[Bug 65179] HTTP2:WINDOW_UPDATE not sent when receiving http2 requests over unknown url

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65179

--- Comment #3 from Mark Thomas  ---
Yes, you will see a RST frame for the stream with error code 8 (cancel) to tell
the client no to bother sending (any more of) the requets body.

The 404 response is sent before the RST frame.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65181] Tomcat Native library with OpenSSL Engine private key loading

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65181

Edin Hodzic  changed:

   What|Removed |Added

   Severity|enhancement |major
   Priority|P2  |P1

--- Comment #1 from Edin Hodzic  ---
Changed Importance to P1 / Major as this blocks use of OpenSSL Engine with TPMs
or HSMs, and OpenSSL Engine support is included in Tomcat Native library
already.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65179] HTTP2:WINDOW_UPDATE not sent when receiving http2 requests over unknown url

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65179

--- Comment #2 from Doug Whitfield  ---
Hi Mark,

Regarding this fix, we still see an error code 8 and not the expected 404. Is
the error code 8 a separate bug? If so, is it logged somewhere I am not
finding? We have a jmx file we have been using for testing. I can upload the
jmx file either here or to a separate bug as necessary. Is there anything
useful that we can provide to help with this?

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64710] NullPointerException in Http2UpgradeHandler.endRequestBodyFrame and BufferOverflowException in SocketBufferHandler

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64710

--- Comment #21 from Doug Whitfield  ---
Arshiya, I am trying to reproduce this issue using the provided application,
but changing the pom file to be Tomcat 9.0.17. The goal is to determine if we
can roll back to 9.0.17. The test application does not appear to have any logs
printed. There is no exception printed on the command line. I would anticipate
this means that 9.0.17 does not contain this issue. Can you provide clarity on
where in the test application these exceptions should show up? Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #406: Improve the SSLValve so it is able to handle the ssl_client_escaped_cert header from Nginx

[GitBox]

michael-o commented on pull request #406:
URL: https://github.com/apache/tomcat/pull/406#issuecomment-802077740


   Note that Joe Orton is working in HTTPd to make this possible too A new set 
of headers will contain certs in DER form encoded with Base 64.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o edited a comment on pull request #406: Improve the SSLValve so it is able to handle the ssl_client_escaped_cert header from Nginx

[GitBox]

michael-o edited a comment on pull request #406:
URL: https://github.com/apache/tomcat/pull/406#issuecomment-802077740


   Note that Joe Orton is working on HTTPd to make this possible too A new set 
of headers will contain certs in DER form encoded with Base 64.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64710] NullPointerException in Http2UpgradeHandler.endRequestBodyFrame and BufferOverflowException in SocketBufferHandler

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64710

--- Comment #20 from Doug Whitfield  ---
The earliest reference here is 9.0.36. Is there any reason to believe this
exists in any version before that? Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64621] HTTP/2 Tomcat Server responds with RST_STREAM (REFUSED_STREAM) continuously in one of the TCP connection.

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64621

--- Comment #10 from Doug Whitfield  ---
Like 64671, I am curious if anyone knows if this was introduced any place
before 9.0.22. Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64671] HTTP/2 Stream.receivedData method throwing continuous NullPointerException in the logs

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64671

--- Comment #8 from Doug Whitfield  ---
Do we have any idea when this was introduced? The earliest reference I see is
9.0.22. Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on pull request #414: don't log undesired warnings for webapp classloader configuration

[GitBox]

rmaucher commented on pull request #414:
URL: https://github.com/apache/tomcat/pull/414#issuecomment-801922794


   @rmannibucau That wasn't the case before that commit, but it's possible 
after it. Personally, I would prefer dropping the reflection. Let's see if Mark 
wants to comment on that.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65195] coyote http2 raise NullPointerException

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65195

--- Comment #3 from Mark Thomas  ---
Early to mid-April

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65195] coyote http2 raise NullPointerException

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65195

--- Comment #2 from pentolone  ---
Thanks, when will 9.0.45 be available?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65195] coyote http2 raise NullPointerException

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65195

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Already fixed in 9.0.x for 9.0.45 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65195] New: coyote http2 raise NullPointerException

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65195

Bug ID: 65195
   Summary: coyote http2 raise NullPointerException
   Product: Tomcat 9
   Version: 9.0.44
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: luca.rom...@connexx.it
  Target Milestone: -

Hi, I just upgraded to latest stable version (9.0.44) and I have this
exception.

I use native library 1.2.26, APR version 1.6.5 and http2


Exception in thread "https-openssl-apr-8443-exec-5"
java.lang.NullPointerException
at
org.apache.coyote.http2.AbstractNonZeroStream.replaceStream(AbstractNonZeroStream.java:125)
at
org.apache.coyote.http2.Http2UpgradeHandler.replaceStream(Http2UpgradeHandler.java:1766)
at org.apache.coyote.http2.Stream.recycle(Stream.java:687)
at org.apache.coyote.http2.Stream.close(Stream.java:671)
at
org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:108)
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Exception in thread "https-openssl-apr-8443-exec-4"
java.lang.NullPointerException
at
org.apache.coyote.http2.AbstractNonZeroStream.replaceStream(AbstractNonZeroStream.java:125)
at
org.apache.coyote.http2.Http2UpgradeHandler.replaceStream(Http2UpgradeHandler.java:1766)
at org.apache.coyote.http2.Stream.recycle(Stream.java:687)
at org.apache.coyote.http2.Stream.close(Stream.java:671)
at
org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:108)
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmannibucau commented on pull request #414: don't log undesired warnings for webapp classloader configuration

[GitBox]

rmannibucau commented on pull request #414:
URL: https://github.com/apache/tomcat/pull/414#issuecomment-801842654


   @rmaucher due to the code structure I assumed it was intended for custom 
loader to be able to benefit from the same configuration without having to 
inherit from the default webapp classloader, if this assumption is true I agree 
with you it is better to do "if we know then do, else ignore". Not sure how an 
API it is since it is somehow publicly available.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on pull request #414: don't log undesired warnings for webapp classloader configuration

[GitBox]

rmaucher commented on pull request #414:
URL: https://github.com/apache/tomcat/pull/414#issuecomment-801817917


   This was introduced by 
https://github.com/apache/tomcat/commit/c38e9ccabc0d20e1f88b389ab531dcbf632b0ed8
 and I understand the WebappLoader changes part of it.
   
   In StandardContext, I don't see why the properties should not be set simply 
after using if (getLoader().getClassLoader() instanceof WebappClassLoaderBase) 
since the StandardContext class already uses WebappLoader (to create a default 
loader). This would avoid the useless reflection that is causing you problems.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [External] : Re: Release Announcement: General Availability of Java 16 / JDK 16

[Rory O'Donnell]

Excellent, thanks Martin!

On 17/03/2021 14:36, Martin Grigorov wrote:

Hi Rory,

Apache Tomcat's build and tests pass successfully with JDK 16 16+36-2231
and 17-ea+13-1000 on both Linux x86_64 and aarch64!

Regards,
Martin

On Tue, Mar 16, 2021 at 5:26 PM Rory O'Donnell 
wrote:


Hi Mark,

*Release Announcement: General Availability of Java 16 / JDK 16 *

**

   * JDK 16, the reference implementation of Java 16, is now Generally
 Available. [1]
   * GPL-licensed OpenJDK builds from Oracle are available here:
 
https://urldefense.com/v3/__http://jdk.java.net/16/__;!!GqivPVa7Brio!JtYohWYzYIvIDvUGvuw9sbQDOezx5DuM3sheY7molhWHOYx5qvS_jZgjp_NhTP6kSKg$
  

   * JDK 16 Release notes
 

*JDK 16 includes the following features [2]:*

   * JEP 338:Vector API (Incubator) 
   * JEP 347:Enable C++14 Language Features
 
   * JEP 357:Migrate from Mercurial to Git
 
   * JEP 369:Migrate to GitHub 
   * JEP 376:ZGC: Concurrent Thread-Stack Processing
 
   * JEP 380:Unix-Domain Socket Channels 
   * JEP 387:Elastic Metaspace 
   * JEP 388:Windows/AArch64 Port 
   * JEP 389:Foreign Linker API (Incubator)
 
   * JEP 390:Warnings for Value-Based Classes
 
   * JEP 392:Packaging Tool 
   * JEP 393:Foreign-Memory Access API (Third Incubator)
 
   * JEP 394:Pattern Matching for instanceof
 
   * JEP 395:Records 
   * JEP 396:Strongly Encapsulate JDK Internals by Default
 
   * JEP 397:Sealed Classes (Second Preview)
 

Thanks to everyone who contributed to JDK 16, whether by creating
features or enhancements, logging bugs, or

downloading and testing the early-access builds.

*OpenJDK 17 Early Access build 13 is now available at
https://urldefense.com/v3/__http://jdk.java.net/17__;!!GqivPVa7Brio!JtYohWYzYIvIDvUGvuw9sbQDOezx5DuM3sheY7molhWHOYx5qvS_jZgjp_Nh31JEWwk$
  

*


**

   * These early access, open source builds are provided under the GNU
 General Public License, version 2, with the Classpath Exception
 .
   * JEPs targeted to JDK 17, so far:
   o JEP 356: Enhanced Pseudo-Random Number Generators
 

   * Release Notes are available at 
https://urldefense.com/v3/__http://jdk.java.net/17/release-notes__;!!GqivPVa7Brio!JtYohWYzYIvIDvUGvuw9sbQDOezx5DuM3sheY7molhWHOYx5qvS_jZgjp_Nh5rAgoc4$
 


   * Significant changes since the last availability email:
   o JDK-8259709: Disable SHA-1 XML Signatures (b13)
   o JDK-6323374: (coll) Optimize Collections.unmodifiable* and
 synchronized*(b13)
   o JDK-8139348: Deprecate 3DES and RC4 in Kerberos (b12)
   o JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in
 SSLSocketImpl (b11)
   o JDK-8235139: Deprecate the socket impl factory mechanism(b10)
   o JDK-8225081: Remove Telia Company CA certificate expiring in
 April 2021(b9)


*Project Lanai Early-Access Builds
*

   * EA 10 Build 17-lanai+3-133 (2021/3/2) is available -
 
https://urldefense.com/v3/__http://jdk.java.net/lanai/__;!!GqivPVa7Brio!JtYohWYzYIvIDvUGvuw9sbQDOezx5DuM3sheY7molhWHOYx5qvS_jZgjp_NhfLSnnOk$
   * These early access, open source builds are provided under the GNU
 General Public License, version 2, with the Classpath Exception
 .


*Project Loom Early-Access Builds*

   * Build 17-loom+4-174 (2021/3/12) is available -
https://urldefense.com/v3/__http://jdk.java.net/loom/__;!!GqivPVa7Brio!JtYohWYzYIvIDvUGvuw9sbQDOezx5DuM3sheY7molhWHOYx5qvS_jZgjp_NhsvElUGE$
   * These early access, open source builds are provided under the GNU
 General Public License, version 2, with the Classpath Exception
 .


*Project Panama Early-Access Builds
*

   * Build 17-panama+2-51 (2021/2/12) is available -
 
https://