[Bug 64017] Apache http server 2.4.41 - Issue with transfer-encoding
https://bz.apache.org/bugzilla/show_bug.cgi?id=64017 --- Comment #2 from Vinoth --- Thanks i removed packet size from tomcat and apache. Post that when i try to hit the apache url am getting below error using curl and browser it shows "SyntaxError: JSON.parse: unexpected end of data" on response tab F12. Curl Error: < HTTP/1.1 200 200 HTTP/1.1 200 200 < Date: Thu, 19 Dec 2019 01:56:35 GMT Date: Thu, 19 Dec 2019 01:56:35 GMT < Server: Apache/2.4.41 (Unix) mod_jk/1.2.46 Server: Apache/2.4.41 (Unix) mod_jk/1.2.46 < Transfer-Encoding: chunked Transfer-Encoding: chunked < Content-Type: application/json Content-Type: application/json < * Problem (2) in the Chunked-Encoded data * Closing connection 0 curl: (56) Problem (2) in the Chunked-Encoded data mod_jk.log: [Wed Dec 18 20:59:57 2019] [61404:140737068881664] [debug] ajp_process_callback::jk_ajp_common.c (2132): (node2) AJP13 protocol: Reuse is OK [Wed Dec 18 20:59:57 2019] [61404:140737068881664] [debug] ajp_reset_endpoint::jk_ajp_common.c (848): (node2) resetting endpoint with socket 41 [Wed Dec 18 20:59:57 2019] [61404:140737068881664] [debug] ajp_done::jk_ajp_common.c (3288): recycling connection pool for worker node2 and socket 41 [Wed Dec 18 20:59:57 2019] [61404:140737068881664] [debug] jk_handler::mod_jk.c (2975): Service finished with status=200 [Wed Dec 18 20:59:57 2019] wizui_router 0.141739 However when i try to hit the direct tomcat url endpoint am getting the proper response back. Looks like apache is splitting the single response to multiple. Please suggest Thanks, Vinoth -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64017] Apache http server 2.4.41 - Issue with transfer-encoding
https://bz.apache.org/bugzilla/show_bug.cgi?id=64017 Rainer Jung changed: What|Removed |Added Assignee|b...@httpd.apache.org |dev@tomcat.apache.org Version|2.4.41 |unspecified Product|Apache httpd-2 |Tomcat Connectors Component|All |mod_jk -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64007] a deadlock with Poller run and cancelledKey
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007 --- Comment #7 from echo --- yes. thank you for your patient answer.I don't have a correct way to test. Just pressure test and it's hard to reproduce the bug fixed or not. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 51663] Apache Tomcat 502 Bad Gate Error
https://bz.apache.org/bugzilla/show_bug.cgi?id=51663 Sidharth changed: What|Removed |Added CC||spal...@rbbn.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63985] Tomcat 9 does not read UTF-8 files with no bom correctly
https://bz.apache.org/bugzilla/show_bug.cgi?id=63985 --- Comment #3 from Christopher Schultz --- (In reply to Hubert Gailly from comment #2) > Same text is saved in UTF8 in 2 separate files one with BOM, one without BOM. > All the declared as UTF-8. > In Apache 'httpd.conf' : AddDefaultCharset UTF-8 So Apache httpd is also in the mix? Great. More opportunities for things to go wrong with the character set. > In tomcat 'server.xml' : > protocol="AJP/1.3" URIEncoding="UTF-8"/> This setting (URIEncoding) has nothing to do with the character set used to encode a response. > In the file itself : content="text/html; charset=utf-8" http-equiv=Content-Type> I'm not sure if that needs to be quoted, but I would definitely quote it. It doesn't matter, as the response header Content-Type will override whatever the tag says. > I tried all different configurations : > In both application and tomcat 'web.xml' > > fileEcoding > UTF8 > > Or > > fileEcoding > UTF-8 > Which filter is this? CharacterSetEncodingFilter? If so, you have not configured it correctly, which is probably why it's not working. http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Add_Default_Character_Set_Filter The init-param is spelled "encoding", not "fileEncoding" or "fileEcoding". > And/Or > Starting Tomcat 9 with > -Dfile.encoding=UT8 > Or > -Dfile.encoding=UTF-8 These don't matter, either. > If served by Tomcat the file with no BOM is corrupted. Accents are rubbish > characters. > I save the file as ISO-8859-1, it is correct. > > That means that whatever I say to Tomcat9, if there is a UTF8 static file, > Tomcat9 always reads it as a ISO-8859-1, thus breaking the characters. Tomcat is not "reading" anything at all. It's taking bytes from the disk and placing them on the wire. It's the client which is interpreting the bytes as ISO-8859-1. > There is no problem with the file with BOM. Again, this is down to client behavior. Please move this discussion to the users' list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix typos
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 4dab3f2 Fix typos 4dab3f2 is described below commit 4dab3f2c0f006cb508eaae5624b7bb8ab96a9a00 Author: Mark Thomas AuthorDate: Wed Dec 18 16:26:33 2019 + Fix typos --- webapps/docs/changelog.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 14774e6..55781a4 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -178,7 +178,7 @@ Refactor FORM authentication to reduce duplicate code and to ensure that the authenticated Principal is not cached in the session when caching is -disabled. (markt) +disabled. This is the fix for CVE-2019-17563. (markt/kkolinko) @@ -309,7 +309,8 @@ - Refactor JMX remote RMI registry creation. (remm) + Refactor JMX remote RMI registry creation. This is the fix for + CVE-2019-12418. (remm) Improvement to CsrfPreventionFilter: expose the latest available nonce - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r37280 - /release/tomcat/tomcat-7/.idea/
Author: violetagg Date: Wed Dec 18 15:56:59 2019 New Revision: 37280 Log: Remove files added by mistake Removed: release/tomcat/tomcat-7/.idea/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r37279 - /release/tomcat/tomcat-7/tomcat-release.iml
Author: violetagg Date: Wed Dec 18 15:55:52 2019 New Revision: 37279 Log: Remove files added by mistake Removed: release/tomcat/tomcat-7/tomcat-release.iml - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r37278 - in /release/tomcat/tomcat-7: .idea/ .idea/misc.xml .idea/modules.xml .idea/vcs.xml .idea/workspace.xml tomcat-release.iml v7.0.96/
Author: violetagg Date: Wed Dec 18 15:49:20 2019 New Revision: 37278 Log: Remove 7.0.96 Added: release/tomcat/tomcat-7/.idea/ release/tomcat/tomcat-7/.idea/misc.xml (with props) release/tomcat/tomcat-7/.idea/modules.xml (with props) release/tomcat/tomcat-7/.idea/vcs.xml (with props) release/tomcat/tomcat-7/.idea/workspace.xml (with props) release/tomcat/tomcat-7/tomcat-release.iml (with props) Removed: release/tomcat/tomcat-7/v7.0.96/ Added: release/tomcat/tomcat-7/.idea/misc.xml == --- release/tomcat/tomcat-7/.idea/misc.xml (added) +++ release/tomcat/tomcat-7/.idea/misc.xml Wed Dec 18 15:49:20 2019 @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file Propchange: release/tomcat/tomcat-7/.idea/misc.xml -- svn:eol-style = native Added: release/tomcat/tomcat-7/.idea/modules.xml == --- release/tomcat/tomcat-7/.idea/modules.xml (added) +++ release/tomcat/tomcat-7/.idea/modules.xml Wed Dec 18 15:49:20 2019 @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file Propchange: release/tomcat/tomcat-7/.idea/modules.xml -- svn:eol-style = native Added: release/tomcat/tomcat-7/.idea/vcs.xml == --- release/tomcat/tomcat-7/.idea/vcs.xml (added) +++ release/tomcat/tomcat-7/.idea/vcs.xml Wed Dec 18 15:49:20 2019 @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file Propchange: release/tomcat/tomcat-7/.idea/vcs.xml -- svn:eol-style = native Added: release/tomcat/tomcat-7/.idea/workspace.xml == --- release/tomcat/tomcat-7/.idea/workspace.xml (added) +++ release/tomcat/tomcat-7/.idea/workspace.xml Wed Dec 18 15:49:20 2019 @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +$USER_HOME$/.subversion +125 + + + + + + + + + + + + + + + + + + + + + + + 1576683909278 + + + 1576683909278 + + + + + + + + + + \ No newline at end of file Propchange: release/tomcat/tomcat-7/.idea/workspace.xml -- svn:eol-style = native Added: release/tomcat/tomcat-7/tomcat-release.iml == --- release/tomcat/tomcat-7/tomcat-release.iml (added) +++ release/tomcat/tomcat-7/tomcat-release.iml Wed Dec 18 15:49:20 2019 @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file Propchange: release/tomcat/tomcat-7/tomcat-release.iml -- svn:eol-style = native - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 7.0.99 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.99. Apache Tomcat is an open source software implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. This release contains a number of bug fixes and improvements compared to version 7.0.96. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Apache Tomcat website: http://tomcat.apache.org Downloads: http://tomcat.apache.org/download-70.cgi Migration guides from Apache Tomcat 5.5.x and 6.0.x: http://tomcat.apache.org/migration.html Enjoy The Apache Tomcat team
svn commit: r1871757 - in /tomcat/site/trunk: docs/tomcat-7.0-doc/ docs/tomcat-7.0-doc/annotationapi/ docs/tomcat-7.0-doc/annotationapi/javax/ docs/tomcat-7.0-doc/annotationapi/javax/annotation/ docs/
Author: violetagg Date: Wed Dec 18 15:37:38 2019 New Revision: 1871757 URL: http://svn.apache.org/viewvc?rev=1871757=rev Log: Update docs for Apache Tomcat 7.0.99 release. [This commit notification would consist of 492 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2019-12418 Local Privilege Escalation
CVE-2019-12418 Local Privilege Escalation Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.28 Apache Tomcat 8.5.0 to 8.5.47 Apache Tomcat 7.0.0 to 7.0.97 Description: When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. The JMX Remote Lifecycle Listener will be deprecated in future Tomcat releases, will be removed for Tomcat 10 and may be removed from all Tomcat releases some time after 2020-12-31. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. Mitigation: Users of affected versions should apply one of the following mitigations: - Disable Tomcat's JmxRemoteLifecycleListener and use the built-in remote JMX facilities provided by the JVM - Upgrade to Apache Tomcat 9.0.29 or later - Upgrade to Apache Tomcat 8.5.49 or later - Upgrade to Apache Tomcat 7.0.99 or later Note: The fix was included in versions 7.0.98 and 8.5.48 but those versions were not released. Credit: An Trinh of Viettel Cyber Security References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] https://i.blackhat.com/eu-19/Wednesday/eu-19-An-Far-Sides-Of-Java-Remote-Protocols.pdf [5] https://nvd.nist.gov/vuln/detail/CVE-2019-2684 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2019-17563 Session fixation
CVE-2019-17563 Session fixation Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.29 Apache Tomcat 8.5.0 to 8.5.49 Apache Tomcat 7.0.0 to 7.0.98 Description: When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Mitigation: - Upgrade to Apache Tomcat 9.0.30 or later - Upgrade to Apache Tomcat 8.5.50 or later - Upgrade to Apache Tomcat 7.0.99 or later Credit: William Marlow (IBM). References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml
Author: markt Date: Wed Dec 18 15:35:48 2019 New Revision: 1871756 URL: http://svn.apache.org/viewvc?rev=1871756=rev Log: CVE-2019-12418 and CVE-2019-17563 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1871756=1871755=1871756=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Wed Dec 18 15:35:48 2019 @@ -214,6 +214,9 @@ Apache Tomcat 7.x vulnerabilities +Fixed in Apache Tomcat 7.0.99 + + Fixed in Apache Tomcat 7.0.94 @@ -400,6 +403,79 @@ + +17 December 2019 Fixed in Apache Tomcat 7.0.99 + + + + +Low: Session fixation + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563; rel="nofollow">CVE-2019-17563 + + + +When using FORM authentication there was a narrow window where an + attacker could perform a session fixation attack. The window was + considered too narrow for an exploit to be practical but, erring on the + side of caution, this issue has been treated as a security + vulnerability. + + +This was fixed with commit + https://github.com/apache/tomcat/commit/ab72a10;>ab72a10. + + +This issue was reported to the Apache Tomcat Security Team by William + Marlow (IBM) on 19 November 2019. The issue was made public on 18 + December 2019. + + +Affects: 7.0.0 to 7.0.98 + + + +Note: The issue below was fixed in Apache Tomcat 7.0.98 but the + release vote for the 7.0.98 release candidate did not pass. Therefore, + although users must download 7.0.99 to obtain a version that includes + the fix for this issue, version78.0.98 is not included in the list of + affected versions. + + + + +Moderate: Local Privilege Escalation + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418; rel="nofollow">CVE-2019-12418 + + + +When Tomcat is configured with the JMX Remote Lifecycle Listener, a local + attacker without access to the Tomcat process or configuration files is + able to manipulate the RMI registry to perform a man-in-the-middle attack + to capture user names and passwords used to access the JMX interface. The + attacker can then use these credentials to access the JMX interface and + gain complete control over the Tomcat instance. + +The JMX Remote Lifecycle Listener will be deprecated in future Tomcat + releases, will be removed for Tomcat 10 and may be removed from all + Tomcat releases some time after 31 December 2020. + +Users should also be aware of http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684; rel="nofollow">CVE-2019-2684, a JRE + vulnerability that enables this issue to be exploited remotely. + + +This was fixed with commit + https://github.com/apache/tomcat/commit/bef3f40;>bef3f40. + + +This issue was reported to the Apache Tomcat Security Team by An Trinh of + Viettel Cyber Security on 10 October 2019. The issue was made public on 18 + December 2019. + + +Affects: 7.0.0 to 7.0.97 + + + 12 April 2019 Fixed in Apache Tomcat 7.0.94 Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1871756=1871755=1871756=diff == --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Wed Dec 18 15:35:48 2019 @@ -214,6 +214,12 @@ Apache Tomcat 8.x vulnerabilities +Fixed in Apache Tomcat 8.5.50 + + +Fixed in Apache Tomcat 8.5.49 + + Fixed in Apache Tomcat 8.5.41 @@ -382,6 +388,85 @@ + +12 December 2019 Fixed in Apache Tomcat 8.5.50 + + + + +Low: Session fixation + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563; rel="nofollow">CVE-2019-17563 + + + +When using FORM authentication there was a narrow window where an + attacker could perform a session fixation attack. The window was + considered too narrow for an exploit to be practical but, erring on the + side of caution, this issue has been treated as a security + vulnerability. + + +This was fixed with commit + https://github.com/apache/tomcat/commit/e19a202;>e19a202. + + +This issue was reported to the Apache Tomcat Security Team by William + Marlow (IBM) on 19 November 2019. The issue was made public on 18 + December 2019. + + +Affects: 8.5.0 to 8.5.49 + + + + +21 November 2019 Fixed in Apache Tomcat 8.5.49 + + + + +Note: The issue below was fixed in
svn commit: r1871753 - in /tomcat/site/trunk: ./ docs/ xdocs/
Author: violetagg Date: Wed Dec 18 15:01:01 2019 New Revision: 1871753 URL: http://svn.apache.org/viewvc?rev=1871753=rev Log: Updates (excluding docs) for 7.0.99 release Modified: tomcat/site/trunk/build.properties.default tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-70.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-7.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-70.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-7.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1871753=1871752=1871753=diff == --- tomcat/site/trunk/build.properties.default (original) +++ tomcat/site/trunk/build.properties.default Wed Dec 18 15:01:01 2019 @@ -36,7 +36,7 @@ tomcat.loc=http://www.apache.org/dist/to # - Tomcat versions - -tomcat70=7.0.96 +tomcat70=7.0.99 tomcat85=8.5.50 tomcat90=9.0.30 Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1871753=1871752=1871753=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Wed Dec 18 15:01:01 2019 @@ -74,8 +74,8 @@ Latest Stable 7.0.x Release -2019-07-29 -7.0.96 +2019-12-17 +7.0.99 Modified: tomcat/site/trunk/docs/download-70.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-70.html?rev=1871753=1871752=1871753=diff == --- tomcat/site/trunk/docs/download-70.html (original) +++ tomcat/site/trunk/docs/download-70.html Wed Dec 18 15:01:01 2019 @@ -222,7 +222,7 @@ Quick Navigation -[define v]7.0.96[end] +[define v]7.0.99[end] https://www.apache.org/dist/tomcat/tomcat-7/KEYS;>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1871753=1871752=1871753=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Wed Dec 18 15:01:01 2019 @@ -241,6 +241,29 @@ project logo are trademarks of the Apach + +2019-12-17 Tomcat 7.0.99 Released + + + +The Apache Tomcat Project is proud to announce the release of version 7.0.99 of +Apache Tomcat. This release contains a number of bug fixes and improvements +compared to version 7.0.96. + + + +Full details of these changes, and all the other changes, are available in the +Tomcat 7 changelog. + + + + + +https://tomcat.apache.org/download-70.cgi;>Download + + + + 2019-12-12 Tomcat 9.0.30 Released @@ -310,29 +333,6 @@ changelog. - - -2019-07-29 Tomcat 7.0.96 Released - - - -The Apache Tomcat Project is proud to announce the release of version 7.0.96 of -Apache Tomcat. This release contains a number of bug fixes and improvements -compared to version 7.0.94. - - - -Full details of these changes, and all the other changes, are available in the -Tomcat 7 changelog. - - - - - -https://tomcat.apache.org/download-70.cgi;>Download - - - 2019-07-02 Tomcat Native 1.2.23 Released Modified: tomcat/site/trunk/docs/migration-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-7.html?rev=1871753=1871752=1871753=diff == --- tomcat/site/trunk/docs/migration-7.html (original) +++ tomcat/site/trunk/docs/migration-7.html Wed Dec 18 15:01:01 2019 @@ -1128,8 +1128,9 @@ of Apache Tomcat. 7.0.91 7.0.92 7.0.93 -7.0.94 -7.0.96 +7.0.94 +7.0.96 +7.0.99 , new version: 7.0.0 @@ -1199,7 +1200,8 @@ of Apache Tomcat. 7.0.92 7.0.93 7.0.94 -7.0.96 +7.0.96 +7.0.99 trunk (unreleased) Modified: tomcat/site/trunk/docs/oldnews.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews.html?rev=1871753=1871752=1871753=diff == --- tomcat/site/trunk/docs/oldnews.html (original) +++ tomcat/site/trunk/docs/oldnews.html Wed Dec 18 15:01:01 2019 @@ -553,6 +553,29 @@ changelog. + +2019-07-29 Tomcat 7.0.96 Released + + + +The Apache Tomcat Project is proud to announce the release of version 7.0.96 of +Apache Tomcat. This release contains a number of bug fixes and improvements +compared to version 7.0.94. + + +
[Bug 64007] a deadlock with Poller run and cancelledKey
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007 --- Comment #6 from Remy Maucherat --- Looking at the most recent JDK sources, the root issue likely has been fixed by these commits which remove all the unwanted internal NIO syncing: https://github.com/openjdk/jdk/commit/33b921f25d8b5e6a50003daa6db31176437d29c0 https://github.com/openjdk/jdk/commit/38bdacafbcf3c96ac40e30098c0990f88a9edf8e I'm ok with having a workaround fix, as it seems the first commit for this NIO bug will be in 11, and the second one in 14. Not 100% sure if the first one alone is enough to avoid the deadlock, but it might well be. In the trace, if http-nio-8080-exec-215 does not hold the lock in the AbstractSelectableChannel, then http-nio-8080-ClientPoller will be able to get the sync on it. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64011] JNDIRealm no longer authenticates to LDAP
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011 --- Comment #3 from Michael Osipov --- (In reply to Mike Lothian from comment #2) > I got the info from here: > > https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html > > spnegoDelegationQop This attribute should be a comma-separated list of > values selected from auth-conf, auth-int and auth The Java SASL GSSAPI mech has a bug which makes this possible, otherwise it should fail: https://bugs.openjdk.java.net/browse/JDK-8160818 > Removing useDelegatedCredential="true" also doesn't work with 8.5.50 but > does with 8.5.49 > > Which debug options should be switched on? You need to enable FINEST for org.apache.catalina.realm and org.apache.catalina.authenticator. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Correct dates (fingers were on auto-pilot)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 2a046cd Correct dates (fingers were on auto-pilot)
2a046cd is described below
commit 2a046cd89c144c88cdeb7a10e08947a92996daab
Author: Mark Thomas
AuthorDate: Wed Dec 18 10:59:14 2019 +
Correct dates (fingers were on auto-pilot)
---
java/org/apache/catalina/mbeans/LocalStrings.properties | 2 +-
webapps/docs/config/listeners.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/mbeans/LocalStrings.properties
b/java/org/apache/catalina/mbeans/LocalStrings.properties
index 9f71bdc..7cc32e2 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings.properties
@@ -25,7 +25,7 @@ globalResources.userDatabaseCreateError=Exception creating
UserDatabase MBeans f
jmxRemoteLifecycleListener.createRegistryFailed=Unable to create the RMI
registry for the [{0}] server using port [{1}]
jmxRemoteLifecycleListener.createServerFailed=The JMX connector server could
not be created or failed to start for the [{0}] server
-jmxRemoteLifecycleListener.deprecated=The JmxRemoteLifecycleListener is
deprecated as as the features it provides are now available in the remote JMX
capability included with the JRE. This listener will be removed in Tomcat 10
and may be removed from Tomcat 9 some time after 2019-12-31.
+jmxRemoteLifecycleListener.deprecated=The JmxRemoteLifecycleListener is
deprecated as as the features it provides are now available in the remote JMX
capability included with the JRE. This listener will be removed in Tomcat 10
and may be removed from Tomcat 9 some time after 2020-12-31.
jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could
not be stopped for the [{0}] server
jmxRemoteLifecycleListener.invalidRmiBindAddress=Invalid RMI bind address [{0}]
jmxRemoteLifecycleListener.invalidSSLConfiguration=SSL configuration error
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index 918b1f3..25828d8 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -556,7 +556,7 @@
This listener is now deprecated as the features it provides are
now available in the remote JMX capability included with the JRE. This
listener will be removed in Tomcat 10 and may be removed from Tomcat 9 some
-time after 2019-12-31.
+time after 2020-12-31.
The JMX Remote Lifecycle Listener fixes the ports used
by
the JMX/RMI Server making things much simpler if you need to connect
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Deprecate the JmxRemoteLifecycleListener
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 81fb6d6 Deprecate the JmxRemoteLifecycleListener
81fb6d6 is described below
commit 81fb6d66c60f3fa57dfd41c02d52f33c5eec9cae
Author: Mark Thomas
AuthorDate: Wed Dec 18 10:27:51 2019 +
Deprecate the JmxRemoteLifecycleListener
---
.../mbeans/JmxRemoteLifecycleListener.java | 15 -
.../apache/catalina/mbeans/LocalStrings.properties | 1 +
webapps/docs/changelog.xml | 6 ++
webapps/docs/config/listeners.xml | 18 ++
webapps/docs/monitoring.xml| 73 +-
5 files changed, 82 insertions(+), 31 deletions(-)
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
index c81c4a9..12270ec 100644
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
@@ -61,7 +61,13 @@ import org.apache.tomcat.util.res.StringManager;
* instance that is running behind a firewall. Only the ports are configured
via
* the listener. The remainder of the configuration is via the standard system
* properties for configuring JMX.
+ *
+ * @deprecated The features provided by this listener are now available in the
+ * remote JMX capability included with the JRE.
+ * This listener will be removed in Tomcat 10 and may be removed
+ * from Tomcat 7.0.x some time after 2020-12-31.
*/
+@Deprecated
public class JmxRemoteLifecycleListener implements LifecycleListener {
private static final Log log =
LogFactory.getLog(JmxRemoteLifecycleListener.class);
@@ -203,9 +209,12 @@ public class JmxRemoteLifecycleListener implements
LifecycleListener {
@Override
public void lifecycleEvent(LifecycleEvent event) {
-// When the server starts, configure JMX/RMI
-if (Lifecycle.START_EVENT.equals(event.getType())) {
-// Configure using standard jmx system properties
+if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
+log.warn(sm.getString("jmxRemoteLifecycleListener.deprecated"));
+} else if (Lifecycle.START_EVENT.equals(event.getType())) {
+// When the server starts, configure JMX/RMI
+
+// Configure using standard JMX system properties
init();
// Prevent an attacker guessing the RMI object ID
diff --git a/java/org/apache/catalina/mbeans/LocalStrings.properties
b/java/org/apache/catalina/mbeans/LocalStrings.properties
index b77cfec..e5d381f 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings.properties
@@ -15,6 +15,7 @@
jmxRemoteLifecycleListener.createRegistryFailed=Unable to create the RMI
registry for the [{0}] server using port [{1}]
jmxRemoteLifecycleListener.createServerFailed=The JMX connector server could
not be created or failed to start for the [{0}] server
+jmxRemoteLifecycleListener.deprecated=The JmxRemoteLifecycleListener is
deprecated as as the features it provides are now available in the remote JMX
capability included with the JRE. This listener will be removed in Tomcat 10
and may be removed from Tomcat 7 some time after 2020-12-31.
jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could
not be stopped for the [{0}] server
jmxRemoteLifecycleListener.invalidRmiBindAddress=Invalid RMI bind address [{0}]
jmxRemoteLifecycleListener.invalidURL=The JMX Service URL requested for the
[{0}] server, [{1}], was invalid
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6a0d3fd..2a36496 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -77,6 +77,12 @@
64008: Clarify/expand the Javadoc for the
Tomcat#addWebapp() and related methods. (markt)
+
+Deprecate the JmxRemoteLifecycleListener as the features
it
+provides are now available in the remote JMX capability included with
+the JRE. This listener will be removed in Tomcat 10 and may be removed
+from Tomcat 7.0.x some time after 2020-12-31. (markt)
+
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index a62041e..6cf00dc 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -511,8 +511,26 @@
+
+
+This listener performs system property replacement using the property
+ source configured on the digester. When ${parameter}
+ denoted parameters are found in the values of system properties,
+ the property source will be invoked to attempt to replace it.
+
+
+
+
+
+
+
+This
[tomcat] branch 8.5.x updated: Deprecate the JmxRemoteLifecycleListener
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new afbe415 Deprecate the JmxRemoteLifecycleListener
afbe415 is described below
commit afbe415bb24a376f1ded4a38b5a18c22b8605495
Author: Mark Thomas
AuthorDate: Wed Dec 18 10:27:51 2019 +
Deprecate the JmxRemoteLifecycleListener
---
.../mbeans/JmxRemoteLifecycleListener.java | 15 +--
.../apache/catalina/mbeans/LocalStrings.properties | 1 +
webapps/docs/changelog.xml | 6 +++
webapps/docs/config/listeners.xml | 27
webapps/docs/monitoring.xml| 51 --
5 files changed, 75 insertions(+), 25 deletions(-)
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
index 9bae7fd..b5e2afe 100644
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
@@ -61,7 +61,13 @@ import org.apache.tomcat.util.res.StringManager;
* instance that is running behind a firewall. Only the ports are configured
via
* the listener. The remainder of the configuration is via the standard system
* properties for configuring JMX.
+ *
+ * @deprecated The features provided by this listener are now available in the
+ * remote JMX capability included with the JRE.
+ * This listener will be removed in Tomcat 10 and may be removed
+ * from Tomcat 8.5.x some time after 2020-12-31.
*/
+@Deprecated
public class JmxRemoteLifecycleListener implements LifecycleListener {
private static final Log log =
LogFactory.getLog(JmxRemoteLifecycleListener.class);
@@ -203,9 +209,12 @@ public class JmxRemoteLifecycleListener implements
LifecycleListener {
@Override
public void lifecycleEvent(LifecycleEvent event) {
-// When the server starts, configure JMX/RMI
-if (Lifecycle.START_EVENT.equals(event.getType())) {
-// Configure using standard jmx system properties
+if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
+log.warn(sm.getString("jmxRemoteLifecycleListener.deprecated"));
+} else if (Lifecycle.START_EVENT.equals(event.getType())) {
+// When the server starts, configure JMX/RMI
+
+// Configure using standard JMX system properties
init();
// Prevent an attacker guessing the RMI object ID
diff --git a/java/org/apache/catalina/mbeans/LocalStrings.properties
b/java/org/apache/catalina/mbeans/LocalStrings.properties
index 2a5..e318c23 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings.properties
@@ -15,6 +15,7 @@
jmxRemoteLifecycleListener.createRegistryFailed=Unable to create the RMI
registry for the [{0}] server using port [{1}]
jmxRemoteLifecycleListener.createServerFailed=The JMX connector server could
not be created or failed to start for the [{0}] server
+jmxRemoteLifecycleListener.deprecated=The JmxRemoteLifecycleListener is
deprecated as as the features it provides are now available in the remote JMX
capability included with the JRE. This listener will be removed in Tomcat 10
and may be removed from Tomcat 8 some time after 2020-12-31.
jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could
not be stopped for the [{0}] server
jmxRemoteLifecycleListener.invalidRmiBindAddress=Invalid RMI bind address [{0}]
jmxRemoteLifecycleListener.invalidURL=The JMX Service URL requested for the
[{0}] server, [{1}], was invalid
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b9e116e..71fb984 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -77,6 +77,12 @@
64008: Clarify/expand the Javadoc for the
Tomcat#addWebapp() and related methods. (markt)
+
+Deprecate the JmxRemoteLifecycleListener as the features
it
+provides are now available in the remote JMX capability included with
+the JRE. This listener will be removed in Tomcat 10 and may be removed
+from Tomcat 8.5.x some time after 2020-12-31. (markt)
+
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index ff45d61..ad65e5e 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -536,8 +536,26 @@
+
+
+This listener performs system property replacement using the property
+ source configured on the digester. When ${parameter}
+ denoted parameters are found in the values of system properties,
+ the property source will be invoked to attempt to replace it.
+
+
+
+
+
+
+
+
[tomcat] branch master updated: Deprecate the JmxRemoteLifecycleListener
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 07a44db Deprecate the JmxRemoteLifecycleListener
07a44db is described below
commit 07a44dbf56224e74b582d7357f3a60f354e5af79
Author: Mark Thomas
AuthorDate: Wed Dec 18 10:27:51 2019 +
Deprecate the JmxRemoteLifecycleListener
---
.../mbeans/JmxRemoteLifecycleListener.java | 12 ++-
.../apache/catalina/mbeans/LocalStrings.properties | 1 +
webapps/docs/changelog.xml | 6 ++
webapps/docs/config/listeners.xml | 96 --
webapps/docs/monitoring.xml| 51 +---
5 files changed, 107 insertions(+), 59 deletions(-)
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
index d01ed8e..4256fb3 100644
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
@@ -62,7 +62,13 @@ import org.apache.tomcat.util.res.StringManager;
* instance that is running behind a firewall. Only the ports are configured
via
* the listener. The remainder of the configuration is via the standard system
* properties for configuring JMX.
+ *
+ * @deprecated The features provided by this listener are now available in the
+ * remote JMX capability included with the JRE.
+ * This listener will be removed in Tomcat 10 and may be removed
+ * from Tomcat 9.0.x some time after 2020-12-31.
*/
+@Deprecated
public class JmxRemoteLifecycleListener extends SSLHostConfig implements
LifecycleListener {
private static final long serialVersionUID = 1L;
@@ -293,8 +299,10 @@ public class JmxRemoteLifecycleListener extends
SSLHostConfig implements Lifecyc
@Override
public void lifecycleEvent(LifecycleEvent event) {
-// When the server starts, configure JMX/RMI
-if (Lifecycle.START_EVENT.equals(event.getType())) {
+if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
+log.warn(sm.getString("jmxRemoteLifecycleListener.deprecated"));
+} else if (Lifecycle.START_EVENT.equals(event.getType())) {
+// When the server starts, configure JMX/RMI
// Configure using standard JMX system properties
init();
diff --git a/java/org/apache/catalina/mbeans/LocalStrings.properties
b/java/org/apache/catalina/mbeans/LocalStrings.properties
index 21251d4..9f71bdc 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings.properties
@@ -25,6 +25,7 @@ globalResources.userDatabaseCreateError=Exception creating
UserDatabase MBeans f
jmxRemoteLifecycleListener.createRegistryFailed=Unable to create the RMI
registry for the [{0}] server using port [{1}]
jmxRemoteLifecycleListener.createServerFailed=The JMX connector server could
not be created or failed to start for the [{0}] server
+jmxRemoteLifecycleListener.deprecated=The JmxRemoteLifecycleListener is
deprecated as as the features it provides are now available in the remote JMX
capability included with the JRE. This listener will be removed in Tomcat 10
and may be removed from Tomcat 9 some time after 2019-12-31.
jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could
not be stopped for the [{0}] server
jmxRemoteLifecycleListener.invalidRmiBindAddress=Invalid RMI bind address [{0}]
jmxRemoteLifecycleListener.invalidSSLConfiguration=SSL configuration error
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f69a971..14774e6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -69,6 +69,12 @@
64008: Clarify/expand the Javadoc for the
Tomcat#addWebapp() and related methods. (markt)
+
+Deprecate the JmxRemoteLifecycleListener as the features
it
+provides are now available in the remote JMX capability included with
+the JRE. This listener will be removed in Tomcat 10 and may be removed
+from Tomcat 9.0.x some time after 2020-12-31. (markt)
+
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index 983793b..918b1f3 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -504,8 +504,60 @@
+
+
+The HTTPD mod_heartmonitor Listener allows tomcat to
send heart beat message to
+the Apache HTTPD mod_heartmonitor module.
+
+The following additional attributes are supported by the HTTPD
mod_heartmonitor
+Listener:
+
+
+
+Port the connector that will received proxied traffic from HTTPD,
default the first connector will be used
+
+
+
[Bug 64005] NullPointerException in Tomcat 8.5.50 from java.util.zip.ZipFile.getEntry
https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 --- Comment #8 from Vlad Mencl --- Thanks for the quick fix! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64007] a deadlock with Poller run and cancelledKey
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007 --- Comment #5 from Remy Maucherat --- Ok. If you run again into a deadlock, please add the updated deadlock traces as an attachment to the BZ (otherwise it's harder to read). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64007] a deadlock with Poller run and cancelledKey
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007 --- Comment #4 from echo --- I will test first. If there is progress i will recommend agin -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
