Mark,
On 1/26/21 06:48, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
n
Mark,
On 1/24/21 04:44, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
n
Mark,
On 1/21/21 09:15, Mark Thomas wrote:
On 21/01/2021 13:51, Christopher Schultz wrote:
Mark,
On 1/20/21 11:58, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos
Mark,
On 1/20/21 11:58, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new
Mark,
On 1/20/21 08:56, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new
Mark,
It seems like this could be easier if we defined a string constant or
two somewhere and referenced it from everywhere.
For the JSP files, perhaps the Manager web application could stuff the
copyright notice into the servlet (application) context on startup and
the JSP could pull the va
Mark,
On 12/8/20 12:17, Mark Thomas wrote:
The following votes were case:
Binding:
+1 (beta): remm, isapir, mturk, mgrigorov, ebourg, markt
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Someone reported on the users' list it appear
All,
For Tomcat 10 (only), I propose we change the default SSLHostConfig
protocols attribute from the current "SSLv2Hello, TLSv1, TLSv1.1,
TLSv1.2, TLSv1.3" to SSLv2Hello, TLSv1.2, TLSv1.3".
(That is, remove TLSv1 and TLSv1.1 from the default list.)
Any objections?
-chris
-
Rémy and Jean-Frederic,
On 1/6/21 06:20, Rémy Maucherat wrote:
On Wed, Jan 6, 2021 at 11:58 AM jean-frederic clere
wrote:
Hi,
While testing the tomcat clustering I have noted that at the start from
time to the attribute replication is failing.
While debugging I have the messages:
+++
05-Jan-
Mladen,
On 12/23/20 11:24, Mladen Adamović wrote:
On Wed, Dec 23, 2020 at 4:44 PM Romain Manni-Bucau
wrote:
1. Usage, typically if you run in kubernetes or any managed instance env
then you don't care and will restart the instance (with graceful shutdown)
when needed
This is outside of my
Romain,
On 12/23/20 10:43, Romain Manni-Bucau wrote:
Well there are a few points to take into account here:
> [snip]
>
2. There are several tomcat instances out there using certbot (my blog is a
tomee with certbot on for example) so can also be a lack of doc/knowledge
+1
I know this works
h would showcase a path to something like:
Option 2) Without Tomcat Native
...
I don't know what is the formal process for improving the
documentation
here?
Le sam. 19 déc. 2020 à 15:24, Mladen Adamović <
mladen.adamo...@gmail.com
a
écrit :
On Sat, D
Mladen,
On 12/20/20 09:40, Mladen Turk wrote:
On 19/12/2020 00:16, Christopher Schultz wrote:
Mladen,
On 12/18/20 15:10, Mladen Turk wrote:
It can be used for various deployments.
Apache Tomcat can use catalina.bat directly
for running service ... more details at
https://github.com/mturk
Mladen,
On 12/19/20 11:33, Mladen Adamović wrote:
On Sat, Dec 19, 2020 at 5:06 PM Romain Manni-Bucau
wrote:
On a side note, Tomcat might be lacking a command line manager utility,
having manager running on a port sounds... like we are people who avoid a
command line, no?
There is a command-l
Mladen,
On 12/19/20 05:12, Mladen Adamović wrote:
Hi guys,
*Shortly*: Tomcat should have either Connector or SSLHostConfig option to
automatically reload certificate from the same file after X days, i.e.
reloadAfterDays=10 to force Tomcat to reload the certificate automatically
after 10 days.
Mladen,
On 12/18/20 15:10, Mladen Turk wrote:
We use Procrun from Apache Commons Daemon project
as a service wrapper for Apache Tomcat for quite some time.
There are many problems with that package.
I have created a project named SvcBatch
https://github.com/mturk/svcbatch
It can be used for va
Rémy,
On 12/18/20 08:20, Rémy Maucherat wrote:
On Fri, Dec 18, 2020 at 12:19 PM Martin Grigorov
wrote:
On Fri, Dec 18, 2020 at 11:12 AM Rémy Maucherat wrote:
Hi,
I'd like to refactor the compat classes to align with the LTS versions:
- Move Jre9Compat to Jre11Compat
- I'll probably refact
Martin,
On 12/11/20 15:52, Martin Grigorov wrote:
On Fri, Dec 11, 2020, 21:34 Christopher Schultz <
ch...@christopherschultz.net> wrote:
Rainer,
On 12/11/20 14:19, Rainer Jung wrote:
Hi Chris,
Am 11.12.2020 um 19:53 schrieb Christopher Schultz:
Rainer,
On 12/11/20 06:19, Raine
Rainer,
On 12/11/20 14:19, Rainer Jung wrote:
Hi Chris,
Am 11.12.2020 um 19:53 schrieb Christopher Schultz:
Rainer,
On 12/11/20 06:19, Rainer Jung wrote:
Am 11.12.2020 um 09:49 schrieb Martin Grigorov:
On Fri, Dec 11, 2020 at 10:41 AM Martin Grigorov
wrote:
Hi Rainer,
On Fri, Dec 11
Rainer,
On 12/11/20 06:19, Rainer Jung wrote:
Am 11.12.2020 um 09:49 schrieb Martin Grigorov:
On Fri, Dec 11, 2020 at 10:41 AM Martin Grigorov
wrote:
Hi Rainer,
On Fri, Dec 11, 2020 at 10:37 AM Rainer Jung
wrote:
Am 11.12.2020 um 08:25 schrieb mgrigo...@apache.org:
This is an automated
Martin,
On 12/11/20 04:02, Martin Grigorov wrote:
On Fri, Dec 11, 2020 at 10:53 AM Mark Thomas wrote:
On 11/12/2020 08:49, Martin Grigorov wrote:
On Fri, Dec 11, 2020 at 10:41 AM Martin Grigorov
wrote:
On Fri, Dec 11, 2020 at 10:37 AM Rainer Jung
Maybe one could
cd `dirname $0`
Mark,
On 12/10/20 11:14, Mark Thomas wrote:
[snip]
>
Doing conversion on the fly or at deployment/start-up time raises
various issues that boil down to "How do we detect if conversion is
required?" and "What are the performance impacts of doing so?". There
are users who want to squeeze every l
Mark,
On 12/10/20 11:14, Mark Thomas wrote:
On 10/12/2020 14:52, Romain Manni-Bucau wrote:
Le jeu. 10 déc. 2020 à 15:49, Rémy Maucherat a écrit :
On Thu, Dec 10, 2020 at 3:13 PM Mark Thomas wrote:
On 10/12/2020 13:58, Christopher Schultz wrote:
Since this is a developer tool and not a
Mark,
On 12/10/20 09:13, Mark Thomas wrote:
On 10/12/2020 13:58, Christopher Schultz wrote:
Mark,
On 12/10/20 06:39, Mark Thomas wrote:
The proposed Apache Tomcat migration tool for Jakarta EE 0.1.0 is now
available for voting.
This is (potentially) the first release.
It can be obtained
Mark,
On 12/10/20 07:24, Mark Thomas wrote:
With the recent OpenSSL vulnerability announcement I'm intended to
produce a Tomcat Native release that picks up the latest OpenSSL version
for the Windows binaries. I'll start on this shortly.
+1 though this is a much bigger deal for clients than fo
Mark,
On 12/10/20 06:39, Mark Thomas wrote:
The proposed Apache Tomcat migration tool for Jakarta EE 0.1.0 is now
available for voting.
This is (potentially) the first release.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v0.1.0/
The Maven staging
Graham,
On 12/9/20 08:36, Graham Leggett wrote:
[Downstream use of Tomcat] is the core of the problem - gone are the
days when Tomcat was just a simple server that people downloaded and
used to make bespoke web services and could write code any way they
liked. Now Tomcat is part of other systems
All,
Does anyone have any objections to me clarifying the documentation for
the APRLifecycleListener to say that it's really configuring tcnative
and, despite its name, it can (and sometimes should!) be used even if
the APR connector isn't being used?
-chris
Mark,
Thanks for RMing.
On 12/3/20 09:49, Mark Thomas wrote:
The proposed Apache Tomcat 8.5.61 release is now available for voting.
The notable changes compared to the 8.5.60 release are:
- Align the behaviour of ServletContext.getRealPath(String path) with
the recent clarification from th
Emmanuel,
I'm curious as to why this change is warranted. I'm not suggesting it's
not... just wondering what the benefit is? Avoiding a pass-through
method call?
Thanks,
-chris
On 12/1/20 19:40, ebo...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
eb
Graham,
On 12/1/20 12:43, Graham Leggett wrote:
On 01 Dec 2020, at 13:48, Rémy Maucherat wrote:
You still have years to plan a migration off the APR connector as it will
only be removed in 10.1 and Tomcat 9.0 continues to be supported.
This eventual removal or APR has been discussed for year
Graham,
On 12/1/20 06:05, Graham Leggett wrote:
Hi all,
I object to the deprecation of the tomcat-native/APR connector.
Most specifically, I am -1 on the following:
https://marc.info/?l=tomcat-dev&m=160681846808019&w=2
Looking at past discussion on this, the justification has been:
"It is i
Mark,
If it's important, you didn't:
1. Start a new thread
2. Change the subject to [VOTE][RESULT]
-chris
On 11/17/20 15:30, Mark Thomas wrote:
The following votes were cast:
Binding:
+1: markt, mgrigorov, remm, isapir
No other votes were cast.
The vote therefore passes.
Thanks to everyon
Rémy,
On 11/9/20 08:45, Rémy Maucherat wrote:
Hi,
As part of https://github.com/apache/tomcat/pull/376 and along with
the similar removal of JDBCRealm, I would like to propose: - Remove
JDBC code from JDBCStore in Tomcat 10, in favor of DataSource code;
this allows simplifying and removing glob
Mark,
On 11/5/20 14:59, Mark Thomas wrote:
Woot!
The great folks at bnd have fixed this. It means depending on a snapshot
but compared to the disruption of the alternatives I think that is
acceptable for the short term.
The issue with depending on a snapshot is reproducibility of builds. The
s
Rémy,
On 10/30/20 12:40, Rémy Maucherat wrote:
On Fri, Oct 30, 2020 at 5:34 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Rémy,
On 10/30/20 10:21, Rémy Maucherat wrote:
On Fri, Oct 30, 2020 at 2:41 PM Christopher Schultz <
ch...@christopherschultz.net> wrot
Rémy,
On 10/30/20 10:21, Rémy Maucherat wrote:
On Fri, Oct 30, 2020 at 2:41 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
All,
I propose that we enable RECYCLE_FACADES by default in Tomcat 10.
It has already been refactored.
Oh, right. So maybe I need to am
All,
I propose that we enable RECYCLE_FACADES by default in Tomcat 10.
Reasons:
1. It is "safer"
When running untrusted applications, a malicious application can
potentially spy on others.
Application bugs can cause request/response confusion.
2. It reduces the number of false bug reports
Rainer,
I recently had some weirdness with TLS connections as well. Please see
my post titled "SSLException after Java upgrade".
"Recently", Java moved certain EC curves to the attic and won't
handshake properly anymore.
Another investigation of my own product running into a network excepti
Konstantin,
On 10/26/20 20:47, Konstantin Kolinko wrote:
пт, 2 окт. 2020 г. в 00:09, Mark Thomas :
Hi all,
The topic came up at the BoF session at the end of the Tomcat track of
migrating the website from svn to git. There were strong opinions both
for migrating and for sticking with svn.
As
Igal,
On 10/10/20 16:08, isa...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> isapir pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by thi
Mark,
On 10/3/20 14:39, Mark Thomas wrote:
> Hi all,
>
> I mentioned TCK status during a couple of ApacheCon presentations.
> Having checked the current status I thought it would be worth sending a
> brief note to the list. More detail is on the wiki:
> https://cwiki.apache.org/confluence/display
Rémy,
On 9/29/20 07:57, Rémy Maucherat wrote:
> On Tue, Sep 29, 2020 at 1:32 PM Mark Thomas wrote:
>
>> All,
>>
>> Removing the APR connector (HTTP and AJP) is currently on the TODO list
>> for Tomcat 10.0.x (i.e. the current development branch).
>>
>> I am wondering whether we are still happy w
Konstantin,
On 9/27/20 14:33, Konstantin Kolinko wrote:
> сб, 26 сент. 2020 г. в 18:12, Christopher Schultz
> :
>>
>> All,
>>
>> I'm writing about the above topic for ApacheCon @ Home and I wanted to
>> get some confirmation about a few statements. The cod
All,
I'm writing about the above topic for ApacheCon @ Home and I wanted to
get some confirmation about a few statements. The code is ... large and
complex and it will be easier to just ask for help from those who Know.
"
Many files in CATALINA_BASE are optional
* Override those in CATALINA_HOME
All,
I've recently been thinking about application uses of servlet-async and
Websocket for long-running operations, or really for any interactions
where you want to allow the request-processing thread to go back into
the pool, but the application is still doing useful things and therefore
needs it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Could someone better at CSS look into this for me?
I sometimes find myself searching the changelog for some string e.g.
"keystore". I generally do that by loading-up the changelog in my
browser and using the browser's "Find" feature to search
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 9/3/20 10:34, Mark Thomas wrote:
> The following votes were cast:
>
> Binding: +1: markt, mgrigorov, fschumacher
>
> +0: schultz
>
> The vote therefore passes.
>
> I think it is worth noting that there were crashes / unit test
> failures re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/21/20 14:22, Mark Thomas wrote:
> Version 1.2.25 includes the following changes compared to 1.2.24
>
> - Improvements to LibreSSL support
>
> - Improvements to HP_UX support
>
> Various other fixes and improvements. See the changelog for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 9/1/20 14:38, Mark Thomas wrote:
> On 01/09/2020 18:01, Christopher Schultz wrote:
>> All,
>>
>> I'd like to propose that we publish a security.txt[1] file on our
>> web site under /.well-known/security.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'd like to propose that we publish a security.txt[1] file on our web
site under /.well-known/security.txt and /security.txt
This file contains information we all already know, but it's in
obviously "proprietary" locations on our web site and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 8/27/20 07:55, mgrigo...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> mgrigorov pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The fol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/26/20 13:36, Mark Thomas wrote:
> On 26/08/2020 17:56, Christopher Schultz wrote:
>> Mark,
>>
>> On 8/26/20 11:19, ma...@apache.org wrote:
>>> This is an automated email from the ASF dual-hosted git
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dave,
On 8/25/20 14:05, Dave Wichers wrote:
> Per:
> https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Heade
r_Security_Filter
>
>
and
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_
Security_Filter
>
> they b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/26/20 11:19, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> markt pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit f1c4210470a2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 8/16/20 15:59, Konstantin Kolinko wrote:
> вс, 16 авг. 2020 г. в 21:32, Igal Sapir :
>>
>> I don't see any scripts either. Why not add a CSP and set script
>> to 'none'? I can add that if no one objects.
>>
>
> sessionsList.jsp has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm happy to announce that the Apache Tomcat track schedule has been
posted for ApacheCon @ Home, our virtual conference to replace
"ApacheCon North America 2020". If you use social media to discuss
this event, please use #ACAH2020 and tag @apa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 8/12/20 10:02, Konstantin Kolinko wrote:
> вт, 28 июл. 2020 г. в 16:55, Christopher Schultz
> :
>>
>> All,
>>
>> I was looking at this PR[1] and wondering why we have huge swaths
>> of CSS and HT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Igal,
On 8/11/20 23:23, Igal Sapir wrote:
> Chris,
>
> On Mon, Aug 10, 2020 at 12:20 PM Martin Grigorov
> mailto:mgrigo...@apache.org>> wrote:
>
>
> On Tue, Jul 28, 2020, 16:48 Christopher Schultz
> <mailto:ch.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/11/20 15:04, Mark Thomas wrote:
> On 11/08/2020 17:30, Michael Osipov wrote:
>> Am 2020-08-10 um 17:46 schrieb Mark Thomas:
>>> Hi all,
>>>
>>> I'd like to propose removing all the functional spec pages from
>>> the documentation web appl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm wondering if we shouldn't add EOL dates to the "which version" page.
The table on that page is very busy, but I think it would help to know:
1. When a currently-supported version will be EOL'd (e.g. 7.0.x)
2. When a superseded version has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alan,
On 8/3/20 21:25, Alan Basche wrote:
> I have recently developed code for Tomcat 8.5 that defends against
> black-hats probing Tomcat and the website apps for
> vulnerabilities. This coding effort started a year ago, and the
> latest code has b
6 0x7f2a08b0df60
> apr_pool_terminate (libapr-1.so.0) #7 0x7f2a1be0f1f0 n/a
> (n/a) #8 0x7f2a1be00849 n/a (n/a) #9 0x7f2a38faab42
> _ZN9JavaCalls11call_helperEP9JavaValueRK12methodHandleP17JavaCallArgum
entsP6Thread
>
>
(libjvm.so)
> #10 0x7f2a393b8de0
> _
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rainer,
On 8/1/20 11:44, Rainer Jung wrote:
> Sorry, wrong dev list.
I thought it was interesting anyway :)
How about libtcnative built against OpenSSL 3.0.0?
- -chris
> Am 01.08.2020 um 12:07 schrieb Rainer Jung:
>> Hi there,
>>
>> during relea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I was looking at this PR[1] and wondering why we have huge swaths of
CSS and HTML in a Java source file, instead of using e.g. JSP or some
other content-generation framework.
I know, I hate JSP, too, but having large blocks of HTML and CSS in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Filip,
On 7/22/20 12:41, Filip Hanik wrote:
> Hi Christopher,
>>> environments. -Class clazz =
>>> Class.forName(className); -return
>>> (AuthConfigFactory) clazz.getConstructor().newInstance()
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Filip,
On 7/21/20 11:22, fha...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> fhanik pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
While the CFP is officially closed for ApacheCon, there is still some
space in the Tomcat track if anyone is still considering a presentation.
Please email me privately if you'd like to submit a topic. Just put
"apachecon" in the subject. (It'
anager webapp to
> alter the allowed TLS levels?
This should work.
- -chris
> -Original Message- From: Christopher Schultz
> Sent: 13 July 2020 11:44 PM To:
> dev@tomcat.apache.org Subject: Re: Support for LetsEncrypt certs,
> and update process, in
Tomcat without restart.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Filip,
On 7/13/20 17:59, Filip Hanik wrote:
> for discussion, all feedback and questions welcome:
>
>
> I've created a concept of having Apache Tomcat, embedded, run
> without reflection in a native image. This concept creates a jar,
> tomcat-embedd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Merlin,
On 7/13/20 06:09, Merlin Beedell wrote:
> Hi all,
>
> Thank you for your valuable assistance and suggestions so far.
>
>
>
> I did eventually try this (again, using ‘groovy’ as a
> simple-to-use scriptable wrapper to Java), which looks like
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 7/8/20 18:37, Christopher Schultz wrote:
> All,
>
> [Cross-posting to dev@, please reply to users@]
>
> ApacheCon NA 2020 is now "ApacheCon @Home" due to the COVID-19
> pandemic, and will be held online 29 Septem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
[Cross-posting to dev@, please reply to users@]
ApacheCon NA 2020 is now "ApacheCon @Home" due to the COVID-19
pandemic, and will be held online 29 September - 1 October 2020. This
is a great opportunity for anyone who has never attended an Ap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
On 7/8/20 11:47, Rémy Maucherat wrote:
> On Wed, Jul 8, 2020 at 5:10 PM Christopher Schultz
> <mailto:ch...@christopherschultz.net>>
wrote:
>
> Rémy,
>
> On 7/8/20 10:35, Rémy Maucherat wrote:
>> On Wed, J
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
On 7/8/20 10:35, Rémy Maucherat wrote:
> On Wed, Jul 8, 2020 at 4:26 PM Christopher Schultz
> <mailto:ch...@christopherschultz.net>> wrote:
>
>>> Clearly, no, with multiple elements, the digester rules added
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
On 7/8/20 10:20, Rémy Maucherat wrote:
> On Wed, Jul 8, 2020 at 4:14 PM Christopher Schultz
> <mailto:ch...@christopherschultz.net>>
wrote:
>
> Rémy,
>
> On 7/8/20 04:16, Rémy Maucherat wrote:
>> On Tue, J
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
On 7/8/20 04:16, Rémy Maucherat wrote:
> On Tue, Jul 7, 2020 at 4:26 PM Christopher Schultz
> <mailto:ch...@christopherschultz.net>>
wrote:
>
> Rémy,
>
> On 7/7/20 03:10, Rémy Maucherat wrote:
>> On Mon, J
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
On 7/7/20 03:10, Rémy Maucherat wrote:
> On Mon, Jul 6, 2020 at 9:27 PM Christopher Schultz
> <mailto:ch...@christopherschultz.net>>
wrote:
>
> All,
>
> Jakarta EE 5.0 does not appear to include support for S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 7/6/20 16:45, Mark Thomas wrote:
> On 06/07/2020 21:23, Christopher Schultz wrote:
>> All,
>>
>> I'm looking at modifying the existing LoadBalancerDrainingValve
>> to also function as a Filter if necessary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm looking at modifying the existing LoadBalancerDrainingValve to
also function as a Filter if necessary (my application uses a Filter
to establish authentication information, so I'd like the "valve" to
act *after* the filter if possible) and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Jakarta EE 5.0 does not appear to include support for SameSite
cookies. Tomcat's CookieProcessor allows an administrator to set the
SameSite cookie policy, but it's a blanket policy.
So for example, if you want a JSESSIONID cookie to be "stric
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 7/6/20 03:09, mgrigo...@apache.org wrote:
> diff --git
> a/java/org/apache/catalina/connector/CoyotePrincipal.java
> b/java/org/apache/catalina/connector/CoyotePrincipal.java index
> 1ae5608..93d7c02 100644 ---
> a/java/org/apache/catalin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I recently had the displeasure of tracking-down a mismatched AJP "max
packet size" on a service. The symptom was that when a large POST
request came in ( > 8192 bytes ), Tomcat would log two errors in quick
succession:
1. org.apache.catalina.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 6/26/20 10:48, Mark Thomas wrote:
> Picking up this thread again I see a range of views. "main" seems
> to be the most popular although several folks suggested "10.0.x"
> and "use whatever GitHub use". There was also interest in "trunk".
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'd like to refactor a bit and move BaseEncryptionManager and
associated code out of the EncryptInterceptor class. Where would be a
good place to put it?
Some potential candidates:
org/apache/catalina/util
org/apache/catalina/security
org/apa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 6/9/20 08:13, Mark Thomas wrote:
> On 08/06/2020 22:29, Christopher Schultz wrote:
>> I think that's enough for now. So the questions are:
>>
>> 1. Does anyone really want Tomcat to be worried about this stuf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 6/16/20 04:02, Mark Thomas wrote:
> All,
>
> You may have seen the recent discussions both inside and outside
> the ASF about the user of "master" as the name of the default git
> branch. If you haven't, the short version is that the name c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 6/13/20 14:54, Michael Osipov wrote:
> Am 2020-06-12 um 23:54 schrieb Christopher Schultz:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> All,
>>
>> I've been writing a Java-based certif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I see Mladen has gone crazy updating mod_jk for IIS. The build process
looks fairly straightforward in a way that isn't so straightforward
for e.g. libtcnative.
I suspect most of it is the work that has gone into his "Custom
Microsoft Compiler
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I've been writing a Java-based certification-expiration checking
utility that can handle all kinds of file formats like PEM and the
various keystore formats supported by the JVM.
Since it's not possible to tell what type of keystore is being l
od) impl
> does not.
Your LetsEncryptManager seems to call reloadSslHostConfigs. What does
Meecrowave do differently?
- -chris
> Le jeu. 11 juin 2020 à 19:20, Christopher Schultz
> <mailto:ch...@christopherschultz.net>> a écrit :
>
> Merlin,
>
> On 6/10/20 12:32, Merli
pproach where the server actually has a
plug-in for let's encrypt (or similar).
Romain @ TomEE has written a WAR file that implements this inside-out
approach as a generic ACME servlet (context listener?), but I can't
seem to find his code anywhere...
- -chris
> -Original Message-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm not sure who can fix this, but when I go to
wiki.apache.org/tomcat, I'm redirected to
https://cwiki-test.apache.org/confluence/display/tomcat which returns
a "Service Unavailable" error.
Without the /tomcat, I get redirected to the new Apa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Tomcat stores sessions without any encryption and/or authentication,
and anyone with write-access to the session-store can poison a session
and mount an attack. This kind of attack is (arguably appropriately)
declared to be outside of the scope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Merlin,
On 6/8/20 10:17, Merlin Beedell wrote:
> I am getting a lot of flack from some senior devs who insist that
> Tomcat must be put behind a Proxy – HA Proxy or Nginx, which will
> handle the SSL offloading etc.
>
> While this seems sensible for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 6/2/20 11:44, Mark Thomas wrote:
> On 02/06/2020 16:37, Christopher Schultz wrote:
>> Mark,
>>
>> On 6/2/20 06:24, ma...@apache.org wrote:
>>> This is an automated email from the ASF dual-hosted git
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 6/2/20 06:24, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> markt pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following comm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
On 5/29/20 11:25, r...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> remm pushed a commit to branch 8.5.x in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit ddc3027029dae38
file. afda9f0
> is described below
>
> commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher
> Schultz AuthorDate: Fri May 15
> 10:05:59 2020 -0400
>
> Use parametric replacement to ensure the proper version of wsdl4j
> is written to Eclipse's .classpath file. --- build.xml
> | 3 ++- res
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 5/15/20 07:36, Konstantin Kolinko wrote:
> чт, 14 мая 2020 г. в 18:48, Christopher Schultz
> :
>>
>> All,
>>
>> I'm interested in the history of the
>> StandardSession.writeObjectData method.
801 - 900 of 2258 matches
Mail list logo