[Bug 65513] Change in browser cache behavior introduced in 9.0.51
https://bz.apache.org/bugzilla/show_bug.cgi?id=65513 Christopher Schultz changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #4 from Christopher Schultz --- (In reply to S.T. Nagel from comment #3) > I appreciate the suggested workaround idea of setting > securePagesWithPragma="true". I will look into it, but I do have a strict > requirement for "Cache-Control: private", so I'm not sure the > securePagesWithPragma branch will satisfy my needs. I mentioned the RewriteValve above but I think it cannot set headers for you the way that tuckey's url-rewrite can. Consider asking on the users' mailing-list for help with forcing an Expires header on your responses. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix imports
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new a2d2a37 Fix imports a2d2a37 is described below commit a2d2a3755f959c6698414b289626956cef470fee Author: Mark Thomas AuthorDate: Fri Aug 20 20:52:58 2021 +0100 Fix imports --- test/org/apache/tomcat/util/net/TestCustomSsl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/test/org/apache/tomcat/util/net/TestCustomSsl.java b/test/org/apache/tomcat/util/net/TestCustomSsl.java index e9bb46d..cf8a86d 100644 --- a/test/org/apache/tomcat/util/net/TestCustomSsl.java +++ b/test/org/apache/tomcat/util/net/TestCustomSsl.java @@ -17,6 +17,7 @@ package org.apache.tomcat.util.net; import java.io.File; + import org.junit.Assert; import org.junit.Assume; import org.junit.Test; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-9.0.x
The Buildbot has detected a restored build on builder tomcat-9.0.x while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-9.0.x/builds/109 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9.0-commit' triggered this build Build Source Stamp: [branch 9.0.x] 5cba333a0597e0d4b86857f768a700e674395d8e Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65513] Change in browser cache behavior introduced in 9.0.51
https://bz.apache.org/bugzilla/show_bug.cgi?id=65513 --- Comment #3 from scott.t.na...@gmail.com --- I agree that this is a legitimate and appropriate change, but I wanted to express my concerns about the impacts of making the change in Tomcat 9. You've acknowledged my concerns and provided background and explanation for the change, so I'm quite satisfied. I'll have no heartache with closing WONTFIX. I do strongly believe that this change warrants an entry on the "Notable Changes" section of the web site (what I referred to as the migration guide based on the URL). For me personally, I read the changelog as items of interest, but I read the notable changes as things I may need to update in my configuration/code when upgrading. I understand that "CONFIDENTIAL only implies private caching, not no caching", but Tomcat 9 has always implemented it as no caching. However, I'm moving on - I understand that the issue has been fixed and the behavior has changed. I appreciate the suggested workaround idea of setting securePagesWithPragma="true". I will look into it, but I do have a strict requirement for "Cache-Control: private", so I'm not sure the securePagesWithPragma branch will satisfy my needs. Thank you gentlemen for your informative and thorough responses. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Path seems to have changed from lib to lib64. Support both.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 91e07b5 Path seems to have changed from lib to lib64. Support both. 91e07b5 is described below commit 91e07b51875840a3ac7dd0b5d43ee3b531906ba5 Author: Mark Thomas AuthorDate: Fri Aug 20 18:56:27 2021 +0100 Path seems to have changed from lib to lib64. Support both. --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 07edc4b..9dafe46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -337,7 +337,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib"; +openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Path seems to have changed from lib to lib64. Support both.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 5cba333 Path seems to have changed from lib to lib64. Support both. 5cba333 is described below commit 5cba333a0597e0d4b86857f768a700e674395d8e Author: Mark Thomas AuthorDate: Fri Aug 20 18:56:27 2021 +0100 Path seems to have changed from lib to lib64. Support both. --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 07edc4b..9dafe46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -337,7 +337,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib"; +openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Path seems to have changed from lib to lib64. Support both.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new b12c7b5 Path seems to have changed from lib to lib64. Support both. b12c7b5 is described below commit b12c7b57865cc5319c25a31bf5c74e0f72dd231a Author: Mark Thomas AuthorDate: Fri Aug 20 18:56:27 2021 +0100 Path seems to have changed from lib to lib64. Support both. --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 07edc4b..9dafe46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -337,7 +337,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib"; +openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Path seems to have changed from lib to lib64. Support both.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 25c2c7a Path seems to have changed from lib to lib64. Support both. 25c2c7a is described below commit 25c2c7a392c4d0eb4c67797bd4fa5b1ce023f6d2 Author: Mark Thomas AuthorDate: Fri Aug 20 18:56:27 2021 +0100 Path seems to have changed from lib to lib64. Support both. --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 07edc4b..9dafe46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -337,7 +337,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib"; +openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65513] Change in browser cache behavior introduced in 9.0.51
https://bz.apache.org/bugzilla/show_bug.cgi?id=65513 --- Comment #2 from Christopher Schultz --- So, we can't revert the change because the reasoning behind it was legitimate and it's an appropriate change. On the other hand, you are right, Scott, the behavior did change in a potentially unexpected way. Note that Tomcat is not Debian, where absolutely nothing whatsoever is expected to change between versions other than fixing security problems. Behavior-causing changes are not forbidden within point-releases, here. The changelog does contain an entry announcing the change. The changelog is the appropriate place to go when looking for changes between releases. There is a "Notable Changes" section on the web site which in this case did not get an entry added. I think it would be appropriate to add an item to this list: http://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes The only way to effectively "undo" this change would be to install a RewriteValve into the default configuration which replicated pre-9.0.51 behavior. That seems a little heavy-handed and does not help anyone who uses their own (e.g. revision-controlled) configuration. Finally, the "Expires" header is only part of the equation. I haven't tested this, but if you want to prevent Google Chrome from storing your pages in the bfcache (which isn't the disk!), you will need to use "Cache-Control: no-store" and the "Expires" header has no effect. I tend to agree that no further code/configuration changes should be made, but that the documentation can certainly be improved. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/03: Update documentation to reflect removal of APR connector
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a3a6a89a2fcbe5d432640e7b31808eeb591541ce Author: Mark Thomas AuthorDate: Thu Aug 19 19:16:39 2021 +0100 Update documentation to reflect removal of APR connector --- BUILDING.txt | 24 ++-- RUNNING.txt | 12 +- TOMCAT-NEXT.txt | 4 + build.properties.default | 2 - conf/server.xml | 3 +- res/tomcat.nsi| 2 +- test/org/apache/coyote/http2/TestHttp2Limits.java | 6 +- webapps/docs/apr.xml | 59 +- webapps/docs/config/ajp.xml | 59 +- webapps/docs/config/http.xml | 131 +++--- webapps/docs/manager-howto.xml| 3 +- webapps/docs/ssl-howto.xml| 87 ++ 12 files changed, 57 insertions(+), 335 deletions(-) diff --git a/BUILDING.txt b/BUILDING.txt index 07f462f..0670db8 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -326,29 +326,29 @@ directory: output/build/logs -By default the testsuite is run three times to test 3 different -implementations of Tomcat connectors: NIO, NIO2 and APR. (If you are not -familiar with Tomcat connectors, see config/http.html in documentation for -details). +By default the testsuite is run twice to test the 2 different implementations +of Tomcat connectors: NIO and NIO2. (If you are not familiar with Tomcat +connectors, see config/http.html in documentation for details). -The 3 runs are enabled and disabled individually by the following +The 2 runs are enabled and disabled individually by the following properties, which all are "true" by default: execute.test.nio=true execute.test.nio2=true -execute.test.apr=true -The APR connector can be tested only if Tomcat-Native library binaries are -found by the testsuite. The "test.apr.loc" property specifies the directory -where the library binaries are located. +The SSL tests will be run twice. Once with the JSSE implementation and once +with the OpenSSL implementation. The OpenSSL implementation can only can be +tested if Tomcat-Native library binaries are found by the testsuite. The +"test.apr.loc" property specifies the directory where the library binaries are +located. By default the "test.apr.loc" property specifies the following location: output/build/bin/native/ -If you are on Windows and want to test the APR connector you can put the -tcnative-1.dll file into ${tomcat.source}/bin/native/ and it will be copied -into the above directory when the build runs. +If you are on Windows and want to test the OpenSSL TLS implementation you can +put the tcnative-1.dll file into ${tomcat.source}/bin/native/ and it will be +copied into the above directory when the build runs. The unit tests include tests of the clustering functionality which require multicast to be enabled. There is a simple application provided in the Tomcat diff --git a/RUNNING.txt b/RUNNING.txt index f96d8b9..7ae9cad 100644 --- a/RUNNING.txt +++ b/RUNNING.txt @@ -373,10 +373,9 @@ If you do use them, do not forget to read their documentation. Apache Tomcat Native library - -It is a library that allows to use the "Apr" variant of HTTP and AJP -protocol connectors in Apache Tomcat. It is built around OpenSSL and Apache -Portable Runtime (APR) libraries. Those are the same libraries as used by -Apache HTTPD Server project. +It is a library that allows to use the OpenSSL variant of the TLS implementation +for the HTTP connector in Apache Tomcat. It is built around OpenSSL and Apache +Portable Runtime (APR) libraries. This feature was especially important in the old days when Java performance was poor. It is less important nowadays, but it is still used and respected @@ -390,13 +389,10 @@ For further reading: https://tomcat.apache.org/tomcat-@VERSION_MAJOR_MINOR@-doc/apr.html -* Documentation for the HTTP and AJP protocol connectors in the Tomcat - Configuration Reference +* Documentation for the HTTP connector in the Tomcat Configuration Reference https://tomcat.apache.org/tomcat-@VERSION_MAJOR_MINOR@-doc/config/http.html - https://tomcat.apache.org/tomcat-@VERSION_MAJOR_MINOR@-doc/config/ajp.html - - Apache Tomcat Native project home https://tomcat.apache.org/native-doc/ diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt index c875e67..da59f9b 100644 --- a/TOMCAT-NEXT.txt +++ b/TOMCAT-NEXT.txt @@ -33,3 +33,7 @@ Deferred until 10.1.x: the JRE with project Panama. 2. Review code forked from Commons projects and consider removing unused code. + + 3. Implement OCSP checks for client certs with
[tomcat] 02/03: Refactor SSL tests to test both JSSE and OpenSSL implementations
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 5c1b14a9e34bd965146c4941742ff6221a5110c8 Author: Mark Thomas AuthorDate: Wed Aug 18 21:12:50 2021 +0100 Refactor SSL tests to test both JSSE and OpenSSL implementations --- .../catalina/valves/rewrite/TestResolverSSL.java | 42 ++- test/org/apache/coyote/http2/TestHttp2Limits.java | 2 +- test/org/apache/coyote/http2/TestLargeUpload.java | 48 .../org/apache/tomcat/util/net/TestClientCert.java | 40 +++ .../tomcat/util/net/TestClientCertTls13.java | 52 - .../tomcat/util/net/TestCustomSslTrustManager.java | 39 +++ .../tomcat/util/net/TestSSLHostConfigCompat.java | 30 +++-- .../util/net/TestSSLHostConfigIntegration.java | 39 +++ test/org/apache/tomcat/util/net/TestSsl.java | 84 +++-- test/org/apache/tomcat/util/net/TesterSupport.java | 46 +--- .../tomcat/util/net/openssl/TestOpenSSLConf.java | 45 +++ .../websocket/TestWebSocketFrameClientSSL.java | 54 - .../tomcat/websocket/TestWsWebSocketContainer.java | 42 --- .../websocket/TestWsWebSocketContainerSSL.java | 130 + 14 files changed, 551 insertions(+), 142 deletions(-) diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java index c1bede6..e426dac 100644 --- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java +++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java @@ -18,15 +18,24 @@ package org.apache.catalina.valves.rewrite; import java.io.IOException; import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; import jakarta.servlet.ServletException; import org.junit.Assert; +import org.junit.Assume; import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameter; import org.apache.catalina.Container; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.catalina.core.AprLifecycleListener; +import org.apache.catalina.core.StandardServer; import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.TomcatBaseTest; import org.apache.catalina.valves.ValveBase; @@ -34,15 +43,37 @@ import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.TesterSupport; +@RunWith(Parameterized.class) public class TestResolverSSL extends TomcatBaseTest { +@Parameterized.Parameters(name = "{0}") +public static Collection parameters() { +List parameterSets = new ArrayList<>(); +parameterSets.add(new Object[] { +"JSSE", Boolean.FALSE, "org.apache.tomcat.util.net.jsse.JSSEImplementation"}); +parameterSets.add(new Object[] { +"OpenSSL", Boolean.TRUE, "org.apache.tomcat.util.net.openssl.OpenSSLImplementation"}); + +return parameterSets; +} + +@Parameter(0) +public String connectorName; + +@Parameter(1) +public boolean needApr; + +@Parameter(2) +public String sslImplementationName; + + @Test public void testSslEnv() throws Exception { Tomcat tomcat = getTomcatInstance(); Container root = tomcat.getHost().findChild(""); root.getPipeline().addValve(new ResolverTestValve()); -// Enable session caching so the SSL Session is available when using APR +// Enable session caching so the SSL Session is available when using OpenSSL SSLHostConfig sslHostConfig = tomcat.getConnector().findSslHostConfigs()[0]; sslHostConfig.setSessionCacheSize(20 * 1024); @@ -138,5 +169,14 @@ public class TestResolverSSL extends TomcatBaseTest { TesterSupport.configureClientCertContext(tomcat); TesterSupport.configureClientSsl(); + + Assert.assertTrue(tomcat.getConnector().setProperty("sslImplementationName", sslImplementationName)); + +if (needApr) { +AprLifecycleListener listener = new AprLifecycleListener(); +Assume.assumeTrue(AprLifecycleListener.isAprAvailable()); +StandardServer server = (StandardServer) tomcat.getServer(); +server.addLifecycleListener(listener); +} } } diff --git a/test/org/apache/coyote/http2/TestHttp2Limits.java b/test/org/apache/coyote/http2/TestHttp2Limits.java index bd7578c..2cc7792 100644 --- a/test/org/apache/coyote/http2/TestHttp2Limits.java +++ b/test/org/apache/coyote/http2/TestHttp2Limits.java @@ -42,7 +42,7 @@ public class TestHttp2Limits extends Http2TestBase { @Test public void testSettingsOverheadLimits() throws Exception { -http2Connect(false); +
[tomcat] branch main updated (22b076e -> a3a6a89)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 22b076e Split into two tests in preparation for improving coverage new 314568f Remove APR/Native connector implementation. new 5c1b14a Refactor SSL tests to test both JSSE and OpenSSL implementations new a3a6a89 Update documentation to reflect removal of APR connector The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: BUILDING.txt | 24 +- RUNNING.txt| 12 +- TOMCAT-NEXT.txt|6 +- build.properties.default |2 - build.xml | 22 +- conf/server.xml|3 +- java/org/apache/catalina/connector/Connector.java |8 - .../catalina/connector/LocalStrings.properties |2 - .../catalina/connector/LocalStrings_fr.properties |2 - .../catalina/connector/LocalStrings_ja.properties |2 - .../catalina/connector/LocalStrings_ko.properties |2 - .../connector/LocalStrings_zh_CN.properties|2 - .../catalina/manager/StatusManagerServlet.java | 11 - .../apache/catalina/manager/StatusTransformer.java | 69 - .../catalina/security/SecurityClassLoad.java |1 - java/org/apache/catalina/startup/Tomcat.java |4 +- java/org/apache/coyote/AbstractProcessor.java |4 +- java/org/apache/coyote/AbstractProtocol.java |8 +- java/org/apache/coyote/ProtocolHandler.java|9 - java/org/apache/coyote/ajp/AjpAprProtocol.java | 66 - .../apache/coyote/http11/Http11AprProtocol.java| 75 - java/org/apache/tomcat/jni/Address.java| 121 - java/org/apache/tomcat/jni/Directory.java | 107 - java/org/apache/tomcat/jni/File.java | 751 -- java/org/apache/tomcat/jni/Global.java | 105 - java/org/apache/tomcat/jni/Local.java | 83 - java/org/apache/tomcat/jni/Lock.java | 136 - java/org/apache/tomcat/jni/Mmap.java | 80 - java/org/apache/tomcat/jni/Multicast.java | 86 - java/org/apache/tomcat/jni/Poll.java | 194 -- java/org/apache/tomcat/jni/PoolCallback.java | 36 - java/org/apache/tomcat/jni/Proc.java | 218 -- java/org/apache/tomcat/jni/ProcErrorCallback.java | 41 - java/org/apache/tomcat/jni/Procattr.java | 187 -- java/org/apache/tomcat/jni/Registry.java | 248 -- java/org/apache/tomcat/jni/SSLSocket.java | 136 - java/org/apache/tomcat/jni/Shm.java| 132 - java/org/apache/tomcat/jni/Socket.java | 635 - java/org/apache/tomcat/jni/Status.java | 268 -- java/org/apache/tomcat/jni/Stdlib.java | 99 - java/org/apache/tomcat/jni/Thread.java | 36 - java/org/apache/tomcat/jni/Time.java | 85 - java/org/apache/tomcat/jni/User.java | 138 - java/org/apache/tomcat/util/net/Acceptor.java | 17 +- java/org/apache/tomcat/util/net/AprEndpoint.java | 2782 java/org/apache/tomcat/util/net/AprSSLSupport.java | 132 - .../apache/tomcat/util/net/LocalStrings.properties | 19 - .../tomcat/util/net/LocalStrings_cs.properties |5 - .../tomcat/util/net/LocalStrings_de.properties |9 - .../tomcat/util/net/LocalStrings_es.properties |8 - .../tomcat/util/net/LocalStrings_fr.properties | 20 - .../tomcat/util/net/LocalStrings_ja.properties | 19 - .../tomcat/util/net/LocalStrings_ko.properties | 19 - .../tomcat/util/net/LocalStrings_pt_BR.properties |2 - .../tomcat/util/net/LocalStrings_zh_CN.properties | 19 - .../apache/tomcat/util/net/mbeans-descriptors.xml | 226 -- .../ObjectReflectionPropertyInspector.java |4 - res/findbugs/filter-false-positives.xml| 104 - .../native-image/tomcat-reflection.json|2 - res/ide-support/netbeans/nb-tomcat.xml |4 +- res/tomcat.nsi |2 +- .../apache/catalina/mbeans/TestRegistration.java |2 - .../apache/catalina/startup/TomcatBaseTest.java| 10 - .../catalina/valves/rewrite/TestResolverSSL.java | 42 +- .../coyote/ajp/TestAbstractAjpProcessor.java |2 - test/org/apache/coyote/http2/TestHttp2Limits.java |8 +- test/org/apache/coyote/http2/TestLargeUpload.java | 48 + test/org/apache/tomcat/jni/AbstractJniTest.java| 46 - test/org/apache/tomcat/jni/TestFile.java | 72 -
[Bug 65513] Change in browser cache behavior introduced in 9.0.51
https://bz.apache.org/bugzilla/show_bug.cgi?id=65513 --- Comment #1 from Mark Thomas --- Background: http://tomcat.markmail.org/thread/33sxtlnlpgcuecx6 CONFIDENTIAL only implies private caching, not no caching. Enabling securePagesWithPragma="true" for your authenticator may be a viable work-around until the web application is fixed. I'm currently leaning towards closing this as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65513] New: Change in browser cache behavior introduced in 9.0.51
https://bz.apache.org/bugzilla/show_bug.cgi?id=65513 Bug ID: 65513 Summary: Change in browser cache behavior introduced in 9.0.51 Product: Tomcat 9 Version: 9.0.52 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: scott.t.na...@gmail.com Target Milestone: - My web application uses a transport-guarantee of CONFIDENTIAL in the web.xml security-constraint. When using Tomcat 9.0.43, the response headers include "Expires: Jan 1, 1970" and user browsers will not cache any of the pages from my application. After upgrading to Tomcat 9.0.52, the "Expires" header is no longer present and user browsers are suddenly caching pages. This unexpected change in behavior is leading to breakage in my web application. The change in behavior appears to be related to this changelog message: > Fix: To avoid unnecessary cache revalidation, do not add an HTTP Expires > header when setting adding an HTTP header of CacheControl: private. (markt) The commit message associated with the change seems to be focused on the behavior of proxy caches and it's not clear that the behavior of browser caches was taken into account. Admittedly, my web application should be more robust in regards to explicitly setting Cache-Control and Expires headers on pages where caching cannot be tolerated. However, mine is unlikely to be the only web application that is inadvertently and unknowingly relying on the pre-9.0.51 behavior that automagically disabled browsers from caching web application pages when security constraints are present. I think this breaking change should be reverted from Tomcat 9.x. The behavior has existed for the entire lifecycle of Tomcat 9 and the change does not appear to have been driven by a bug report (at least not one that I could find or one that was referenced in the commit), so the adage "if it ain't broke, don't fix it" may be applicable. The optimization is a good improvement, but is probably more appropriate for Tomcat 10 where the the change in behavior is acceptable as part of a major version upgrade. If the change remains in Tomcat 9, it should be documented in the migration guide since users may need to update configuration and/or code to account for the change in behavior. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org