Re: [VOTE] Release Apache Tomcat 8.5.40

2019-04-10 Thread Igal Sapir
On 4/10/2019 7:58 AM, Mark Thomas wrote: The proposed 8.5.40 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 8.5.40 Unit tests pass for NIO, NIO2, and APR on Windows 10 with Java 1.8u181 and TC-Native 1.2.21 and Ubuntu 18.04 with Java 1.8u202 and TC-Native 1.2.21

Re: Tagging 9.0.18

2019-04-10 Thread Rainer Jung
Am 09.04.2019 um 19:45 schrieb Mark Thomas: Hi all, I'm a bit behind again this month - mainly because I was at the http workshop last week (very useful - a write-up is on the way). I'm very keen on reading your notes. On the httpd dev list Bill mentioned three links to notes taken by Daniel

[GitHub] [tomcat] jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481872313 @isapir @ChristopherSchultz I have added more comments hope this helps

[GitHub] [tomcat] isapir commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
isapir commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481861275 > Ok, let me know what you think we should put as a comment additionally that is so greatly missed and it is not obvious enough for

[GitHub] [tomcat] jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481860226 > But these lines are all in the same transaction, no? Yes they are - there is no need to use local variable as well - it

[GitHub] [tomcat] isapir commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
isapir commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481853982 > To reduce the number of changed lines and opportunities for mistakes, there could be a local flag for success which is copied to the

[GitHub] [tomcat] jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481852195 > The low-quality of the existing code and/or documentation is not an excuse for maintaining that level of quality. Ok,

[GitHub] [tomcat] jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481851585 > I think that it'd be cleaner/more readable if `invocationSuccess` is initialized with `false` value and only set to `true`

[GitHub] [tomcat] ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481850875 > I think that it'd be cleaner/more readable if `invocationSuccess` is initialized with `false` value and only set to

[GitHub] [tomcat] ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481850427 The low-quality of the existing code and/or documentation is not an excuse for maintaining that level of quality.

[GitHub] [tomcat] isapir commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
isapir commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481850076 I think that it'd be cleaner/more readable if `invocationSuccess` is initialized with `false` value and only set to `true` upon

[GitHub] [tomcat] jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481849557 Code comments are exactly the same as what tomcat source code have for DataSourceRealm, not sure what else do you need as a

[GitHub] [tomcat] ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481847793 But an explanation should be included with all PRs. What if BZ is deleted? (It shouldn't be, but there's no reason to make

[GitHub] [tomcat] ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481848050 Code comments would be helpful, here, too. This is an

Re: [VOTE] Release Apache Tomcat 9.0.18

2019-04-10 Thread Igal Sapir
On 4/10/2019 6:44 AM, Mark Thomas wrote: The proposed 9.0.18 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 9.0.18 Unit tests pass for NIO, NIO2, and APR on Ubuntu 18.04 with Java 1.8u202 and TC-Native 1.2.21 Igal

[GitHub] [tomcat] jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481845121 the explanation of the reason is here https://bz.apache.org/bugzilla/show_bug.cgi?id=6

[GitHub] [tomcat] michael-o commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
michael-o commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481843426 I agree with @ChristopherSchultz . This is an automated message

[GitHub] [tomcat] ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
ChristopherSchultz commented on issue #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157#issuecomment-481842267 No explanation? -1 This is an automated message

Re: [VOTE] Release Apache Tomcat 7.0.94

2019-04-10 Thread Igal Sapir
On 4/10/2019 10:22 AM, Mark Thomas wrote: The proposed 7.0.94 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 7.0.94 Stable Unit tests pass for BIO, NIO, and APR on Ubuntu 18.04 with Java 1.6u45/1.7u80 and TC-Native-1.2.21 Igal

[Bug 63334] LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 --- Comment #6 from Christopher Schultz --- Realms aren't difficult to write, including a simple realm like the LockOutRealm. Feel free to implement your own Realm which meets your requirements. If you'd like, you can propose a patch, but I

[Bug 63333] JAASRealm needs to override isAvailable method to prevent LockOutRealm to lock the user in case JAAS login modules are unavailable

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=6 --- Comment #2 from jchobanto...@yahoo.com --- Pull request: https://github.com/apache/tomcat/pull/157 -- You are receiving this mail because: You are the assignee for the bug.

[GitHub] [tomcat] jchobantonov opened a new pull request #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=63333

2019-04-10 Thread GitBox
jchobantonov opened a new pull request #157: https://bz.apache.org/bugzilla/show_bug.cgi?id=6 URL: https://github.com/apache/tomcat/pull/157 This is an automated message from the Apache Git Service. To respond to the

[GitHub] [tomcat] rmaucher closed pull request #153: Add async API for NIO

2019-04-10 Thread GitBox
rmaucher closed pull request #153: Add async API for NIO URL: https://github.com/apache/tomcat/pull/153 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the

[GitHub] [tomcat] rmaucher commented on issue #153: Add async API for NIO

2019-04-10 Thread GitBox
rmaucher commented on issue #153: Add async API for NIO URL: https://github.com/apache/tomcat/pull/153#issuecomment-481834218 Since I got no objections, I merged the code. This is an automated message from the Apache Git

[tomcat] branch master updated: Add asynchronous IO API for NIO

2019-04-10 Thread remm
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new bc714fd Add asynchronous IO API for NIO bc714fd

[Bug 63331] Tomcat crash, Problematic Frame: org.apache.tomcat.util.log.SystemLogHandler.println

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63331 --- Comment #2 from Christopher Schultz --- Or bad hardware. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail:

Re: [VOTE] Release Apache Tomcat 9.0.18

2019-04-10 Thread Rémy Maucherat
On Wed, Apr 10, 2019 at 3:44 PM Mark Thomas wrote: > The proposed 9.0.18 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 9.0.18 > > Rémy

[Bug 63336] Currently there is no way to know in form error page that the user was not authenticated because it was locked out

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63336 --- Comment #4 from jchobanto...@yahoo.com --- Thank you for pointing out that isLocked() and unlock() methods are public - I already know that. Even with this information I need to provide custom LockOutRealm in order to see the real reason

[Bug 63333] JAASRealm needs to override isAvailable method to prevent LockOutRealm to lock the user in case JAAS login modules are unavailable

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=6 Mark Thomas changed: What|Removed |Added OS||All --- Comment #1 from Mark Thomas

[Bug 63334] LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 --- Comment #5 from jchobanto...@yahoo.com --- Thank you for clarifying your point that attacker could determine there is a lockout realm installed based on the speed of the request/response, although this is questionable as if you are dealing

[Bug 63336] Currently there is no way to know in form error page that the user was not authenticated because it was locked out

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63336 --- Comment #3 from Mark Thomas --- See this thread in the archives: http://tomcat.markmail.org/thread/4garqvcph2ci3j5m The isLocked() method of the Realm was made public and exposed via JMX to support this sort of custom feature. unlock() is

Re: Tagging 9.0.18

2019-04-10 Thread Mark Thomas
On 09/04/2019 19:08, Violeta Georgieva wrote: > На вт, 9.04.2019 г. в 20:45 ч. Mark Thomas написа: >> >> Hi all, >> >> I'm a bit behind again this month - mainly because I was at the http >> workshop last week (very useful - a write-up is on the way). I've been >> through the open bugs and

Re: [VOTE] Release Apache Tomcat 7.0.94

2019-04-10 Thread Mark Thomas
On 10/04/2019 18:22, Mark Thomas wrote: > The proposed 7.0.94 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 7.0.94 Stable Unit tests pass for BIO, NIO and APR/Native on Windows, Linux and MacOS with Tomcat-Native 1.2.21 Mark

[VOTE] Release Apache Tomcat 7.0.94

2019-04-10 Thread Mark Thomas
The proposed Apache Tomcat 7.0.94 release is now available for voting. The major changes compared to the 7.0.93 release are: - Fix for CVE-2019-0232 a RCE vulnerability on Windows - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also now supported if used with a ECJ version

svn commit: r33551 [2/2] - in /dev/tomcat/tomcat-7/v7.0.94: ./ bin/ bin/embed/ bin/extras/ src/

2019-04-10 Thread markt
Added: dev/tomcat/tomcat-7/v7.0.94/bin/extras/tomcat-juli-adapters.jar.sha512 == --- dev/tomcat/tomcat-7/v7.0.94/bin/extras/tomcat-juli-adapters.jar.sha512 (added) +++

svn commit: r33551 [1/2] - in /dev/tomcat/tomcat-7/v7.0.94: ./ bin/ bin/embed/ bin/extras/ src/

2019-04-10 Thread markt
Author: markt Date: Wed Apr 10 17:15:53 2019 New Revision: 33551 Log: Upload 7.0.94 for voting Added: dev/tomcat/tomcat-7/v7.0.94/ dev/tomcat/tomcat-7/v7.0.94/KEYS dev/tomcat/tomcat-7/v7.0.94/README.html dev/tomcat/tomcat-7/v7.0.94/RELEASE-NOTES

[tomcat] branch 7.0.x updated: Increment version for next development cycle

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new ca838df Increment version for next development

[Bug 63334] LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 --- Comment #4 from Mark Thomas --- Please read up on timing attacks. A Map lookup following by a return will be noticeably faster than the authentication process. Your proposed change would enable an attacker to determine: - if an account

[Bug 63336] Currently there is no way to know in form error page that the user was not authenticated because it was locked out

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63336 --- Comment #2 from jchobanto...@yahoo.com --- Ok, forget about modifying the basic ream to report the error - the application could have 401 error page and put that information itself - again the request is to add http request attribute so

[Bug 63334] LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 --- Comment #3 from jchobanto...@yahoo.com --- I’m sorry but the fix is not going to expose anything to the user - the end user still is going to get unauthenticated but we are going to invoke our inner realms like JAASRealm which is not needed

[tomcat] 01/01: Tag 7.0.94

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to tag 7.0.94 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 9ddb14a0e76080feee34f3eca89e5413b93852f9 Author: Mark Thomas AuthorDate: Wed Apr 10 17:40:23 2019 +0100 Tag 7.0.94 ---

[tomcat] tag 7.0.94 created (now 9ddb14a)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 7.0.94 in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 9ddb14a (commit) This tag includes the following new commits: new 9ddb14a Tag 7.0.94 The 1 revisions listed

[Bug 63334] LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 --- Comment #2 from Mark Thomas --- Sorry about the typo "... in use and its configuration." -- You are receiving this mail because: You are the assignee for the bug. - To

[Bug 63336] Currently there is no way to know in form error page that the user was not authenticated because it was locked out

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63336 Mark Thomas changed: What|Removed |Added OS||All Resolution|---

[tomcat] branch 7.0.x updated: Update RM

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new a7832e0 Update RM a7832e0 is described below

[Bug 63334] LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 Mark Thomas changed: What|Removed |Added OS||All Resolution|---

[Bug 63336] New: Currently there is no way to know in form error page that the user was not authenticated because it was locked out

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63336 Bug ID: 63336 Summary: Currently there is no way to know in form error page that the user was not authenticated because it was locked out Product: Tomcat 8

[Bug 63335] New: OneLineFormatter will append new space so that the exception stacktrace is shifted but it will not do that for all lines

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63335 Bug ID: 63335 Summary: OneLineFormatter will append new space so that the exception stacktrace is shifted but it will not do that for all lines Product: Tomcat 8

[Bug 63334] New: LockOutRealm will continue to invoke inner user realms even when the user is lockout

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63334 Bug ID: 63334 Summary: LockOutRealm will continue to invoke inner user realms even when the user is lockout Product: Tomcat 8 Version: 8.5.x-trunk Hardware: PC

[Bug 63333] New: JAASRealm needs to override isAvailable method to prevent LockOutRealm to lock the user in case JAAS login modules are unavailable

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=6 Bug ID: 6 Summary: JAASRealm needs to override isAvailable method to prevent LockOutRealm to lock the user in case JAAS login modules are unavailable Product: Tomcat

Re: [VOTE] Release Apache Tomcat 8.5.40

2019-04-10 Thread Mark Thomas
On 10/04/2019 15:58, Mark Thomas wrote: > The proposed 8.5.40 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.40 Unit tests pass for NIO, NIO2 and APR/Native on Windows, Linux and MacOS with Tomcat-Native 1.2.21 Mark

Re: [VOTE] Release Apache Tomcat 9.0.18

2019-04-10 Thread Mark Thomas
On 10/04/2019 14:44, Mark Thomas wrote: > The proposed 9.0.18 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 9.0.18 Unit tests pass for NIO, NIO2 and APR/Native on Windows, Linux and MacOS with Tomcat-Native 1.2.21 Mark

[VOTE] Release Apache Tomcat 8.5.40

2019-04-10 Thread Mark Thomas
The proposed Apache Tomcat 8.5.40 release is now available for voting. The major changes compared to the 8.5.39 release are: - Fix for CVE-2019-0232 a RCE vulnerability on Windows - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also now supported if used with a ECJ version

svn commit: r33547 - in /dev/tomcat/tomcat-8/v8.5.40: ./ bin/ bin/embed/ bin/extras/ src/

2019-04-10 Thread markt
Author: markt Date: Wed Apr 10 14:57:10 2019 New Revision: 33547 Log: Upload 8.5.40 for voting Added: dev/tomcat/tomcat-8/v8.5.40/ dev/tomcat/tomcat-8/v8.5.40/KEYS dev/tomcat/tomcat-8/v8.5.40/README.html dev/tomcat/tomcat-8/v8.5.40/RELEASE-NOTES

[tomcat] branch 8.5.x updated: Increment version number for next development cycle

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new d71b285 Increment version number for next

[tomcat] branch master updated: Add vectoring for NIO

2019-04-10 Thread remm
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new d58aa08 Add vectoring for NIO d58aa08 is

[tomcat] tag 8.5.40 created (now 5ec0703)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 8.5.40 in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 5ec0703 (commit) This tag includes the following new commits: new 5ec0703 Tag 8.5.40 The 1 revisions listed

[tomcat] 01/01: Tag 8.5.40

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to tag 8.5.40 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 5ec070352b283535946327b44228b610a27a76c5 Author: Mark Thomas AuthorDate: Wed Apr 10 15:26:13 2019 +0100 Tag 8.5.40 ---

[VOTE] Release Apache Tomcat 9.0.18

2019-04-10 Thread Mark Thomas
The proposed Apache Tomcat 9.0.18 release is now available for voting. The major changes compared to the 9.0.17 release are: - Fix for CVE-2019-0232 a RCE vulnerability on Windows - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also now supported if used with a ECJ version

[tomcat] branch master updated: Increment version for next development cycle

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 0c21aac Increment version for next development

svn commit: r33545 - in /dev/tomcat/tomcat-9/v9.0.18: ./ bin/ bin/embed/ src/

2019-04-10 Thread markt
Author: markt Date: Wed Apr 10 13:13:30 2019 New Revision: 33545 Log: Upload 9.0.18 for release Added: dev/tomcat/tomcat-9/v9.0.18/ dev/tomcat/tomcat-9/v9.0.18/KEYS dev/tomcat/tomcat-9/v9.0.18/README.html dev/tomcat/tomcat-9/v9.0.18/RELEASE-NOTES

buildbot success in on tomcat-7-trunk

2019-04-10 Thread buildbot
The Buildbot has detected a restored build on builder tomcat-7-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1320 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The

[tomcat] 01/01: Tag 9.0.18

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to tag 9.0.18 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 0862607e5da91a7c476a6350288d8d8a9380f556 Author: Mark Thomas AuthorDate: Wed Apr 10 13:36:27 2019 +0100 Tag 9.0.18 ---

[tomcat] tag 9.0.18 created (now 0862607)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 9.0.18 in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 0862607 (commit) This tag includes the following new commits: new 0862607 Tag 9.0.18 The 1 revisions listed

[tomcat] tag 9.0.18 deleted (was 9b0004c)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 9.0.18 in repository https://gitbox.apache.org/repos/asf/tomcat.git. *** WARNING: tag 9.0.18 was deleted! *** was 9b0004c Tag 9.0.18 This change permanently discards the following revisions:

[tomcat] branch 7.0.x updated: Fix failing test

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new e451c30 Fix failing test e451c30 is described

[tomcat] branch 8.5.x updated: Fix failing test

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 7b961c2 Fix failing test 7b961c2 is described

[tomcat] branch master updated: Fix failing test

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 03272c8 Fix failing test 03272c8 is described

[tomcat] 01/01: Tag 9.0.18

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to tag 9.0.18 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 9b0004cf29f0a53e816d1047d9b25c03f0e295b5 Author: Mark Thomas AuthorDate: Wed Apr 10 12:57:17 2019 +0100 Tag 9.0.18 ---

[tomcat] tag 9.0.18 created (now 9b0004c)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 9.0.18 in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 9b0004c (commit) This tag includes the following new commits: new 9b0004c Tag 9.0.18 The 1 revisions listed

[tomcat] branch 7.0.x updated: Correct backport for Java 6

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new bd4f326 Correct backport for Java 6 bd4f326 is

buildbot failure in on tomcat-7-trunk

2019-04-10 Thread buildbot
The Buildbot has detected a new failure on builder tomcat-7-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1319 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The

[SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows

2019-04-10 Thread Mark Thomas
CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.17 Apache Tomcat 8.5.0 to 8.5.39 Apache Tomcat 7.0.0 to 7.0.93 Description: When running on Windows with

svn commit: r1857239 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

2019-04-10 Thread markt
Author: markt Date: Wed Apr 10 11:02:51 2019 New Revision: 1857239 URL: http://svn.apache.org/viewvc?rev=1857239=rev Log: Add details of CVE-2019-0232 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html

[tomcat] branch 7.0.x updated (806195b -> 841d5b2)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 806195b Revert local change made for load testing new 44ec74c Escape debug output to aid readability new

[tomcat] branch 8.5.x updated (7fc16d1 -> 5af4ef5)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 7fc16d1 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63320 Ensure that StatementCache caches statements that

[tomcat] branch master updated (9ea280c -> 95e0a06)

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 9ea280c Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63320 Ensure that StatementCache caches statements that

[tomcat] branch 7.0.x updated: Revert local change made for load testing

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 806195b Revert local change made for load testing

[tomcat] branch 7.0.x updated: Fix checkstyle warnings

2019-04-10 Thread markt
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 7254a63 Fix checkstyle warnings 7254a63 is

[Bug 63331] Tomcat crash, Problematic Frame: org.apache.tomcat.util.log.SystemLogHandler.println

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63331 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID Status|NEW

[Bug 63331] New: Tomcat crash, Problematic Frame: org.apache.tomcat.util.log.SystemLogHandler.println

2019-04-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63331 Bug ID: 63331 Summary: Tomcat crash, Problematic Frame: org.apache.tomcat.util.log.SystemLogHandler.println Product: Tomcat 9 Version: 9.0.16 Hardware: PC