[GitHub] [tomcat] markt-asf commented on pull request #454: Differentiate log messages in KubernetesMembershipProvider with a param

2021-10-12 Thread GitBox
markt-asf commented on pull request #454: URL: https://github.com/apache/tomcat/pull/454#issuecomment-940954949 Applied manually so I could add a changelog entry and a few missing [...] delimiters. -- This is an automated message from the Apache Git Service. To respond to the message,

[GitHub] [tomcat] markt-asf closed pull request #454: Differentiate log messages in KubernetesMembershipProvider with a param

2021-10-12 Thread GitBox
markt-asf closed pull request #454: URL: https://github.com/apache/tomcat/pull/454 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] hdeadman opened a new pull request #454: Differentiate log messages in KubernetesMembershipProvider with a param

2021-10-11 Thread GitBox
hdeadman opened a new pull request #454: URL: https://github.com/apache/tomcat/pull/454 The same log message is used for 6 different warning messages so this adds a parameter that can be used to tie the log message to the particular warning. -- This is an automated message from the

[GitHub] [tomcat] t-gergely opened a new pull request #453: AsyncFileHandler: try to flush on close

2021-10-08 Thread GitBox
t-gergely opened a new pull request #453: URL: https://github.com/apache/tomcat/pull/453 When shutting down Tomcat on a single core server, some log entries can be lost. (E.g. the last ones added by `contextDestroyed`.) This patch tries to prevent that. It's not very elegant, but it works

[GitHub] [tomcat] markt-asf commented on pull request #451: make threadNameCache actually useful

2021-09-28 Thread GitBox
markt-asf commented on pull request #451: URL: https://github.com/apache/tomcat/pull/451#issuecomment-928950075 Thanks for the PR. I'll add a change log entry and then back-port it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to

[GitHub] [tomcat] markt-asf merged pull request #451: make threadNameCache actually useful

2021-09-28 Thread GitBox
markt-asf merged pull request #451: URL: https://github.com/apache/tomcat/pull/451 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf commented on pull request #451: make threadNameCache actually useful

2021-09-28 Thread GitBox
markt-asf commented on pull request #451: URL: https://github.com/apache/tomcat/pull/451#issuecomment-928950075 Thanks for the PR. I'll add a change log entry and then back-port it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to

[GitHub] [tomcat] markt-asf merged pull request #451: make threadNameCache actually useful

2021-09-28 Thread GitBox
markt-asf merged pull request #451: URL: https://github.com/apache/tomcat/pull/451 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] martin-g commented on a change in pull request #452: Introduce logs in RestCsrfPreventionFilter to improve troubleshooting.

2021-09-24 Thread GitBox
martin-g commented on a change in pull request #452: URL: https://github.com/apache/tomcat/pull/452#discussion_r715524193 ## File path: java/org/apache/catalina/filters/RestCsrfPreventionFilter.java ## @@ -217,6 +238,10 @@ public boolean apply(HttpServletRequest request,

[GitHub] [tomcat] ChristopherSchultz commented on a change in pull request #452: Introduce logs in RestCsrfPreventionFilter to improve troubleshooting.

2021-09-20 Thread GitBox
ChristopherSchultz commented on a change in pull request #452: URL: https://github.com/apache/tomcat/pull/452#discussion_r712474343 ## File path: java/org/apache/catalina/filters/RestCsrfPreventionFilter.java ## @@ -155,17 +160,29 @@ protected void

[GitHub] [tomcat] PolinaGeorgieva opened a new pull request #452: Introduce logs in RestCsrfPreventionFilter to improve troubleshooting.

2021-09-19 Thread GitBox
PolinaGeorgieva opened a new pull request #452: URL: https://github.com/apache/tomcat/pull/452 Add some logs in RestCsrfPreventionFilter that would improve troubleshooting in case of failed CSRF validation. Note that the RequestUtil.filter method is used only to apply some basic

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-15 Thread GitBox
cklein05 commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-919880264 That's it for now. Is anyone willing to merge and port back? :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub

[GitHub] [tomcat] ChristopherSchultz merged pull request #450: Fix typo

2021-09-14 Thread GitBox
ChristopherSchultz merged pull request #450: URL: https://github.com/apache/tomcat/pull/450 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] tussupbekov opened a new pull request #450: Fix typo

2021-09-14 Thread GitBox
tussupbekov opened a new pull request #450: URL: https://github.com/apache/tomcat/pull/450 fixed little typo in javadoc -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-14 Thread GitBox
cklein05 commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-918959000 The JSP example application under `/examples/jsp/security/protected` already lists available user attributes (if any). In order to make that work _out of the box_ with a freshly

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-14 Thread GitBox
cklein05 commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-918944326 The code should be finished and in good shape now. `UserDatabaseRealm` now supports querying arbitrary attributes added to `` entries in `tomcat-users.xml`: ```xml

[GitHub] [tomcat] michael-o commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-13 Thread GitBox
michael-o commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-918174731 If the attirbute unofficial and undocumented, it should probably be removed on master and deprecated for the rest. -- This is an automated message from the Apache Git Service.

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-13 Thread GitBox
cklein05 commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-918144068 Inspired by Rémy's suggestion (@rmaucher), I've added support for arbitrary extra attributes to the `User` object used with the `UserDatabase`. Now, these can also be queried by

[GitHub] [tomcat] DaveLin-fox commented on pull request #448: 删除测试和不用的文件,添加注释

2021-09-10 Thread GitBox
DaveLin-fox commented on pull request #448: URL: https://github.com/apache/tomcat/pull/448#issuecomment-916863621 I'm very sorry, I made a mistake. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-09 Thread GitBox
cklein05 commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-916634571 Now, the code should be as we've discussed before. I will additionally provide some initial documentation and a change log entry soon. You are always welcome to improve

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-09 Thread GitBox
cklein05 commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-916111826 Rémy, I agree with you that, for MemoryRealm and UserDatabaseRealm, this feature is not that much useful. However, for the sake of _completeness_ (aka all realms should

[GitHub] [tomcat] rmaucher commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2021-09-09 Thread GitBox
rmaucher commented on pull request #428: URL: https://github.com/apache/tomcat/pull/428#issuecomment-916091098 Looking back at this since I thin I have time to merge it. Shouldn't some of the changes be dropped and focused only on the realms that show a benefit ? - JNDIRealm: Very

[GitHub] [tomcat] markt-asf closed pull request #449: Fix ContentRange parser

2021-09-09 Thread GitBox
markt-asf closed pull request #449: URL: https://github.com/apache/tomcat/pull/449 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf commented on pull request #449: Fix ContentRange parser

2021-09-09 Thread GitBox
markt-asf commented on pull request #449: URL: https://github.com/apache/tomcat/pull/449#issuecomment-915841886 Thanks for the PR. I applied the PR manually as I wanted to make a few changes: - add a comment explaining why we don't explicitly parse for SP - add some additional tests

[GitHub] [tomcat] SchwingSK opened a new pull request #449: Fix ContentRange parser

2021-09-08 Thread GitBox
SchwingSK opened a new pull request #449: URL: https://github.com/apache/tomcat/pull/449 It failed to parse valid Content-Range headers Closes #65563 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above

[GitHub] [tomcat] markt-asf closed pull request #448: 删除测试和不用的文件,添加注释

2021-09-06 Thread GitBox
markt-asf closed pull request #448: URL: https://github.com/apache/tomcat/pull/448 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf commented on pull request #448: 删除测试和不用的文件,添加注释

2021-09-06 Thread GitBox
markt-asf commented on pull request #448: URL: https://github.com/apache/tomcat/pull/448#issuecomment-913576673 Assuming first-time user error. A repeat will result in a ban. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub

[GitHub] [tomcat] gmshake commented on pull request #448: 删除测试和不用的文件,添加注释

2021-09-06 Thread GitBox
gmshake commented on pull request #448: URL: https://github.com/apache/tomcat/pull/448#issuecomment-913543044 Please do NOT spamming. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the

[GitHub] [tomcat] markt-asf commented on pull request #447: Remove catalina ssi from catalina.jar.tmp.bnd file

2021-09-05 Thread GitBox
markt-asf commented on pull request #447: URL: https://github.com/apache/tomcat/pull/447#issuecomment-913114267 Many thanks for the PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the

[GitHub] [tomcat] markt-asf merged pull request #447: Remove catalina ssi from catalina.jar.tmp.bnd file

2021-09-05 Thread GitBox
markt-asf merged pull request #447: URL: https://github.com/apache/tomcat/pull/447 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] huiwan opened a new pull request #447: Remove catalina ssi from catalina.jar.tmp.bnd file

2021-09-03 Thread GitBox
huiwan opened a new pull request #447: URL: https://github.com/apache/tomcat/pull/447 References to org.apache.catalina.ssi are still contained in catalina.jar after it was moved to a separate catalina-ssi.jar. It should be cleaned up. -- This is an automated message from the Apache

[GitHub] [tomcat] markt-asf commented on pull request #446: Improvements to Chinese translations

2021-09-02 Thread GitBox
markt-asf commented on pull request #446: URL: https://github.com/apache/tomcat/pull/446#issuecomment-912036780 The Apache Tomcat project uses POEditor to manage translations. The Tomcat project can be found at: https://poeditor.com/projects/view?id=221603 Everyone is able to

[GitHub] [tomcat] markt-asf closed pull request #446: Improvements to Chinese translations

2021-09-02 Thread GitBox
markt-asf closed pull request #446: URL: https://github.com/apache/tomcat/pull/446 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] DigitalFatCat opened a new pull request #446: Improvements to Chinese translations

2021-09-02 Thread GitBox
DigitalFatCat opened a new pull request #446: URL: https://github.com/apache/tomcat/pull/446 Improvements to Chinese translations -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific

[GitHub] [tomcat] panchenko edited a comment on pull request #235: tomcat-jdbc check if returned connection is closed

2021-08-28 Thread GitBox
panchenko edited a comment on pull request #235: URL: https://github.com/apache/tomcat/pull/235#issuecomment-907601401 The test checks that connection obtained from the pooll second time can be used for query execution. Without this pool code change it returns the closed connection and

[GitHub] [tomcat] panchenko commented on pull request #235: tomcat-jdbc check if returned connection is closed

2021-08-28 Thread GitBox
panchenko commented on pull request #235: URL: https://github.com/apache/tomcat/pull/235#issuecomment-907601401 The test checks that connection obtained from the pooll second time can be used for query execution. Without this pool code change it returns the closed connection and query

[GitHub] [tomcat] pirateskipper commented on a change in pull request #277: Refuse adding invalid HTTP 2.0 headers

2021-08-23 Thread GitBox
pirateskipper commented on a change in pull request #277: URL: https://github.com/apache/tomcat/pull/277#discussion_r694075997 ## File path: java/org/apache/coyote/Response.java ## @@ -435,6 +435,20 @@ private boolean checkSpecialHeader( String name, String value) {

[GitHub] [tomcat] pirateskipper commented on a change in pull request #183: preload driver in connection pool

2021-08-23 Thread GitBox
pirateskipper commented on a change in pull request #183: URL: https://github.com/apache/tomcat/pull/183#discussion_r694072834 ## File path: modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java ## @@ -335,7 +308,7 @@ protected void

[GitHub] [tomcat] markt-asf closed pull request #442: Update http.xml, clarified compressionMinSize and compressibleMimeType

2021-08-17 Thread GitBox
markt-asf closed pull request #442: URL: https://github.com/apache/tomcat/pull/442 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf commented on pull request #442: Update http.xml, clarified compressionMinSize and compressibleMimeType

2021-08-17 Thread GitBox
markt-asf commented on pull request #442: URL: https://github.com/apache/tomcat/pull/442#issuecomment-900378708 Applied manually so I could add a change log entry. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the

[GitHub] [tomcat] markt-asf commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-17 Thread GitBox
markt-asf commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-900362561 Applied manually so I could: - add a change log entry - tweak the code formatting - retain SSL preemptive auth -- This is an automated message from the Apache Git

[GitHub] [tomcat] markt-asf closed pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-17 Thread GitBox
markt-asf closed pull request #444: URL: https://github.com/apache/tomcat/pull/444 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] michael-o commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-17 Thread GitBox
michael-o commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-900359300 > > > Preemptive authentication for TLS needs to be retained. There are a few edge cases where it still has an effect. For example when

[GitHub] [tomcat] markt-asf commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-17 Thread GitBox
markt-asf commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-900303347 Preemptive authentication for TLS needs to be retained. There are a few edge cases where it still has an effect. For example when `certificateVerification="optional"` is used.

[GitHub] [tomcat] markt-asf commented on pull request #441: Fix build fail when locale is not en

2021-08-17 Thread GitBox
markt-asf commented on pull request #441: URL: https://github.com/apache/tomcat/pull/441#issuecomment-900271591 Thanks for the PR. I applied it manually so I could add a change log entry. -- This is an automated message from the Apache Git Service. To respond to the message, please log

[GitHub] [tomcat] markt-asf closed pull request #441: Fix build fail when locale is not en

2021-08-17 Thread GitBox
markt-asf closed pull request #441: URL: https://github.com/apache/tomcat/pull/441 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf closed pull request #439: Minimal fixes to documentation of Context and Host

2021-08-17 Thread GitBox
markt-asf closed pull request #439: URL: https://github.com/apache/tomcat/pull/439 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf commented on pull request #439: Minimal fixes to documentation of Context and Host

2021-08-17 Thread GitBox
markt-asf commented on pull request #439: URL: https://github.com/apache/tomcat/pull/439#issuecomment-900239902 Thanks for the PR. +1 tp a new PR to make the default wording consistent. Applied manually so I could a) add a change log entry and b) broadly maintain the line length limit

[GitHub] [tomcat] markt-asf closed pull request #438: Bugfix for 65479 - PasswordValidationCallback does not return result

2021-08-17 Thread GitBox
markt-asf closed pull request #438: URL: https://github.com/apache/tomcat/pull/438 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] markt-asf commented on pull request #438: Bugfix for 65479 - PasswordValidationCallback does not return result

2021-08-17 Thread GitBox
markt-asf commented on pull request #438: URL: https://github.com/apache/tomcat/pull/438#issuecomment-900231508 PR applied manually so I cod add a change log entry. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the

[GitHub] [tomcat] markt-asf commented on pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
markt-asf commented on pull request #445: URL: https://github.com/apache/tomcat/pull/445#issuecomment-900129327 It doesn't. It won't. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the

[GitHub] [tomcat] markt-asf closed pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
markt-asf closed pull request #445: URL: https://github.com/apache/tomcat/pull/445 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] martin-g commented on a change in pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
martin-g commented on a change in pull request #445: URL: https://github.com/apache/tomcat/pull/445#discussion_r690180710 ## File path: .travis.yml ## @@ -90,3 +90,6 @@ after_failure: notifications: email: - dev@tomcat.apache.org +cache: + directories: + -

[GitHub] [tomcat] martin-g commented on a change in pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
martin-g commented on a change in pull request #445: URL: https://github.com/apache/tomcat/pull/445#discussion_r690178459 ## File path: .travis.yml ## @@ -90,3 +90,6 @@ after_failure: notifications: email: - dev@tomcat.apache.org +cache: + directories: + -

[GitHub] [tomcat] martin-g commented on a change in pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
martin-g commented on a change in pull request #445: URL: https://github.com/apache/tomcat/pull/445#discussion_r690177540 ## File path: .travis.yml ## @@ -80,7 +80,7 @@ install: script: - ant -q clean -- travis_wait 120 "./.travis/antTest.sh" +-

[GitHub] [tomcat] YunLemon commented on a change in pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
YunLemon commented on a change in pull request #445: URL: https://github.com/apache/tomcat/pull/445#discussion_r690172550 ## File path: .travis.yml ## @@ -80,7 +80,7 @@ install: script: - ant -q clean -- travis_wait 120 "./.travis/antTest.sh" +-

[GitHub] [tomcat] YunLemon commented on a change in pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
YunLemon commented on a change in pull request #445: URL: https://github.com/apache/tomcat/pull/445#discussion_r690167527 ## File path: .travis.yml ## @@ -90,3 +90,6 @@ after_failure: notifications: email: - dev@tomcat.apache.org +cache: + directories: + -

[GitHub] [tomcat] martin-g commented on a change in pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
martin-g commented on a change in pull request #445: URL: https://github.com/apache/tomcat/pull/445#discussion_r690160756 ## File path: .travis.yml ## @@ -90,3 +90,6 @@ after_failure: notifications: email: - dev@tomcat.apache.org +cache: + directories: + -

[GitHub] [tomcat] markt-asf commented on pull request #445: Improve Travis CI build Performance

2021-08-17 Thread GitBox
markt-asf commented on pull request #445: URL: https://github.com/apache/tomcat/pull/445#issuecomment-900037585 The use of `travis_wait` is required. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to

[GitHub] [tomcat] YunLemon opened a new pull request #445: Improve Travis CI build Performance

2021-08-16 Thread GitBox
YunLemon opened a new pull request #445: URL: https://github.com/apache/tomcat/pull/445 According to [Build times out because no output was received](https://docs.travis-ci.com/user/common-build-problems/#build-times-out-because-no-output-was-received), we should carefully use

[GitHub] [tomcat] rrodewald commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
rrodewald commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897703572 Will have to look at that in detail, which will take some time. I have to postpone this for 2 weeks because I am on vacation. -- This is an automated message from the Apache

[GitHub] [tomcat] michael-o commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
michael-o commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897565545 This needs to analyzed whether the tests are invalid or not. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and

[GitHub] [tomcat] rrodewald edited a comment on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
rrodewald edited a comment on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897549391 The removal of the preemptive capability of the `SSLAuthenticator` makes multiple tests fail: ``` [junit] Test org.apache.catalina.valves.rewrite.TestResolverSSL

[GitHub] [tomcat] rrodewald commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
rrodewald commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897549391 The removal of the preemptive capability of the `SSLAuthenticator` makes multiple tests fail: ``` [junit] Test org.apache.catalina.valves.rewrite.TestResolverSSL FAILED

[GitHub] [tomcat] michael-o commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
michael-o commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897500252 > > > That's a good point IMHO. Now that the check is in the individual `Authenticator`s it can easily be made more specific. I'm not too familiar with Digest and SPNEGO

[GitHub] [tomcat] rrodewald commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
rrodewald commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897494990 That's a good point IMHO. Now that the check is in the individual `Authenticator`s it can easily be made more specific. I'm not too familiar with Digest and SPNEGO but I'll try.

[GitHub] [tomcat] michael-o commented on pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
michael-o commented on pull request #444: URL: https://github.com/apache/tomcat/pull/444#issuecomment-897492778 One more nit: I think the check in the header-based authenticators is too generic. Shouldn't they check for a value for their auth scheme only? Basic for `Basic `, etc.? --

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r687520920 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat-native] michael-o commented on pull request #9: Simplify Address#getInfo() native implementation

2021-08-12 Thread GitBox
michael-o commented on pull request #9: URL: https://github.com/apache/tomcat-native/pull/9#issuecomment-897460099 @mturk Still waiting... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the

[GitHub] [tomcat] rrodewald commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-12 Thread GitBox
rrodewald commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r687513716 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat-jakartaee-migration] abdulmuqsith commented on issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-12 Thread GitBox
abdulmuqsith commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897404156 Thank you -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the

[GitHub] [tomcat-jakartaee-migration] markt-asf commented on issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-12 Thread GitBox
markt-asf commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897403716 No plans to update. Automated scanning tools (including those that look at dependencies without considering the context in which it is used) generate a large

[GitHub] [tomcat-jakartaee-migration] markt-asf closed issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-12 Thread GitBox
markt-asf closed issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat-jakartaee-migration] abdulmuqsith commented on issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-11 Thread GitBox
abdulmuqsith commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897316898 Vulnerability scanning tools are reporting Tomcat as vulnerable even though this CVE is very unlikely to be exploited. Any plans to upgrade Commons Compress?

[GitHub] [tomcat-jakartaee-migration] ebourg commented on issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-11 Thread GitBox
ebourg commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897111748 Very vaguely relevant, the tool would have to be used on an untrusted war, but that's not really the use case intended. -- This is an automated message from the

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-11 Thread GitBox
michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r687092579 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat-jakartaee-migration] markt-asf commented on issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-11 Thread GitBox
markt-asf commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897054343 Relevant how? How does an attacker exploit this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub

[GitHub] [tomcat] rrodewald commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-11 Thread GitBox
rrodewald commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r687058556 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat-jakartaee-migration] ebourg commented on issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-11 Thread GitBox
ebourg commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897000783 Only CVE-2021-36090 is relevant here, we only use the zip archive implementation of Commons Compress. -- This is an automated message from the Apache Git Service.

[GitHub] [tomcat-jakartaee-migration] abdulmuqsith opened a new issue #23: Vulnerability with Apache Commons Compress v1.20

2021-08-11 Thread GitBox
abdulmuqsith opened a new issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23 The Apache Commons Compress v1.20 library included in this library has following CVEs associated:   | Identifier | Published | Overall Score -- | -- | -- | --

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-11 Thread GitBox
michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686570618 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat] rrodewald commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686294855 ## File path: java/org/apache/catalina/authenticator/BasicAuthenticator.java ## @@ -132,6 +132,10 @@ protected String getAuthMethod() { return

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686228585 ## File path: java/org/apache/catalina/authenticator/BasicAuthenticator.java ## @@ -132,6 +132,10 @@ protected String getAuthMethod() { return

[GitHub] [tomcat] rrodewald commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686206255 ## File path: java/org/apache/catalina/authenticator/BasicAuthenticator.java ## @@ -132,6 +132,10 @@ protected String getAuthMethod() { return

[GitHub] [tomcat] rrodewald commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686206255 ## File path: java/org/apache/catalina/authenticator/BasicAuthenticator.java ## @@ -132,6 +132,10 @@ protected String getAuthMethod() { return

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686188244 ## File path: java/org/apache/catalina/authenticator/BasicAuthenticator.java ## @@ -132,6 +132,10 @@ protected String getAuthMethod() { return

[GitHub] [tomcat] rrodewald opened a new pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald opened a new pull request #444: URL: https://github.com/apache/tomcat/pull/444 The main purpose of the proposed refactoring is to give an individual `Authenticator` the possibility to decide if preemptive authentication is possible (e.g. if a completely different header is used

[GitHub] [tomcat] rrodewald closed pull request #443: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald closed pull request #443: URL: https://github.com/apache/tomcat/pull/443 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] rrodewald commented on pull request #443: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald commented on pull request #443: URL: https://github.com/apache/tomcat/pull/443#issuecomment-896173194 Mixed up my branches. Will reopen without the Bugfix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use

[GitHub] [tomcat] rrodewald opened a new pull request #443: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

2021-08-10 Thread GitBox
rrodewald opened a new pull request #443: URL: https://github.com/apache/tomcat/pull/443 The main purpose of the proposed refactoring is to give an individual `Authenticator` the possibility to decide if preemptive authentication is possible (e.g. if a completely different header is used

[GitHub] [tomcat] crisgeek opened a new pull request #442: Update http.xml

2021-08-10 Thread GitBox
crisgeek opened a new pull request #442: URL: https://github.com/apache/tomcat/pull/442 Based on 21-July-2021 conversation with Mark Thomas in Tomcat users group -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the

[GitHub] [tomcat] dachuan9e opened a new pull request #441: Fix build fail when locale is not en

2021-08-10 Thread GitBox
dachuan9e opened a new pull request #441: URL: https://github.com/apache/tomcat/pull/441 It will build fail when the locale is not set to en. Apache ant cannot support different locale format of time stamp. Showing the root cause by the following code in Ant. It needs to use the 24-hour

[GitHub] [tomcat] venky0070 closed pull request #440: something

2021-08-05 Thread GitBox
venky0070 closed pull request #440: URL: https://github.com/apache/tomcat/pull/440 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[GitHub] [tomcat] michael-o commented on a change in pull request #439: Minimal fixes to documentation of Context and Host

2021-08-05 Thread GitBox
michael-o commented on a change in pull request #439: URL: https://github.com/apache/tomcat/pull/439#discussion_r682466514 ## File path: webapps/docs/config/host.xml ## @@ -302,7 +302,7 @@ placed in the appBase directory as web application archive (WAR) files

[GitHub] [tomcat] rrodewald commented on a change in pull request #439: Minimal fixes to documentation of Context and Host

2021-08-05 Thread GitBox
rrodewald commented on a change in pull request #439: URL: https://github.com/apache/tomcat/pull/439#discussion_r682483565 ## File path: webapps/docs/config/host.xml ## @@ -302,7 +302,7 @@ placed in the appBase directory as web application archive (WAR) files

[GitHub] [tomcat] rrodewald commented on pull request #438: Bugfix for 65479 - PasswordValidationCallback does not return result

2021-08-05 Thread GitBox
rrodewald commented on pull request #438: URL: https://github.com/apache/tomcat/pull/438#issuecomment-892522194 The build failure seems unrelated to my changes IMHO. ``` /home/travis/.travis/functions: line 607: 14128 Terminated travis_jigger "${!}" "${timeout}"

[GitHub] [tomcat] ChristopherSchultz commented on pull request #439: Minimal fixes to documentation of Context and Host

2021-08-05 Thread GitBox
ChristopherSchultz commented on pull request #439: URL: https://github.com/apache/tomcat/pull/439#issuecomment-893006283 To a native English speaker, either one is completely understandable. "The default value is ___" is slightly more clear, but I would actually defer to NON-native

[GitHub] [tomcat] rrodewald commented on pull request #439: Minimal fixes to documentation of Context and Host

2021-08-05 Thread GitBox
rrodewald commented on pull request #439: URL: https://github.com/apache/tomcat/pull/439#issuecomment-892615291 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To

[GitHub] [tomcat] kkolinko commented on pull request #439: Minimal fixes to documentation of Context and Host

2021-08-05 Thread GitBox
kkolinko commented on pull request #439: URL: https://github.com/apache/tomcat/pull/439#issuecomment-892610685 Reviewing... 1. context.xml L187 `s/docBase/docBase/ `as well 2. I am more used to "The default value is" rather than "The default is". I wonder what wording is better.

[GitHub] [tomcat] rrodewald commented on pull request #439: Minimal fixes to documentation of Context and Host

2021-08-05 Thread GitBox
rrodewald commented on pull request #439: URL: https://github.com/apache/tomcat/pull/439#issuecomment-893338812 If we want to standardize the wording for default values, I would suggest to open a new pull request for this, so that the main purpose of the present pull request

  1   2   3   4   5   6   7   8   9   10   >