William A. Rowe, Jr. wrote:
Mark Thomas wrote:
[EMAIL PROTECTED] wrote:
Author: markt
Date: Sun Jul 27 06:33:31 2008
New Revision: 680102
URL: http://svn.apache.org/viewvc?rev=680102view=rev
Log:
Fix RDF as per report on users list
This is now fixed but the data is horribly out of date
All,
Given the level of synchronisation required to make this Realm work and
that fixing the various issues essentially gives you the DataSourceRealm I
would like to propose deprecating this realm in 6.0.x and removing it
entirely from trunk.
Thoughts?
Mark
Remy Maucherat wrote:
The candidates binaries are available here:
http://people.apache.org/~remm/tomcat-6/v6.0.18/
According to the release process, the 6.0.18 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[X] Stable
Mark
-
To
[EMAIL PROTECTED] wrote:
Author: markt
Date: Fri Aug 1 09:21:20 2008
New Revision: 681738
URL: http://svn.apache.org/viewvc?rev=681738view=rev
Log:
Propose fix for 45511
Just a heads-up. I am having new EL difficulties that could be related to
this fix. I may be updating it / withdrawing
William A. Rowe, Jr. wrote:
Mark Thomas wrote:
Description:
When using a RequestDispatcher the target path was normalised before the
query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise be
protected
Arnold Schneeberger wrote:
Why does the methode isLiteralText always return true in my custom tag?
There are obvious different behaviors between jetty and tomcat.
Probably a bug.
Mark
-
To unsubscribe, e-mail: [EMAIL
Arnold Schneeberger wrote:
Is there a workaround - or what you mean with probably a bug
I mean that if the behaviours are different, at least one implementation
has a bug. From a quick scan, it looks like Tomcat is in the wrong but I
haven't looked at it in any detail.
Mark
ramya lekha wrote:
snip/
Can you please let me know wer is the error...???
This is a question for the users list.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Fu-Tung Cheng wrote:
Hi,
I am just trying to build tomcat for the first time. I have jdk 1.6.0.03-b05
and ant 1.7.0 and I am using the source download 6.0.18. This is on windows xp.
You can't build Tomcat on a 1.6 JDK due to a dbcp incompatibility (to be
fair to commons, Sun broke the
Henri Gomez wrote:
Ain't those used for 5.5?
You can however just remove them from the build.
Other option is to copy them to the 5.5 and not referencing
the connectors for those set of classes.
Sorry - should have been clear. I only meant in Tomcat 7. I didn't intend
changing 5.5.x or 6.0.x
Мартин Бенков wrote:
Hello,
Martin,
Welcome to the Tomcat community.
I'm a student in the university of Sofia and I'm willing to attend Google's
summer of code this year. The project I'm interested in is - *Improve the
JMX support within Apache Tomcat*. Is this project with high priority or
Mark Thomas wrote:
Мартин Бенков wrote:
Hello,
Martin,
Welcome to the Tomcat community.
I'm a student in the university of Sofia and I'm willing to attend Google's
summer of code this year. The project I'm interested in is - *Improve the
JMX support within Apache Tomcat
Xie Xiaodong wrote:
Dear All,
I'd like to take part in the tomcat-1-valves2filters project of Google
Summer Code of 2009. Could you provide me some more information? I think we
already have complete test suits for those valves,
Really? Where did you find those? I'm not aware of any.
so
Rahul Saxena wrote:
I have posted my application on the GSOC site for the project Convert
tomcat valves to filters , Can anyone give their comment on the same...
Feedback provided in the GSOC app and repeated below. Feel free to discuss your
ideas regarding these questions on the dev list.
anas Ahmed wrote:
I have posted my application on the GSOC site for the project re-implement
tomcat valves as filters
please give your suggestion and participate with your ideas to make
this proposal better
Feedback provided in the GSOC app and repeated below. Feel free to discuss your
Rahul Saxena wrote:
If we derive several servlets form s generic servlet and then if we specify
a filter for that generic servlet, will that filter work for all derived
servlets or not???
Filters and servlets are independent. Any filter should work with any servlet.
Mark
Rahul Saxena
Xie Xiaodong wrote:
Hello, All,
The pipeline and valves mechanism is the foundamental part of Tomcat,
will we change those basic valves like StandardWrapperValve,
StandardHostValve, StandardEngineValve, StandardContextValve in this
project?
The intention is to replace Valves completely.
Henri Gomez wrote:
May be being the Servlet/JSP RI didn't allow too much 'revolution'.
Have you read the 3.0 spec draft? There is a fair amount of change.
Whether it
is good or not is a different question though.
I read it. It's a new spec. Dot.
May be being the RI prevents major
Xie Xiaodong wrote:
Hello, Dear All,
I have posted my revised proposal on the GSOC site for the project
Convert current Tomcat valves to Servlet Filters. And I've successfully
build the source code Mark provided, and delved myself into it. I'll add the
deliverables and timescale to this
Henri Gomez wrote:
May be being the RI prevents major evolution/révolution ?
Tomcat isn't the RI and hasn't been for some time.
Up to 2.5/2.1 ?
Tomcat Light is a good idea but only costin works on it.
If you like the idea, help him out.
Why should we still get this kind of reply on
anas Ahmed wrote:
Mark Thomas wrote :
Feedback:
Good first draft. There are a coupe of areas I would like to see more detail
on:
1. Impact of Servlet 3 and async processing.
Lack of asynchronous support in the Servlet 2.5 specification has caused
server vendors to devise
:31 PM, Mark Thomas ma...@apache.org wrote:
Rahul Saxena wrote:
I have posted my application on the GSOC site for the project Convert
tomcat valves to filters , Can anyone give their comment on the
same...
Feedback provided in the GSOC app and repeated below. Feel free to discuss
your
muz.Payne wrote:
Hello,
I want to join GSoC project titled Convert current Tomcat valves to Servlet
Filters and I just want to ask you some questions about it.
Great. Welcome to the Tomcat dev community.
1. Will the work include writing of JUnit tests? If yes, which version? (3,
4)
Xie Xiaodong wrote:
Hello, Dear All,
I found that Double-Checked Locking Pattern are heavily used in
AccessLogValve to get rid of race condition. But as far as I know, this
pattern will not work in Java according to this article:
buddhi wickramarathne wrote:
1- What is the main idea behind converting Current working Valves to Servlet
Filters.
Valves are Tomcat specific. Filters can be used with any container.
2- What are the benifits from that work to the Tomcat.
Remove duplication. Valve pipeline is very similar to
Photodeus wrote:
Hello,
as I was reading on how to submit a bug report, I noticed that the page
http://tomcat.apache.org/bugreport.html links to a non-existing IRC server.
On the left hand side navigation there's a separate link to Freenode, so the
broken link should be removed.
Didn't
anas Ahmed wrote:
Hello all,
As i have read from Servlet 3.0 specification about filters A Filter and
the target servlet or resource at the end of the filter chain must execute in
the same invocation thread.
This mean if there are many Async Requests which are connected to filters,
Kirk True wrote:
Hi all,
Can anyone suggest some trivial newbie projects for the Tomcat code
base? I don't care how menial it is, typo changes, logging, testing
(something specific), etc. I've been lurking on the list for awhile and
want to start getting my hands dirty.
Thanks,
Kirk
Varun Puttewar wrote:
While running the trunk tomcat version, I found out that Java files
generated from the JSP giving error while compiling,
After going in to sources I found that, fully qualified name for
InstanceManager class was coming out correctly.
following patch fixes the package
borko1 wrote:
Hello
Please advice me. I have problem with starting webapp from Web Application
Manager, error: FAIL - Application at context path /webapp1 could not be
started.
I was successfully uploaded WAR file, do i need to do something else?
Please help me.
Thanks.
This is a
Mark Thomas wrote:
Anas Ahmed wrote:
I wrote proposal for the second project improve the JMX support within
Apache Tomcat
i'm waiting for your feedback
and i need your advice about which project i have to put my focus because
i'm student and the time is valuable
My suggestion
Anas Ahmed wrote:
I wrote proposal for the second project improve the JMX support within
Apache Tomcat
i'm waiting for your feedback
and i need your advice about which project i have to put my focus because i'm
student and the time is valuable
My suggestion (but it is only a
NorthDragon NorthDragon wrote:
Hi, Mark.
I want to investigate and fix this bug
https://issues.apache.org/bugzilla/show_bug.cgi?id=46907
How I should inform on it?
Create yourself a bugzilla account and then add comments to the bug
report. Those comments are automatically sent to the dev list
Brane F. Grac(nar wrote:
Hello :)
We needed subdomain session cookie support for our java webapp; currently
there is no way to configure cookie domain attribute in tomcat = 6.0.18.
This patch adds this functionality. Cookie domain can be specified as Manager
property (default null ==
Thanks!
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Monday, April 06, 2009 11:42 AM
To: Tomcat Developers List
Subject: Re: Help with a Tomcat bug.
Jason Smith wrote:
Trying again. What's the trick to getting past the Apache spam filter
Generally
Remy Maucherat wrote:
The build is in the usual place in ~remm (built with a new computer, so
it's a good idea to test it)
Looks good to me. TCKs and a couple of my local test cases all pass.
Any plans to call a vote?
Mark
Remy Maucherat wrote:
The candidates binaries are available here:
http://people.apache.org/~remm/tomcat-6/v6.0.19/
According to the release process, the 6.0.19 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[X] Stable
Note: The i18n issue for the French language could be addressed by
providing
sebb wrote:
On 07/04/2009, Remy Maucherat r...@apache.org wrote:
The candidates binaries are available here:
http://people.apache.org/~remm/tomcat-6/v6.0.19/
Hashes and sigs look OK, though I only checked the main archives.
There's a packaging problem with the source archives.
I would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vulnerability announcement:
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
mod_jk 1.2.0 to 1.2.26
Description:
Situations where faulty clients
ma...@apache.org wrote:
Author: markt
Date: Wed Apr 8 16:13:23 2009
New Revision: 763302
URL: http://svn.apache.org/viewvc?rev=763302view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46991
Update the counters before we recycle the request
Hmm. This doesn't seem to be
Mark Thomas wrote:
ma...@apache.org wrote:
Author: markt
Date: Wed Apr 8 16:13:23 2009
New Revision: 763302
URL: http://svn.apache.org/viewvc?rev=763302view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46991
Update the counters before we recycle the request
Hmm
Remy Maucherat wrote:
On Thu, 2009-04-09 at 10:20 +, ma...@apache.org wrote:
Author: markt
Date: Thu Apr 9 10:20:36 2009
New Revision: 763585
URL: http://svn.apache.org/viewvc?rev=763585view=rev
Log:
Java uses 0 rather than -1 for infinite socket timeout
But the value is never used
Filip Hanik - Dev Lists wrote:
I'm generally against this find bugs 'may be bugs' issues.
is there an actual bug here?
Reported bug, no. Bugs uses could hit, yes. Hence why this is in trunk
and not being proposed for backport.
Are all the syncs necessary? I haven't looked in detail but I
Anas Ahmed wrote:
hello all,
must i have cygwin to compile tomcat on windows environment ??
since i have exception with ant download command when download JDT.
Nope. It works for me.
Mark
-
To unsubscribe, e-mail:
sebb wrote:
On 14/04/2009, ma...@apache.org ma...@apache.org wrote:
Author: markt
Date: Tue Apr 14 22:16:53 2009
New Revision: 764985
URL: http://svn.apache.org/viewvc?rev=764985view=rev
Log:
Fix secondary issue reported as part of bug47013
Which says:
Folks,
I have been looking at bug 46950 [1]. Everything is fine with the BIO
connector but with APR the renegotiation fails to trigger a request for
the user's certificate. I assume that this is because the socket is
still associated with an SSLContext where the SSLVerifyClient is
something other
Hemant Garg - Futech wrote:
Then how it is possible can you please tell me?
This thread belongs on the users list, not on the dev list.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional
William A. Rowe, Jr. wrote:
William A. Rowe, Jr. wrote:
Mark Thomas wrote:
Folks,
I have been looking at bug 46950 [1]. Everything is fine with the BIO
connector but with APR the renegotiation fails to trigger a request for
the user's certificate. I assume that this is because the socket
r...@apache.org wrote:
+ 0: remm (zzz)
:)
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47013
@@ -258,12 +260,13 @@
http://svn.apache.org/viewvc?rev=764985view=rev
http://svn.apache.org/viewvc?rev=764997view=rev
+1: markt
+ -0: remm: Why should this be backported ?
Remy Maucherat wrote:
On Thu, 2009-04-16 at 23:09 +0100, Mark Thomas wrote:
Having now read Roy's comment on 39727 I'm leaning towards reverting
this patch and seeing what is possible following the Transfer-Encoding
route. I'll sleep on it in case a better idea occurs to me and come back
Remy Maucherat wrote:
On Fri, 2009-04-17 at 09:38 +0100, Mark Thomas wrote:
Can you remember what didn't work with Transfer-Encoding?
I don't remember, it was years ago. I simply used the encoding name
specified in T-E to add the compression input filter (for input) rather
than using
Kirk True wrote:
Hi all,
I had some problems building 5.5.27 as pulled from
http://tomcat.apache.org/download-55.cgi.
Thanks for the report.
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format of the JUnit libraries.
I'll look into this.
Mark Thomas wrote:
Kirk True wrote:
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format of the JUnit libraries.
I'll look into this.
This works for me if I use the version of JUuit (3.8.2) specified in the
build.properties.default
Mark
Ian Darwin wrote:
Is there a policy on how we store localized files?
Based on the javadoc for the properties class [1] it should be
ISO-8859-1 with any characters that cannot be expressed in that encoded
escaped using Unicode escapes.
The file
fha...@apache.org wrote:
+ pUse this to add a property source, that will be invoked when
codes{parameter}/code
+ denoted parameters are found in the XML files that tomcat
parses./p
Do you mean ${parameter} here?
Mark
Mark Thomas wrote:
Looks like we need to run native2ascii over a quite a few French and
German files.
Done for trunk and fixes proposed for 6.0.x.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
sebb wrote:
On 20/04/2009, Mark Thomas ma...@apache.org wrote:
Mark Thomas wrote:
Looks like we need to run native2ascii over a quite a few French and
German files.
Surely the ISO-8859-1 (Latin-1) character set supports most accents in
Latin languages, so there should be no need to use
leonelag wrote:
Hello all,
It's 2009 already and Tomcat 5.5.23 is not the latest version of Tomcat.
The folder structure of the Tomcat repo may be a bit confusing:
http://tomcat.apache.org/svn.html ; as a seasoned Subversion user, I
expected to be able to check out the source from a URL
Anas Ahmed wrote:
Hello all,
my proposal about improve jmx for tomcat was rejected.
but i'm desiring to participate in tomcat development.
i want to ask if it possible to do the project without GSOC ?
is the dev list can provide mentor to do this project in the summer?
Absolutely. I think
Anas Ahmed wrote:
Where can I find petter
Hopefully on this list :)
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
George Sexton wrote:
Say you have a deployment descriptor:
servlet
servlet-nameMapTest/servlet-name
servlet-classcom.mhsoftware.maptest.servlet.MapTest/servlet-class
/servlet
servlet-mapping
servlet-nameMapTest/servlet-name
url-pattern/MapTest.xyz/url-pattern
/servlet-mapping
Filip Hanik - Dev Lists wrote:
As I mentioned in the bug report, what is the benefit of this?
General best practise - no particular bug. Note the full proposed patch was bad.
Mark
-
To unsubscribe, e-mail:
p...@apache.org wrote:
Author: pero
Date: Wed Apr 29 17:49:56 2009
New Revision: 769850
URL: http://svn.apache.org/viewvc?rev=769850view=rev
Log:
fix wrong package
Thanks for catching that.
Mark
-
To unsubscribe,
Filip Hanik - Dev Lists wrote:
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
As I mentioned in the bug report, what is the benefit of this?
General best practise - no particular bug. Note the full proposed
patch was bad.
Bad practice would be to change an API, based
Tim Funk wrote:
If http://host/contextpath is requested - shouldn't we be redirecting to
http://host/contextpath/ , not worrying about a null uri?
The mapper does issue the redirect, this just prevents the NPE.
I considered just returning but opted (for consistency) to emulate what would
On behalf of the Tomcat committers I am pleased to announce that Konstantin
Kolinko has been voted in as a new Tomcat committer.
Please join me in welcoming him.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
Remy Maucherat wrote:
On Wed, 2009-05-06 at 10:49 +, ma...@apache.org wrote:
// Acquire global JNDI resources if available
-Server server = ServerFactory.getServer();
+Server server =
+
Konstantin Kolinko wrote:
2009/5/6 Mark Thomas ma...@apache.org:
Remy Maucherat wrote:
On Wed, 2009-05-06 at 10:49 +, ma...@apache.org wrote:
// Acquire global JNDI resources if available
-Server server = ServerFactory.getServer();
+Server server
From: Konstantin Kolinko
Should there be some explicit TermsOfUse page or copyright/license
clause in our wiki?
Hmm. No idea. The best place to ask that would be the legal-discuss list.
Mark
-
To unsubscribe, e-mail:
Konstantin Kolinko wrote:
Hi, all!
Are there any Coding Guidelines that we ought to follow,
or is our project on our own there?
I am interested in clarifying the following question:
What is the character encoding for our sources.
I always worked on the basis it is ISO-8859-1.
Our build
Leon Rosenberg wrote:
2009/5/22 Filip Hanik - Dev Lists devli...@hanik.com:
Konstantin Kolinko wrote:
Hi, all!
Are there any Coding Guidelines that we ought to follow,
or is our project on our own there?
spaces instead of tabs :)
Wow,
Are there really people out there who still use
kkoli...@apache.org wrote:
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=775792r1=775791r2=775792view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt
Remy Maucherat wrote:
The candidates binaries are available here:
http://people.apache.org/~remm/tomcat-6/v6.0.20/
According to the release process, the 6.0.20 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[X] Stable
Rémy
Observations
-src.tar.gz - hashes match, key in WOT (more sigs would be
kkoli...@apache.org wrote:
Author: kkolinko
Date: Mon May 18 23:08:57 2009
New Revision: 776128
URL: http://svn.apache.org/viewvc?rev=776128view=rev
Log:
veto and proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
kkoli...@apache.org wrote:
@@ -161,6 +161,7 @@
http://people.apache.org/~markt/patches/2009-04-20-native2ascii-es.patch
(Spanish)
http://people.apache.org/~markt/patches/2009-04-20-native2ascii-fr.patch
(French)
+1: markt
+ +0: kkolinko: should not be needed, as old and new are
kkoli...@apache.org wrote:
Author: kkolinko
Date: Tue May 19 17:35:21 2009
New Revision: 776390
URL: http://svn.apache.org/viewvc?rev=776390view=rev
Log:
vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
All,
I have been looking into adding alias support to DirContext so
applications can pull in resources from external locations. I looked at
a couple of alternatives and settled on this patch (against trunk) as a
starting point:
Konstantin Kolinko wrote:
2009/5/27 Mark Thomas ma...@apache.org:
All,
I have been looking into adding alias support to DirContext so
applications can pull in resources from external locations. I looked at
a couple of alternatives and settled on this patch (against trunk) as a
starting
All,
In response to popular demand, we have added an announce list to the
collection of Tomcat mailing lists. This list is open to anyone to
subscribe but only committers may post. It will be used to announce
releases, security vulnerabilities and other similar project announcements.
To
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-0033: Apache Tomcat denial of service vulnerability
Severity: important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.0 to 6.0.18
Tomcat 5.5.0 to 5.5.27
Tomcat 4.1.0 to 4.1.39
The unsupported Tomcat 3.x, 4.0.x and
.
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkommckACgkQb7IeiTPGAkP75ACg7XYuld/25X2ltLLTeeQx88UB
pFgAn1f6mIpzU7QUnjF4lsHcR+6lY67B
=a0AC
Josh Gooding wrote:
Hello,
I wanted to know what I can do to help the tomcat project, whether it be
coding or debugging. Where can I go to check out the subversion code and
where is a list of enhancements and bugs that I can take a look at? I am a
Sr. Java Dev. at Newbold Technologies and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-0783: Apache Tomcat information disclosure vulnerability
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.0 to 6.0.18
Tomcat 5.5.0 to 5.5.27
Tomcat 4.1.0 to 4.1.39
The unsupported Tomcat 3.x, 4.0.x and
Konstantin Kolinko wrote:
2009/6/4 ma...@apache.org:
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Jun 4 15:39:21 2009
@@ -132,3 +132,9 @@
application is configured to use FORM authentication:
POST /j_security_check HTTP/1.1
Host: localhost
j_username=tomcatj_password=%
Credit:
This issue was discovered by D. Matscheko and T. Hackner of SEC Consult.
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP
ma...@apache.org wrote:
Author: markt
Date: Sat Jun 6 12:54:28 2009
New Revision: 782249
URL: http://svn.apache.org/viewvc?rev=782249view=rev
Add with this, we should be up to date with the latest draft of the
Servlet 3.0 spec. Just some implementation to do ...
Mark
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2008-5515: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.39
Tomcat 5.5.0 to 5.5.27
Tomcat 6.0.0 to 6.0.18
The unsupported Tomcat 3.x, 4.0.x
Konstantin Kolinko wrote:
I built TC 5.5 distributive from current tc5.5.x, and it is broken:
My bad. My port of the CVE-2008-5515 patch was too hasty. I'll fix it
(and 4.1.x which will likely have the same problem0 this evening.
Mark
The tester app, that is run during building a release,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Updated to add additional patches required for 5.5.x and 4.1.x
CVE-2008-5515: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.39
Tomcat 5.5.0 to
Petr Sumbera wrote:
Hi,
while preparing Tomcat upgrade from 6.0.18 to 6.0.20 for OpenSolaris I
realized that I see error in log because conf directory is not writable:
java.io.FileNotFoundException:
/var/tomcat6/conf/Catalina/localhost/host-manager.xml (No such file or
directory)
Hopefully later today, maybe tomorrow with a vote late this week / early
next.
If all goes to plan this will be the last 4.1.x release. Therefore, I'll
also start moving 4.1.x to the archive.
Comments?
Mark
-
To unsubscribe,
Once 4.1.x is archived, there will be no release branches sharing code.
Therefore, we have the option to restructure 5.5.x to remove the use of
externals. This would remove
/repos/asf/tomcat
/build
/container
/connector
/current
/current-svn15
/jasper
/servletapi
and replace them
Konstantin Kolinko wrote:
2009/6/10 ma...@apache.org:
Author: markt
Date: Wed Jun 10 12:34:11 2009
New Revision: 783318
URL: http://svn.apache.org/viewvc?rev=783318view=rev
Log:
Priginal patch still had issues. Propose better patch
Modified:
tomcat/current/tc5.5.x/STATUS.txt
*
kkoli...@apache.org wrote:
Author: kkolinko
Date: Thu Jun 11 13:50:26 2009
New Revision: 783768
URL: http://svn.apache.org/viewvc?rev=783768view=rev
Log:
comments and proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
ma...@apache.org wrote:
Author: markt
Date: Thu Jun 11 14:16:49 2009
New Revision: 783779
URL: http://svn.apache.org/viewvc?rev=783779view=rev
Log:
Experiment with the UCDetector (Unused Code Detector) plug-in for Eclipse.
Remove all the code from the class that isn't used anywhere in
fha...@apache.org wrote:
Modified: tomcat/current/tc4.1.x/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/current/tc4.1.x/STATUS.txt?rev=783570r1=783569r2=783570view=diff
==
--- tomcat/current/tc4.1.x/STATUS.txt
Konstantin Kolinko wrote:
2009/6/11 Mark Thomas ma...@apache.org:
fha...@apache.org wrote:
Modified: tomcat/current/tc4.1.x/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/current/tc4.1.x/STATUS.txt?rev=783570r1=783569r2=783570view=diff
Konstantin Kolinko wrote:
Thank you for detailed explanation.
My analysis is the following:
hres.setLocale(locale);
call - o.a.c.Response.setLocale() -
o.a.c.connector.ResponseBase.setLocale()
In o.a.c.connector.ResponseBase.setLocale() it calls
CharsetMapper.getCharset(locale)
and
After a long discussion on the users the list [1], the question was
asked: Is this feature required?
Diving back into the archives, it appears it was introduced in 3.1.1 as
a backwards compatibility option for Windows users after Tomcat was made
case sensitive on that platform. [2]
I think we
Konstantin Kolinko wrote:
I do not like that your patch changes behavior where it was not
broken previously.
To be honest, I don't like it either. The fact that we have to provide
workarounds for broken browsers that can't follow a spec that couldn't
be clearer if it was written in 6 foot high
301 - 400 of 8979 matches
Mail list logo