apache/catalina/filters/TestCorsFilter.java tomcat/tc8.5.x/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 14:54:09 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
svn commit: r1831726 - in /tomcat/trunk: java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/
Author: markt Date: Wed May 16 14:53:21 2018 New Revision: 1831726 URL: http://svn.apache.org/viewvc?rev=1831726=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1831726=1831725=1831726=diff == --- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Wed May 16 14:53:21 2018 @@ -256,17 +256,14 @@ public class CorsFilter extends GenericF // Section 6.1.3 // Add a single Access-Control-Allow-Origin header. -if (anyOriginAllowed && !supportsCredentials) { -// If resource doesn't support credentials and if any origin is -// allowed -// to make CORS request, return header with '*'. +if (anyOriginAllowed) { +// If any origin is allowed, return header with '*'. response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); } else { -// If the resource supports credentials add a single -// Access-Control-Allow-Origin header, with the value of the Origin -// header as value. +// Add a single Access-Control-Allow-Origin header, with the value +// of the Origin header as value. response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); @@ -764,6 +761,10 @@ public class CorsFilter extends GenericF // For any value other then 'true' this will be false. this.supportsCredentials = Boolean.parseBoolean(supportsCredentials); +if (this.supportsCredentials && this.anyOriginAllowed) { +throw new ServletException(sm.getString("corsFilter.invalidSupportsCredentials")); +} + try { if (!preflightMaxAge.isEmpty()) { this.preflightMaxAge = Long.parseLong(preflightMaxAge); @@ -1073,7 +1074,7 @@ public class CorsFilter extends GenericF /** * By default, all origins are allowed to make requests. */ -public static final String DEFAULT_ALLOWED_ORIGINS = "*"; +public static final String DEFAULT_ALLOWED_ORIGINS = ""; /** * By default, following methods are supported: GET, POST, HEAD and OPTIONS. @@ -1089,7 +1090,7 @@ public class CorsFilter extends GenericF /** * By default, support credentials is turned on. */ -public static final String DEFAULT_SUPPORTS_CREDENTIALS = "true"; +public static final String DEFAULT_SUPPORTS_CREDENTIALS = "false"; /** * By default, following headers are supported: Modified: tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties?rev=1831726=1831725=1831726=diff == --- tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties Wed May 16 14:53:21 2018 @@ -14,6 +14,8 @@ # limitations under the License. addDefaultCharset.unsupportedCharset=Specified character set [{0}] is not supported + +corsFilter.invalidSupportsCredentials=It is not allowed to configure supportsCredentials=[true] when allowedOrigins=[*] corsFilter.invalidPreflightMaxAge=Unable to parse preflightMaxAge corsFilter.nullRequest=HttpServletRequest object is null corsFilter.nullRequestType=CORSRequestType object is null Modified: tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java?rev=1831726=1831725=1831726=diff == --- tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java (original) +++ tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java Wed May 16 14:53:21 2018 @@ -55,8 +55,7 @@ public class TestCorsFilter { corsFilter.doFilter(request, response, filterChain); Assert.assertTrue(response.getHeader( -CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals( -
Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
2018-05-16 16:47 GMT+03:00 Mark Thomas: > On 16/05/18 14:31, Konstantin Kolinko wrote: >> 2018-05-16 13:03 GMT+03:00 : >>> @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J >>> jspc.webxml.footer=\n\ >>> \n\ >>> \n >>> +jspc.webfrg.header=\n\ >>> +http://java.sun.com/xml/ns/javaee"\n\ >>> +\xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\n\ >>> +\xsi:schemaLocation="http://java.sun.com/xml/ns/javaee\n\ >>> +\ >>> http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"\n\ >>> +\version="3.0"\n\ >> >> 4) Update version, namespace, schema to 3.1 for Tomcat 8.0, 8.5, 4.0 >> for Tomcat 9 ? > > The web.xml generation sticks to Servlet 2.5. I decided to stick to the > lowest useable version number for the fragment as well since I could not > see any benefit in generating a file with later version number. > As precompilation targets a specific release of Tomcat, and is not guaranteed to be compatible with a different build release, I see no benefit in trying to be compatible. Regarding "Servlet 2.5" (or 2.3 actually) comment 4 (April 2014) in this bug 50234 has a complaint about it: [quote] At the moment (Tomcat 7), a dummy web.xml has to be defined in order to define the version (i.e. for expresions within the JSPs). [/quote] https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Sticking to 2.3 is OK when inserting a fragment into existing web.xml. When generating a new web.xml, one ends up with a web application that uses a different version of spec as opposed to a web app without a web.xml file. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1831721 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml
Author: markt Date: Wed May 16 14:11:47 2018 New Revision: 1831721 URL: http://svn.apache.org/viewvc?rev=1831721=rev Log: Follow-up to 1831695 kkolinko review comments Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties tomcat/tc7.0.x/trunk/webapps/docs/jasper-howto.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 14:11:47 2018 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
svn commit: r1831720 - /tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
Author: markt Date: Wed May 16 14:10:54 2018 New Revision: 1831720 URL: http://svn.apache.org/viewvc?rev=1831720=rev Log: Fix merge Modified: tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties Modified: tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831720=1831719=1831720=diff == --- tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties Wed May 16 14:10:54 2018 @@ -161,7 +161,6 @@ where jsp files is\n\ or any number of\n\ \ A file to be parsed as a JSP page\n\ where options include:\n\ -<<< .working \-help Print this help message\n\ \-v Verbose mode\n\ \-dOutput Directory (default -Djava.io.tmpdir)\n\ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1831719 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml
Author: markt Date: Wed May 16 14:09:47 2018 New Revision: 1831719 URL: http://svn.apache.org/viewvc?rev=1831719=rev Log: Follow-up to 1831694 kkolinko review comments Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/jasper/JspC.java tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties tomcat/tc8.5.x/trunk/webapps/docs/jasper-howto.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 14:09:47 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
svn commit: r1831718 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml
Author: markt Date: Wed May 16 14:08:02 2018 New Revision: 1831718 URL: http://svn.apache.org/viewvc?rev=1831718=rev Log: Follow-up to 1831691 kkolinko review comments Modified: tomcat/trunk/java/org/apache/jasper/JspC.java tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties tomcat/trunk/webapps/docs/jasper-howto.xml Modified: tomcat/trunk/java/org/apache/jasper/JspC.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1831718=1831717=1831718=diff == --- tomcat/trunk/java/org/apache/jasper/JspC.java (original) +++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed May 16 14:08:02 2018 @@ -341,6 +341,11 @@ public class JspC extends Task implement if (webxmlFile != null) { webxmlLevel = INC_WEBXML; } +} else if (tok.equals(SWITCH_WEBAPP_FRG)) { +webxmlFile = nextArg(); +if (webxmlFile != null) { +webxmlLevel = FRG_WEBXML; +} } else if (tok.equals(SWITCH_WEBAPP_XML)) { webxmlFile = nextArg(); if (webxmlFile != null) { Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831718=1831717=1831718=diff == --- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Wed May 16 14:08:02 2018 @@ -178,7 +178,7 @@ where options include:\n\ \-compile Compiles generated servlets\n\ \-failFast Stop on first compile error\n\ \-webinc Creates a partial servlet mappings in the file\n\ -\-webfrg Creates a complete web-fragment.xml the file\n\ +\-webfrg Creates a complete web-fragment.xml file\n\ \-webxml Creates a complete web.xml in the file\n\ \-webxmlencoding Set the encoding charset used to read and write the web.xml\n\ \ file (default is UTF-8)\n\ Modified: tomcat/trunk/webapps/docs/jasper-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/jasper-howto.xml?rev=1831718=1831717=1831718=diff == --- tomcat/trunk/webapps/docs/jasper-howto.xml (original) +++ tomcat/trunk/webapps/docs/jasper-howto.xml Wed May 16 14:08:02 2018 @@ -296,7 +296,7 @@ download) to precompile a webapp: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
On 16/05/18 14:31, Konstantin Kolinko wrote: > 2018-05-16 13:03 GMT+03:00: >> Author: markt >> Date: Wed May 16 10:03:30 2018 >> New Revision: 1831691 > 1). There is an example in > http://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html > -> Web Application Compilation > -> webXmlFragment="${webapp.path}/WEB-INF/generated_web.xml" > > It needs updating? Probably. I'll take a look. >> Modified: >> tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties >> URL: >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831691=1831690=1831691=diff >> == >> --- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties >> (original) >> +++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties >> Wed May 16 10:03:30 2018 >> @@ -178,6 +178,7 @@ where options include:\n\ >> \-compile Compiles generated servlets\n\ >> \-failFast Stop on first compile error\n\ >> \-webinc Creates a partial servlet mappings in the file\n\ >> +\-webfrg Creates a complete web-fragment.xml the file\n\ > > 2) s/"the file"/"in the file", as in sibling options? I'll fix that wording. > 3) I do not see where JspC processes the "-webfrg" switch. > > SWITCH_WEBAPP_FRG in JspC is declared, but not used. > > A sibling "webinc" switch (SWITCH_WEBAPP_INC) is processed in > #setArgs() (line 339). I went back and forth naming. I may have missed that change. I'll take a look and add it if necessary. >> @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J >> jspc.webxml.footer=\n\ >> \n\ >> \n >> +jspc.webfrg.header=\n\ >> +http://java.sun.com/xml/ns/javaee"\n\ >> +\xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\n\ >> +\xsi:schemaLocation="http://java.sun.com/xml/ns/javaee\n\ >> +\ >> http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"\n\ >> +\version="3.0"\n\ > > 4) Update version, namespace, schema to 3.1 for Tomcat 8.0, 8.5, 4.0 > for Tomcat 9 ? The web.xml generation sticks to Servlet 2.5. I decided to stick to the lowest useable version number for the fragment as well since I could not see any benefit in generating a file with later version number. Thanks for the review. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
2018-05-16 13:03 GMT+03:00: > Author: markt > Date: Wed May 16 10:03:30 2018 > New Revision: 1831691 > > URL: http://svn.apache.org/viewvc?rev=1831691=rev > Log: > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 > Add the capability to generate a web-fragment.xml file to JspC. > > Modified: > tomcat/trunk/java/org/apache/jasper/JspC.java > tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties > tomcat/trunk/webapps/docs/changelog.xml > > Modified: tomcat/trunk/java/org/apache/jasper/JspC.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1831691=1831690=1831691=diff > == > --- tomcat/trunk/java/org/apache/jasper/JspC.java (original) > +++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed May 16 10:03:30 2018 > @@ -121,6 +121,7 @@ public class JspC extends Task implement > protected static final String SWITCH_URI_ROOT = "-uriroot"; > protected static final String SWITCH_FILE_WEBAPP = "-webapp"; > protected static final String SWITCH_WEBAPP_INC = "-webinc"; > +protected static final String SWITCH_WEBAPP_FRG = "-webfrg"; > protected static final String SWITCH_WEBAPP_XML = "-webxml"; > protected static final String SWITCH_WEBAPP_XML_ENCODING = > "-webxmlencoding"; > protected static final String SWITCH_ADD_WEBAPP_XML_MAPPINGS = > "-addwebxmlmappings"; > @@ -142,6 +143,7 @@ public class JspC extends Task implement > protected static final String SHOW_SUCCESS ="-s"; > protected static final String LIST_ERRORS = "-l"; > protected static final int INC_WEBXML = 10; > +protected static final int FRG_WEBXML = 15; > protected static final int ALL_WEBXML = 20; > protected static final int DEFAULT_DIE_LEVEL = 1; > protected static final int NO_DIE_LEVEL = 0; > @@ -996,13 +998,36 @@ public class JspC extends Task implement > /** > * File where we generate a web.xml fragment with the class definitions. > * @param s New value > + * @deprecated Will be removed in Tomcat 10. > + * Use {@link #setWebXmlInclude(String)} > */ > +@Deprecated > public void setWebXmlFragment( String s ) { > webxmlFile=resolveFile(s).getAbsolutePath(); > webxmlLevel=INC_WEBXML; > } 1). There is an example in http://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html -> Web Application Compilation -> webXmlFragment="${webapp.path}/WEB-INF/generated_web.xml" It needs updating? > /** > + * File where we generate configuration with the class definitions to be > + * included in a web.xml file. > + * @param s New value > + */ > +public void setWebXmlInclude( String s ) { > +webxmlFile=resolveFile(s).getAbsolutePath(); > +webxmlLevel=INC_WEBXML; > +} > + > +/** > + * File where we generate a complete web-fragment.xml with the class > + * definitions. > + * @param s New value > + */ > +public void setWebFragmentXml( String s ) { > +webxmlFile=resolveFile(s).getAbsolutePath(); > +webxmlLevel=FRG_WEBXML; > +} > + > +/** > * File where we generate a complete web.xml with the class definitions. > * @param s New value > */ > @@ -1513,6 +1538,9 @@ public class JspC extends Task implement > if (webxmlLevel >= ALL_WEBXML) { > mapout.write(Localizer.getMessage("jspc.webxml.header", > webxmlEncoding)); > mapout.flush(); > +} else if (webxmlLevel >= FRG_WEBXML) { > +mapout.write(Localizer.getMessage("jspc.webfrg.header", > webxmlEncoding)); > +mapout.flush(); > } else if ((webxmlLevel>= INC_WEBXML) && !addWebXmlMappings) { > mapout.write(Localizer.getMessage("jspc.webinc.header")); > mapout.flush(); > @@ -1532,6 +1560,8 @@ public class JspC extends Task implement > mappingout.writeTo(mapout); > if (webxmlLevel >= ALL_WEBXML) { > mapout.write(Localizer.getMessage("jspc.webxml.footer")); > +} else if (webxmlLevel >= FRG_WEBXML) { > + > mapout.write(Localizer.getMessage("jspc.webfrg.footer")); > } else if ((webxmlLevel >= INC_WEBXML) && > !addWebXmlMappings) { > mapout.write(Localizer.getMessage("jspc.webinc.footer")); > } > > Modified: > tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831691=1831690=1831691=diff > == > --- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties > (original) > +++
svn commit: r1831702 - /tomcat/trunk/res/findbugs/filter-false-positives.xml
Author: markt Date: Wed May 16 11:29:31 2018 New Revision: 1831702 URL: http://svn.apache.org/viewvc?rev=1831702=rev Log: A couple more false positives Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1831702=1831701=1831702=diff == --- tomcat/trunk/res/findbugs/filter-false-positives.xml (original) +++ tomcat/trunk/res/findbugs/filter-false-positives.xml Wed May 16 11:29:31 2018 @@ -1173,6 +1173,12 @@ + + + + + + @@ -1318,6 +1324,15 @@ + + + + + + + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1831701 - /tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java
Author: markt Date: Wed May 16 11:11:56 2018 New Revision: 1831701 URL: http://svn.apache.org/viewvc?rev=1831701=rev Log: Clean-up Mostly auto-format from Eclipse A few additional line length fixes made manually Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java?rev=1831701=1831700=1831701=diff == --- tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java Wed May 16 11:11:56 2018 @@ -14,11 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - package org.apache.tomcat.util.modeler; - import java.io.File; import java.io.FileInputStream; import java.io.InputStream; @@ -49,15 +46,15 @@ import org.apache.tomcat.util.modeler.mo - double check the interfaces - start removing the use of the experimental methods in tomcat, then remove the methods ( before 1.1 final ) - - is the security enough to prevent Registry being used to avoid the permission -checks in the mbean server ? + - is the security enough to prevent Registry being used to avoid the + permission checks in the mbean server ? */ /** * Registry for modeler MBeans. * - * This is the main entry point into modeler. It provides methods to create - * and manipulate model mbeans and simplify their use. + * This is the main entry point into modeler. It provides methods to create and + * manipulate model mbeans and simplify their use. * * This class is itself an mbean. * @@ -67,7 +64,8 @@ import org.apache.tomcat.util.modeler.mo * @author Craig R. McClanahan * @author Costin Manolache */ -public class Registry implements RegistryMBean, MBeanRegistration { +public class Registry implements RegistryMBean, MBeanRegistration { + /** * The Log instance to which we will write our log messages. */ @@ -75,13 +73,14 @@ public class Registry implements Registr // Support for the factory methods -/** Will be used to isolate different apps and enhance security. +/** + * Will be used to isolate different apps and enhance security. */ -private static final HashMap
svn commit: r1831700 - /tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java
Author: markt Date: Wed May 16 11:07:18 2018 New Revision: 1831700 URL: http://svn.apache.org/viewvc?rev=1831700=rev Log: Fix a SpotBugs warning (inconsistent sync) Make setting of server thread-safe Fix potential NPEs Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java?rev=1831700=1831699=1831700=diff == --- tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java Wed May 16 11:07:18 2018 @@ -91,7 +91,8 @@ public class Registry implements Registr * The MBeanServer instance that we will use to register * management beans. */ -private MBeanServer server = null; +private volatile MBeanServer server = null; +private final Object serverLock = new Object(); /** * The set of ManagedBean instances for the beans this registry @@ -367,7 +368,7 @@ public class Registry implements Registr String type=null; MBeanInfo info=null; try { -info=server.getMBeanInfo(oname); +info = getMBeanServer().getMBeanInfo(oname); } catch (Exception e) { log.info( "Can't find metadata for object" + oname ); return null; @@ -394,7 +395,7 @@ public class Registry implements Registr { MBeanInfo info=null; try { -info=server.getMBeanInfo(oname); +info = getMBeanServer().getMBeanInfo(oname); } catch (Exception e) { log.info( "Can't find metadata " + oname ); return null; @@ -429,18 +430,22 @@ public class Registry implements Registr * MBeanServer instance. * @return the MBean server */ -public synchronized MBeanServer getMBeanServer() { +public MBeanServer getMBeanServer() { if (server == null) { -long t1 = System.currentTimeMillis(); -if (MBeanServerFactory.findMBeanServer(null).size() > 0) { -server = MBeanServerFactory.findMBeanServer(null).get(0); -if (log.isDebugEnabled()) { -log.debug("Using existing MBeanServer " + (System.currentTimeMillis() - t1)); -} -} else { -server = ManagementFactory.getPlatformMBeanServer(); -if (log.isDebugEnabled()) { -log.debug("Creating MBeanServer" + (System.currentTimeMillis() - t1)); +synchronized (serverLock) { +if (server == null) { +long t1 = System.currentTimeMillis(); +if (MBeanServerFactory.findMBeanServer(null).size() > 0) { +server = MBeanServerFactory.findMBeanServer(null).get(0); +if (log.isDebugEnabled()) { +log.debug("Using existing MBeanServer " + (System.currentTimeMillis() - t1)); +} +} else { +server = ManagementFactory.getPlatformMBeanServer(); +if (log.isDebugEnabled()) { +log.debug("Creating MBeanServer" + (System.currentTimeMillis() - t1)); +} +} } } } @@ -719,10 +724,10 @@ public class Registry implements Registr // Registration @Override -public ObjectName preRegister(MBeanServer server, - ObjectName name) throws Exception -{ -this.server=server; +public ObjectName preRegister(MBeanServer server, ObjectName name) throws Exception { +synchronized (serverLock) { +this.server = server; +} return name; } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 50670] Tribes | RpcChannel | Add option to specify external class loaders to support custom message classes
https://bz.apache.org/bugzilla/show_bug.cgi?id=50670 Mark Thomaschanged: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #3 from Mark Thomas --- I've no strong view on this so I am going to follow Filip's view that this is not necessary. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 50234] JspC use servlet 3.0 features
https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Mark Thomaschanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #5 from Mark Thomas --- Fixed in: - trunk for 9.0.9 onwards - 8.5.x for 8.5.32 onwards - 7.0.x for 7.0.89 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1831695 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
Author: markt Date: Wed May 16 10:06:54 2018 New Revision: 1831695 URL: http://svn.apache.org/viewvc?rev=1831695=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Add the capability to generate a web-fragment.xml file to JspC. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 10:06:54 2018 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
svn commit: r1831694 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
Author: markt Date: Wed May 16 10:06:22 2018 New Revision: 1831694 URL: http://svn.apache.org/viewvc?rev=1831694=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Add the capability to generate a web-fragment.xml file to JspC. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/jasper/JspC.java tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 16 10:06:22 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml
Author: markt Date: Wed May 16 10:03:30 2018 New Revision: 1831691 URL: http://svn.apache.org/viewvc?rev=1831691=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Add the capability to generate a web-fragment.xml file to JspC. Modified: tomcat/trunk/java/org/apache/jasper/JspC.java tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/jasper/JspC.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1831691=1831690=1831691=diff == --- tomcat/trunk/java/org/apache/jasper/JspC.java (original) +++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed May 16 10:03:30 2018 @@ -121,6 +121,7 @@ public class JspC extends Task implement protected static final String SWITCH_URI_ROOT = "-uriroot"; protected static final String SWITCH_FILE_WEBAPP = "-webapp"; protected static final String SWITCH_WEBAPP_INC = "-webinc"; +protected static final String SWITCH_WEBAPP_FRG = "-webfrg"; protected static final String SWITCH_WEBAPP_XML = "-webxml"; protected static final String SWITCH_WEBAPP_XML_ENCODING = "-webxmlencoding"; protected static final String SWITCH_ADD_WEBAPP_XML_MAPPINGS = "-addwebxmlmappings"; @@ -142,6 +143,7 @@ public class JspC extends Task implement protected static final String SHOW_SUCCESS ="-s"; protected static final String LIST_ERRORS = "-l"; protected static final int INC_WEBXML = 10; +protected static final int FRG_WEBXML = 15; protected static final int ALL_WEBXML = 20; protected static final int DEFAULT_DIE_LEVEL = 1; protected static final int NO_DIE_LEVEL = 0; @@ -996,13 +998,36 @@ public class JspC extends Task implement /** * File where we generate a web.xml fragment with the class definitions. * @param s New value + * @deprecated Will be removed in Tomcat 10. + * Use {@link #setWebXmlInclude(String)} */ +@Deprecated public void setWebXmlFragment( String s ) { webxmlFile=resolveFile(s).getAbsolutePath(); webxmlLevel=INC_WEBXML; } /** + * File where we generate configuration with the class definitions to be + * included in a web.xml file. + * @param s New value + */ +public void setWebXmlInclude( String s ) { +webxmlFile=resolveFile(s).getAbsolutePath(); +webxmlLevel=INC_WEBXML; +} + +/** + * File where we generate a complete web-fragment.xml with the class + * definitions. + * @param s New value + */ +public void setWebFragmentXml( String s ) { +webxmlFile=resolveFile(s).getAbsolutePath(); +webxmlLevel=FRG_WEBXML; +} + +/** * File where we generate a complete web.xml with the class definitions. * @param s New value */ @@ -1513,6 +1538,9 @@ public class JspC extends Task implement if (webxmlLevel >= ALL_WEBXML) { mapout.write(Localizer.getMessage("jspc.webxml.header", webxmlEncoding)); mapout.flush(); +} else if (webxmlLevel >= FRG_WEBXML) { +mapout.write(Localizer.getMessage("jspc.webfrg.header", webxmlEncoding)); +mapout.flush(); } else if ((webxmlLevel>= INC_WEBXML) && !addWebXmlMappings) { mapout.write(Localizer.getMessage("jspc.webinc.header")); mapout.flush(); @@ -1532,6 +1560,8 @@ public class JspC extends Task implement mappingout.writeTo(mapout); if (webxmlLevel >= ALL_WEBXML) { mapout.write(Localizer.getMessage("jspc.webxml.footer")); +} else if (webxmlLevel >= FRG_WEBXML) { + mapout.write(Localizer.getMessage("jspc.webfrg.footer")); } else if ((webxmlLevel >= INC_WEBXML) && !addWebXmlMappings) { mapout.write(Localizer.getMessage("jspc.webinc.footer")); } Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1831691=1831690=1831691=diff == --- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Wed May 16 10:03:30 2018 @@ -178,6 +178,7 @@ where options include:\n\ \-compile Compiles generated servlets\n\ \-failFast Stop on first compile error\n\ \-webinc Creates a partial servlet mappings in the file\n\ +\-webfrg Creates a complete web-fragment.xml the file\n\ \-webxml Creates a complete web.xml in the file\n\ \