Mark,
On 1/5/15 8:13 AM, Mark Thomas wrote:
> The proposed Apache Tomcat 8.0.16 release is now available for voting.
>
> The main changes since 8.0.15 are:
> - Correct a regression in annotation scanning introduced in 8.0.15
> - The RemoteAddrValve and RemoteHostValve can now optionally include
>
All,
I give up. I can't seem to figure out exactly how common/config.h comes
into existence during the "configure" process.
When compiling on Mac OS X, I get the following irritating warning:
In file included from mod_jk.c:89:
In file included from ../common/jk_global.h:29:
../common/config.h:81
Rainer,
On 1/7/15 6:24 AM, Rainer Jung wrote:
> Am 07.01.2015 um 03:15 schrieb Konstantin Kolinko:
>> 2015-01-07 2:25 GMT+03:00 Christopher Schultz
>> :
>>> All,
>>>
>>> I give up. I can't seem to figure out exactly how common/config.h comes
&g
All,
There is a function in src/jnilib.c starting on line 119 called
tcn_new_stringn that appears to be unused:
jstring tcn_new_stringn(JNIEnv *env, const char *str, size_t l)
clang brought it to my attention because it's got a logical error in it:
size_t len = l;
[...]
if (l < 0)
All,
As far as I can tell, the 1.1 branch has gotten way out of sync with the
trunk, here. Rainer has been doing a lot of work on the trunk, lately,
with nothing being back-ported.
Is anyone interested in an effort to bring these two back into sync with
each other?
There are whole features (e.g.
All,
There is a function in src/poll.c that is completely unused:
450737 mturk static void remove_all(tcn_pollset_t *p)
450737 mturk {
450737 mturk apr_int32_t i;
450737 mturk for (i = 0; i < p->nelts; i++) {
450737 mturk apr_pollset_remove(p->pollset
Rainer,
On 1/8/15 7:33 AM, Rainer Jung wrote:
> Am 07.01.2015 um 18:58 schrieb Christopher Schultz:
>> All,
>>
>> As far as I can tell, the 1.1 branch has gotten way out of sync with the
>> trunk, here. Rainer has been doing a lot of work on the trunk, lately,
>&g
Mark,
On 1/9/15 1:26 PM, Mark Thomas wrote:
> The proposed Apache Tomcat 8.0.17 release is now available for voting.
>
> The changes since 8.0.16 are:
> - Fix a RequestListener regression
> - Fix a bug in NIO2 with sending 100-Continue responses
>
> The main changes since 8.0.15 are:
> - Correct
Mark,
On 1/21/15 10:45 AM, ma...@apache.org wrote:
> Author: markt
> Date: Wed Jan 21 15:45:06 2015
> New Revision: 1653562
>
> URL: http://svn.apache.org/r1653562
> Log:
> Fix compilation error
Just curious: this compiled fine for me. Why the change?
-chris
> Modified:
> tomcat/trunk/java
Mark,
On 1/21/15 10:37 AM, Mark Thomas wrote:
> On 21/01/2015 15:07, schu...@apache.org wrote:
>> Author: schultz
>> Date: Wed Jan 21 15:07:12 2015
>> New Revision: 1653550
>>
>> URL: http://svn.apache.org/r1653550
>> Log:
>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57473
>> Add more
Mark,
On 1/21/15 2:34 PM, Mark Thomas wrote:
> On 21/01/2015 19:14, Felipe Ebert wrote:
>> Hello
>>
>> I'm sorry that this mail is not a development issue itself, it is just a
>> question about Tomcat' exception handling. I was checking some mails at
>> Tomcat dev list and I found two interesting
Felix,
On 1/24/15 9:42 AM, fschumac...@apache.org wrote:
> Author: fschumacher
> Date: Sat Jan 24 14:42:27 2015
> New Revision: 1654524
>
> URL: http://svn.apache.org/r1654524
> Log:
> Close input and output streams in expandCGIScript to
> avoid resource leaks. Issue reported by Coverity Scan.
>
Mark,
On 1/23/15 8:09 AM, Mark Thomas wrote:
> The proposed Apache Tomcat 8.0.18 release is now available for voting.
>
> The main changes since 8.0.17 are:
> - Fix a regression that resulted in truncated responses for
> forwarded responses larger than the output buffer
>
> There is also the u
Felix,
On 1/24/15 2:33 PM, Felix Schumacher wrote:
> Am 24.01.2015 um 17:13 schrieb Christopher Schultz:
>> Felix,
>>
>> On 1/24/15 9:42 AM, fschumac...@apache.org wrote:
>>> Author: fschumacher
>>> Date: Sat Jan 24 14:42:27 2015
>>> New Revi
Mark,
On 1/26/15 3:31 AM, Mark Thomas wrote:
> On 24/01/2015 19:21, Konstantin Kolinko wrote:
>> 2015-01-24 13:00 GMT+03:00 :
>>> Author: markt
>>> Date: Sat Jan 24 10:00:32 2015
>>> New Revision: 1654487
>>>
>>> URL: http://svn.apache.org/r1654487
>>> Log:
>>> Prep for next tag
>>>
>>> Modified:
Mark,
Mark,
On 1/26/15 2:41 PM, Mark Thomas wrote:
> On 26/01/2015 15:31, Christopher Schultz wrote:
>> Mark,
>>
>> On 1/26/15 3:31 AM, Mark Thomas wrote:
>>> On 24/01/2015 19:21, Konstantin Kolinko wrote:
>>>> 2015-01-24 13:00 GMT+03:00 :
>>>&g
Felix,
On 1/27/15 2:21 PM, fschumac...@apache.org wrote:
> Author: fschumacher
> Date: Tue Jan 27 19:21:25 2015
> New Revision: 1655114
>
> URL: http://svn.apache.org/r1655114
> Log:
> Close the inputstream that was used to get the content of
> the readme file. Issue reported by Coverity Scan.
>
Mark,
On 1/27/15 2:39 PM, ma...@apache.org wrote:
> Author: markt
> Date: Tue Jan 27 19:39:03 2015
> New Revision: 1655132
>
> URL: http://svn.apache.org/r1655132
> Log:
> Start tends to make extensive use of resources. Trigger a clean-up once
> it finishes.
>
> Modified:
> tomcat/trunk/java
Mark,
On 1/28/15 3:41 AM, Mark Thomas wrote:
> [The] web site is meant to be the docs for the latest released version.
Agreed, but it almost never tells you when the latest version was
released. That's what I'm kind of hoping for. Yes, you can look at the
"News" page, but it's not in the public c
Felix,
On 1/28/15 10:52 AM, Felix Schumacher wrote:
> Am 28.01.2015 15:36, schrieb Christopher Schultz:
>> Felix,
>>
>> On 1/27/15 2:21 PM, fschumac...@apache.org wrote:
>>> Author: fschumacher
>>> Date: Tue Jan 27 19:21:25 2015
>>> New Revi
Violetta,
On 1/28/15 2:35 PM, Violeta Georgieva wrote:
> The proposed Apache Tomcat 7.0.59 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.59/
> The Maven staging repo is:
> https://repository.apache.org/content/repos
Andrew,
On 2/2/15 10:51 AM, Andrew Carr wrote:
> I work for Roguewave software (formerly OpenLogic.) I have participated on
> this dev list a while. We offer professional Tomcat support and training.
> I wanted to update the "SupportAndTraining" page on the wiki, however, I am
> unable to do so.
Mark,
On 1/30/15 9:23 AM, ma...@apache.org wrote:
> Author: markt
> Date: Fri Jan 30 14:23:00 2015
> New Revision: 1656022
>
> URL: http://svn.apache.org/r1656022
> Log:
> Clean-up
Good catch. There are very few places in Tomcat where there are
workarounds for JVM bugs (except for the whole load
Mark,
On 2/2/15 5:03 PM, Mark Thomas wrote:
> On 02/02/2015 21:57, Andrew Carr wrote:
>> Hmm... so mediocre crap isn't what you are looking for?
>
> Mediocre crap sums up the content I wrote for the blog fairly well :)
> There was the occasional article with real value but most were just
> regurg
All,
I tried logging into the wiki today and I got this message after a
/very/ long wait:
"
Invalid username or password. Different Apache Wikis can have different
user sets.
"
I've certainly used the wiki successfully in the past. Can someone take
a look?
Thanks,
-chris
signature.asc
Descri
Konstantin,
On 2/3/15 9:44 AM, Konstantin Kolinko wrote:
> 2015-02-03 17:37 GMT+03:00 Christopher Schultz :
>> All,
>>
>> I tried logging into the wiki today and I got this message after a
>> /very/ long wait:
>>
>> "
>> Invalid username or p
Felix,
On 2/5/15 3:26 PM, fschumac...@apache.org wrote:
> Author: fschumacher
> Date: Thu Feb 5 20:26:19 2015
> New Revision: 1657682
>
> URL: http://svn.apache.org/r1657682
> Log:
> Don't use instance scoped variables in try-with block, since it will get
> closed, but not nulled.
>
> Modified:
Sebb,
On 2/9/15 6:24 AM, sebb wrote:
> On 9 February 2015 at 09:12, Mark Thomas wrote:
> CVE-2014-0227 Request Smuggling
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
> - Apache Tomcat 8.0.0-RC1 to 8.0.8
> - Apache Tomcat 7.0.0 to 7.0.54
> - Apache T
Pravallika,
On 2/9/15 7:01 AM, Pravallika Peddi wrote:
> Hi Mark,
> Finally, I am able to Import the Tomcat source project to Eclipse with
> minor compile errors..
> I will work on one of the issues and let you know.
If you use Eclipse, after you check-out from Subversion, do this:
1. "Close" th
All,
On 2/9/15 6:27 PM, Bill Barker wrote:
> To whom it may engage...
>
> This is an automated request, but not an unsolicited one. For
> more information please visit http://gump.apache.org/nagged.html,
> and/or contact the folk at gene...@gump.apache.org.
>
> Project tomcat-native-ma
Mark,
On 2/10/15 10:53 AM, ma...@apache.org wrote:
> Author: markt
> Date: Tue Feb 10 15:53:06 2015
> New Revision: 1658737
>
> URL: http://svn.apache.org/r1658737
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57546
> Ensure that a dropped connection does not leave references to
Mark,
On 2/14/15 11:40 AM, ma...@apache.org wrote:
> Author: markt
> Date: Sat Feb 14 16:40:20 2015
> New Revision: 1659806
>
> URL: http://svn.apache.org/r1659806
> Log:
> Fix a concurrency issue in the APR Poller that meant it was possible under
> low load for a socket queued to be added to th
Mark,
On 2/15/15 1:46 PM, Mark Thomas wrote:
> The proposed Apache Tomcat 8.0.20 release is now available for voting.
>
> The main changes since 8.0.18 are:
> - Fix a performance regression in the new resources implementation
> when signed JARs are used in a web application.
> - Fix several bug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Marco,
This is probably a question better asked on the user mailing list. I'm
cross-posting to both lists, and I'll give more feedback on the user list.
- -chris
On 2/19/15 11:25 AM, Marco Semiao wrote:
> I use on my application a web listener ( S
Mark,
On 2/19/15 1:41 PM, Mark Thomas wrote:
> On 19/02/2015 17:45, schu...@apache.org wrote:
>> Author: schultz
>> Date: Thu Feb 19 17:45:34 2015
>> New Revision: 1660953
>>
>> URL: http://svn.apache.org/r1660953
>> Log:
>> Back-port r1660924 to fix
>> https://bz.apache.org/bugzilla/show_bug.cgi
Marco,
On 2/19/15 3:38 PM, Marco Semiao wrote:
> Thank you for your answer and sorry for putting the wrong mailing list ;)
Actually, after re-reading your post I think you were right to post to
dev@. Please see below.
> 2015-02-19 20:22 GMT+01:00 Christopher Schultz > :
>
> Marc
All,
This may be a question for infra@, but I figured I'd ask here first.
How does ASF Bugzilla take in-comment svn revisions and replace with
with links to viewvc? Like this:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540#c23
I'd like to do that with my own BZ instance, but haven't figure
Rémy,
On 2/24/15 11:44 AM, r...@apache.org wrote:
> Author: remm
> Date: Tue Feb 24 16:44:05 2015
> New Revision: 1662014
>
> URL: http://svn.apache.org/r1662014
> Log:
> Catch ISE thrown by the closed IS for a rare but possibly legitimate scenario.
>
> Modified:
>
> tomcat/trunk/java/org/a
All (and markt especially),
I'm happy to try my hand at RMing the 10.1 release line starting this
month. I suspect we'll be rolling releases as soon as the tcnative votes
are complete.
Thanks,
-chris
-
To unsubscribe, e-mail
Mark,
Thanks for RMing.
On 2/8/23 11:43, Mark Thomas wrote:
Version 1.2.36 includes the following changes compared to 1.2.35
- The windows binaries in this release have been built with OpenSSL
1.1.1t and APR 1.7.2
The proposed release artefacts can be found at [1],
and the build was done u
Mark,
I'm having trouble building on MacOS Ventura.
I downloaded the source tarball file from
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-src.tar.gz,
untarred it, and then ran the following commands:
$ ./configure --with-apr=/usr/lo
Mark,
On 2/10/23 14:30, Mark Thomas wrote:
On 10/02/2023 16:05, Christopher Schultz wrote:
Mark,
I'm having trouble building on MacOS Ventura.
I've just tested building on Ventura and don't see that issue on Intel
or M1. Everything is up to date (OS, Xcode, APR (homebr
Rainer,
On 2/10/23 15:08, Rainer Jung wrote:
Am 10.02.23 um 17:05 schrieb Christopher Schultz:
Mark,
I'm having trouble building on MacOS Ventura.
I downloaded the source tarball file from
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-n
Rainer,
On 2/10/23 15:08, Rainer Jung wrote:
Am 10.02.23 um 17:05 schrieb Christopher Schultz:
Mark,
I'm having trouble building on MacOS Ventura.
I downloaded the source tarball file from
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-n
Mark,
Thanks again for RMing.
On 2/8/23 10:45, Mark Thomas wrote:
The key differences of version 2.0.3 compared to 2.0.2 are:
- The windows binaries in this release have been built with OpenSSL
3.0.8 and APR 1.7.2
The 2.0.x branch is primarily intended for use with Tomcat 10.1.x but
can b
Vasileios,
On 2/13/23 11:17, Vasileios Mourikis wrote:
[X] Stable, go ahead and release
Note: build was successful with openssl 3.0.8 but not with 3.0.1
Can you post the details of the build failure(s)? Environment, error
messages, etc.?
-chris
Mark,
On 2/17/23 09:29, Mark Thomas wrote:
Hi all,
I wanted to provide an up dated on my plans for the February releases.
The Tomcat Native releases are complete, the dependencies updated, open
PRs and bugs reviewed and the translations updated. Tests are passing on
Linux and MacOS but I am
The proposed Apache Tomcat 8.5.86 release is now available for voting.
The notable changes compared to 8.5.85 are:
- Add an error report valve that allows redirecting to or proxying from
an external web server.
- Add the shared address space specified by RFC 6598 (100.64.0.0/10)
to the list
The proposed Apache Tomcat 10.1.6 release is now available for
voting.
The notable changes compared to 10.1.5 are:
- Switch to using the ServiceLoader mechanism to load the custom URL
protocol handlers that Tomcat uses.
- Update the packaged version of the Apache Tomcat Native Library to
2.
Igal,
On 2/18/23 23:19, Igal Sapir wrote:
Chris,
On Sat, Feb 18, 2023 at 5:57 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
The proposed Apache Tomcat 8.5.86 release is now available for voting.
The notable changes compared to 8.5.85 are:
- Add an error report valv
chris
On 2/19/23 09:11, Christopher Schultz wrote:
The proposed Apache Tomcat 10.1.6 release is now available for
voting.
The notable changes compared to 10.1.5 are:
- Switch to using the ServiceLoader mechanism to load the custom URL
protocol handlers that Tomcat uses.
- Update the pac
Konstantin,
On 2/20/23 08:43, Konstantin Kolinko wrote:
пн, 20 февр. 2023 г. в 16:16, Christopher Schultz
:
All,
I'm getting a failure on
jakarta.servlet.http.TestHttpServletDoHeadValidWrite0.NIO on Windows
Looks like 11 failures all of the form:
Failed to delete at least one file
rrors.
I have waved my magic wand and spoken the incantation. We'll see if it
runs to completion :)
Thanks,
-chris
On 20/02/2023 13:16, Christopher Schultz wrote:
All,
I'm getting a failure on
jakarta.servlet.http.TestHttpServletDoHeadValidWrite0.NIO on Windows
Looks like 11
All,
On 2/20/23 08:58, Christopher Schultz wrote:
Mark,
On 2/20/23 08:27, Mark Thomas wrote:
You'll probably need to change the default ephemeral (dynamic in MS
speak) port range to avoid issues with port exhaustion.
I'm using:
netsh int ipv4 set dynamicport tcp start=1025 nu
All,
On 2/19/23 09:11, Christopher Schultz wrote:
The proposed Apache Tomcat 10.1.6 release is now available for
voting.
The notable changes compared to 10.1.5 are:
- Switch to using the ServiceLoader mechanism to load the custom URL
protocol handlers that Tomcat uses.
- Update the
All,
On 2/18/23 08:56, Christopher Schultz wrote:
The proposed Apache Tomcat 8.5.86 release is now available for voting.
The notable changes compared to 8.5.85 are:
- Add an error report valve that allows redirecting to or proxying from
an external web server.
- Add the shared address
All,
The following votes were cast:
Binding:
+1 isapir, fschumacher, markt, remm, schultz, kkolinko
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed toward this release.
-chris
On 2/18/23 08:56, Christopher Schultz wrote:
The proposed Apache Tomcat
All,
The following votes were cast:
Binding:
+1 markt, fschumacher, isapir, schultz, kkolinko
Non-binding:
+1 lihan, Dimitris Soumis
The vote therefore passes.
Thanks to everyone who contributed toward this release.
-chris
On 2/19/23 09:11, Christopher Schultz wrote:
The proposed Apache
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.86.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.86 is a bugfix and fea
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.6.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificatio
Mark,
I'm curious:: was thi identified as a hot spot? My initial reactioon was
"doesn't the JIT inline this sort of thing"?
-chris
On 2/24/23 10:20, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in reposito
The proposed Apache Tomcat 8.5.87 release is now available for voting.
The notable changes compared to 8.5.86 are:
- Correct a regression introduced in the fix for bug 66196 that
meant that the HTTP headers and/or request line could get
corrupted (one part overwriting another part) within
The proposed Apache Tomcat 10.1.7 release is now available for
voting.
The notable changes compared to 10.1.6 are:
- Revert the switch to using the ServiceLoader mechanism to load the
custom URL protocol handlers that Tomcat uses. The original system
property based approach has been resto
Mark and Remy,
On 2/27/23 16:09, Rémy Maucherat wrote:
On Mon, Feb 27, 2023 at 9:41 PM Mark Thomas wrote:
On 27/02/2023 20:36, schu...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 10.1.x
in repository https://gitbox.
All,
On 2/27/23 15:11, Christopher Schultz wrote:
The proposed Apache Tomcat 8.5.87 release is now available for voting.
The notable changes compared to 8.5.86 are:
- Correct a regression introduced in the fix for bug 66196 that
meant that the HTTP headers and/or request line could get
All,
On 2/28/23 03:56, Rainer Jung wrote:
Am 28.02.23 um 09:49 schrieb Mark Thomas:
On 28/02/2023 07:22, Rémy Maucherat wrote:
wrote:
On 2/27/23 16:09, Rémy Maucherat wrote:
On Mon, Feb 27, 2023 at 9:41 PM Mark Thomas wrote:
On 27/02/2023 20:36, schu...@apache.org wrote:
Have
All,
On 2/27/23 15:56, Christopher Schultz wrote:
The proposed Apache Tomcat 10.1.7 release is now available for
voting.
The notable changes compared to 10.1.6 are:
- Revert the switch to using the ServiceLoader mechanism to load the
custom URL protocol handlers that Tomcat uses. The
Mark,
On 3/2/23 04:12, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new
Mark,
On 2/28/23 08:37, Mark Thomas wrote:
On 27/02/2023 20:56, Christopher Schultz wrote:
The proposed 10.1.7 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.1.7
The binary releases are reproducible.
The source releases are not reproducible without manual
All,
The following votes were cast:
Binding:
+1 kkolinko, markt, schultz
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed toward this release.
-chris
On 2/27/23 15:11, Christopher Schultz wrote:
The proposed Apache Tomcat 8.5.87 release is now
All,
The following votes were cast:
Binding:
+1 remm, markt, schultz, kkolinko
Non-binding:
+1 lihan, Dimitris Soumis
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed toward this release.
-chris
On 2/27/23 15:56, Christopher Schultz wrote:
The
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.87.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.87 is a bugfix and fea
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.7.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificatio
All,
I'm curious... how married are we to the idea of distributing installers
for Windows operating systems?
I only ask because the release-build process is somewhat complicated by
having to build such installers.
Apple has moved to ARM. Windows also supports ARM, though there aren't a
hug
Mark,
On 3/6/23 12:30, Mark Thomas wrote:
On 06/03/2023 17:01, Christopher Schultz wrote:
All,
I'm curious... how married are we to the idea of distributing
installers for Windows operating systems?
There are definitely users that use it so I think we need to provide
something
All,
The "Connector Comparison" used to be an important read when choosing a
connector:
For the 8.5 and 9.0 releases:
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Connector_Comparison
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#Connector_Comparison
The only differ
All,
Please see https://bz.apache.org/bugzilla/show_bug.cgi?id=66513 for
reference.
It appears that the synchronization used by the PersistentManager can
cause problems when used with the PersistentValve and DataSource/JDBCStore.
The problem is that PersistentManager assumes that the Sessio
st, here, but I think you have
some interesting ideas for the future.
If I were implementing a clustered application, I would not choose
HttpSession as the way to share data across the cluster, for exactly
these reasons.
-chris
Le mer. 8 mars 2023 à 04:43, Han Li a écrit :
On Mar
Igal,
On 3/8/23 14:36, Igal Sapir wrote:
I would like to add a Rate Limiter Filter or Valve which will help mitigate
DoS and Brute Force attacks, and want to get feedback from the community
and the PMC. The checks will run before the request reaches the servlet
and will be dropped if too many r
Mark,
On 3/9/23 05:56, Mark Thomas wrote:
Hi all,
In the context of CVE-2023-24998 (performance issues for large numbers
of uploaded parts), I have been wondering about reducing the default
value for maxParameterCount.
The current default for maxParameterCount is 10,000. It was set based on
All,
Please have a look at DataSourceStore.java:629
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/session/DataSourceStore.java#L629
It looks to be like the byte array which contains the session data is
being first wrapped in a ByteArrayInputStream (which is necessary to
Mark,
On 3/14/23 13:47, Mark Thomas wrote:
On 14/03/2023 17:45, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to
Mark,
On 3/14/23 13:57, Mark Thomas wrote:
On 09/03/2023 14:23, Christopher Schultz wrote:
Mark,
On 3/9/23 05:56, Mark Thomas wrote:
Hi all,
In the context of CVE-2023-24998 (performance issues for large
numbers of uploaded parts), I have been wondering about reducing the
default value
Mark,
On 3/21/23 11:19, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0
s :
On 14/03/2023 21:13, Christopher Schultz wrote:
On 3/14/23 13:57, Mark Thomas wrote:
On 09/03/2023 14:23, Christopher Schultz wrote:
I would go for a 1000 limit for all currently-supported versions.
It's
*very* easy to raise the limit if it interferes with a specific
application&
All,
Yes, I could read the code, but I was wondering if the (Session)Manager
configuration attributes sessionAttributeNameFilter and
sessionAttributeValueClassNameFilter are expected to apply to both
clustering AND cross-restart persistence, or only clustering.
The documentation[1] says that
All,
On 3/30/23 10:02, Christopher Schultz wrote:
All,
Yes, I could read the code, but I was wondering if the (Session)Manager
configuration attributes sessionAttributeNameFilter and
sessionAttributeValueClassNameFilter are expected to apply to both
clustering AND cross-restart persistence
Mark,
On 3/30/23 19:10, ma...@apache.org wrote:
+public static class AmbiguousBean {
+public void setValue(@SuppressWarnings("unused") TypeA value) {
+}
+
+public void setValue(@SuppressWarnings("unused") String value) {
+}
+}
Best. Class. Name. Ever.
;
Rémy,
On 4/6/23 10:11, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0c0d
Mark,
On 4/11/23 06:42, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a
Mark,
On 4/11/23 11:49, Mark Thomas wrote:
On 06/04/2023 09:18, Mark Thomas wrote:
OK, that isn't going to work. It is going to have to be the back-port
of the switch to ReentrantLock.
Those back-ports have been completed along with the final bits and
pieces I had on my TODO list.
I need t
Mark,
On 4/11/23 13:18, Mark Thomas wrote:
On 11/04/2023 18:12, Christopher Schultz wrote:
Mark,
On 4/11/23 06:42, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos
All,
VirtualBox is giving me a headache again. I'll roll the next releases ASAP.
Thanks,
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
All,
On 4/13/23 10:14, Christopher Schultz wrote:
VirtualBox is giving me a headache again. I'll roll the next releases ASAP.
This is due to an incompatibility between VirtualBox and Ventura 13.3
when using EFI-based VMs. Good times.
I'm moving the VM to another host to g
The proposed Apache Tomcat 10.1.8 release is now available for
voting.
The notable changes compared to 10.1.7 are:
- Reduce the default value of maxParameterCount from 10,000 to 1,000.
- Correct a regression in the fix for bug 66442 that meant that streams
without a response body did not decr
The proposed Apache Tomcat 8.5.88 release is now available for voting.
The notable changes compared to 8.5.87 are:
- Reduce the default value of maxParameterCount from 10,000 to 1,000.
- Correct a regression in the fix for bug 66442 that meant that streams
without a response body did not decr
Mark,
On 4/17/23 05:07, Mark Thomas wrote:
On 16/04/2023 18:59, Mark Thomas wrote:
On 14/04/2023 21:38, Christopher Schultz wrote:
The proposed 8.5.88 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.5.88 (stable)
Build is reproducible on Windows x64 but not
Mark,
On 4/18/23 03:21, Mark Thomas wrote:
On 17/04/2023 23:04, Christopher Schultz wrote:
Mark,
On 4/17/23 05:07, Mark Thomas wrote:
On 16/04/2023 18:59, Mark Thomas wrote:
On 14/04/2023 21:38, Christopher Schultz wrote:
The proposed 8.5.88 release is:
[ ] Broken - do not release
[X
All,
FYI: Because I called for a vote on late Friday afternoon, I plan to
leave the vote open for another day or two before closing.
-chris
On 4/14/23 15:30, Christopher Schultz wrote:
All,
On 4/13/23 10:14, Christopher Schultz wrote:
VirtualBox is giving me a headache again. I'll rol
Mark,
On 4/19/23 07:04, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new
701 - 800 of 2258 matches
Mail list logo