https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
Bug ID: 65308
Summary: NPE in JNDIRealm when no userRoleAttribute is given
Product: Tomcat 10
Version: unspecified
Hardware: All
OS: All
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
--- Comment #5 from Christopher Schultz ---
(In reply to romain.manni-bucau from comment #4)
> Assuming a new "String properties" property is added (with its setter) ...
> Can't this issue move to a more generic properties sup
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
--- Comment #4 from romain.manni-bucau ---
Hi,
Maybe a side question/issue: JNDI realm is actually not a JNDI realm but more a
sun JNDI realm in the sense its configuration is quite bound to a particular
implementation.
Assuming a new "S
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
--- Comment #3 from Michael Osipov ---
(In reply to Christopher Schultz from comment #2)
> Would it hurt anything to unconditionally add
> com.sun.jndi.ldap.tls.cbtype=tls-server-end-point to the properties used to
> i
https://bz.apache.org/bugzilla/show_bug.cgi?id=65303
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65303
Bug ID: 65303
Summary: SEVERE http2 NPE
Product: Tomcat 10
Version: 10.0.5
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301
--- Comment #4 from wangmc ---
thanks,You're right.
when the system is configured with DNS, getLocalName will attempt to search for
"hostname" using the native IP. This will also use the DNS service, which will
occasionally result
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
--- Comment #2 from Christopher Schultz ---
Would it hurt anything to unconditionally add
com.sun.jndi.ldap.tls.cbtype=tls-server-end-point to the properties used to
initialize to the InitialContext? Or does this really need to be something
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
--- Comment #1 from Michael Osipov ---
Why? I did several reviews of the ticket when it was discussed with
security-dev@. The only SASL mech supporting this is GSSAPI and you can request
GSS-API to completely encrypt your traffic with Kerberos
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
Bug ID: 65302
Summary: Add support for setting com.sun.jndi.ldap.tls.cbtype
Product: Tomcat 9
Version: 9.0.39
Hardware: PC
OS: Linux
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301
--- Comment #3 from Remy Maucherat ---
As it is right now, the enableLookups flags documentation is accurate: "Set to
true if you want calls to request.getRemoteHost() to perform DNS lookups in
order to return the actual host
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301
--- Comment #2 from wangmc ---
on my service dns is a must. so I disabled Lookups(default is false) in
"server.xml".but in my code used RemoteIpValve class, the methord getLocalName
does not on the controll of the "enab
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301
--- Comment #1 from Remy Maucherat ---
Created attachment 37858
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37858=edit
Patch
This can be fixed easily, *but* there's a problem. Most often (= always) DNS
lookup must be disabled,
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301
Bug ID: 65301
Summary: the enableLookups configuration is not fully active
Product: Tomcat 9
Version: 9.0.41
Hardware: PC
OS: Linux
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150
Mark Thomas changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=58837
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267
Mark Thomas changed:
What|Removed |Added
CC||hau...@acm.org
--- Comment #2 from Mark
https://bz.apache.org/bugzilla/show_bug.cgi?id=55383
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267
--- Comment #1 from Mark Thomas ---
Link to more recent discussion where an alternative solution was discussed:
https://markmail.org/thread/onzczbc6f73lsntb
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65244
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65244
--- Comment #24 from Mark Thomas ---
I have no objection to a back-port now.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e
https://bz.apache.org/bugzilla/show_bug.cgi?id=65244
--- Comment #23 from Remy Maucherat ---
(In reply to Remy Maucherat from comment #22)
> So the fix will be in 10.0.6, will see if/when/how it can be backported to 9
> and 8.5.
Should I backport now or should it be tested in 10.0.6
https://bz.apache.org/bugzilla/show_bug.cgi?id=56148
Mark Thomas changed:
What|Removed |Added
Version|unspecified |8.5.x-trunk
Product|Tomcat 7
https://bz.apache.org/bugzilla/show_bug.cgi?id=56614
Mark Thomas changed:
What|Removed |Added
Version|trunk |8.5.x-trunk
Target Milestone
https://bz.apache.org/bugzilla/show_bug.cgi?id=57827
Mark Thomas changed:
What|Removed |Added
Component|Cluster |Cluster
Version|7.0.59
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597
Mark Thomas changed:
What|Removed |Added
Product|Tomcat 7|Tomcat 8
Target Milestone
https://bz.apache.org/bugzilla/show_bug.cgi?id=56300
Mark Thomas changed:
What|Removed |Added
Version|unspecified |8.5.x-trunk
Component
https://bz.apache.org/bugzilla/show_bug.cgi?id=63167
Mark Thomas changed:
What|Removed |Added
Target Milestone|--- |
Product|Tomcat 7
https://bz.apache.org/bugzilla/show_bug.cgi?id=56438
Mark Thomas changed:
What|Removed |Added
Product|Tomcat 7|Tomcat 8
Version|7.0.53
https://bz.apache.org/bugzilla/show_bug.cgi?id=57872
Mark Thomas changed:
What|Removed |Added
Component|Catalina|Catalina
Target Milestone
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
Mark Thomas changed:
What|Removed |Added
Product|Tomcat 7|Tomcat 8
Version|trunk
https://bz.apache.org/bugzilla/show_bug.cgi?id=55470
Mark Thomas changed:
What|Removed |Added
Component|Catalina|Catalina
Target Milestone
https://bz.apache.org/bugzilla/show_bug.cgi?id=57367
Mark Thomas changed:
What|Removed |Added
Product|Tomcat 7|Tomcat 8
Version|7.0.57
https://bz.apache.org/bugzilla/show_bug.cgi?id=56787
Mark Thomas changed:
What|Removed |Added
Version|trunk |8.5.x-trunk
Product|Tomcat 7
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #8 from Mark Thomas ---
I've applied a fix for Endpoints to 10.0.x, 9.0.x and 8.5.x. I'll look at
Encoders and Decoders next so if there are any issues with the current approach
do let me know.
--
You are receiving this mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277
--- Comment #5 from saranya ---
(In reply to Mark Thomas from comment #4)
> This looks like an application issue (retaining and using a reference to the
> request and/or response after the processing of that request/response has
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277
Mark Thomas changed:
What|Removed |Added
Resolution|--- |INVALID
Status|NEEDINFO
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
Mark Thomas changed:
What|Removed |Added
Status|NEEDINFO|RESOLVED
Resolution
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277
--- Comment #3 from saranya ---
(In reply to Remy Maucherat from comment #1)
> Please test with a newer version of Tomcat 9, and also explain how to
> reproduce the issue if it actually occurs.
@Remy: Thanks for the reply. This happen
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #8 from François PLOU ---
Thanks for your answer. I have modified the response header in order to be
compliant and problem is the same (check attachement : ok.har and ko.har)
I confirm the request as reached Apache Tomcat
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #7 from François PLOU ---
Created attachment 37845
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37845=edit
ko.har
--
You are receiving this mail because:
You are the assignee for the
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #6 from François PLOU ---
Created attachment 37844
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37844=edit
ok.har
--
You are receiving this mail because:
You are the assignee for the
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #5 from Konstantin Kolinko ---
(In reply to François PLOU from comment #0)
> When a response to a request contains following header (and more specially
> the Etag attribute) :
>
> Cache-Control, Etag, Expires, L
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #4 from François PLOU ---
Yes the 9.0.45 has this behaviour.
I forgot to mention the this is not 100% the case. Sometimes it works sometimes
not.
I just need to click on refresh.
The attachment sample.har contains the case
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #3 from François PLOU ---
Created attachment 37843
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37843=edit
Exported HAR (2)
Exported HAR from Firefox when the problem does not occurs
--
You are receiving this m
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
--- Comment #2 from François PLOU ---
Created attachment 37842
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37842=edit
Exported HAR
Exported har from firefox with http400
--
You are receiving this mail because:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
Remy Maucherat changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment #1 from Remy
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281
Bug ID: 65281
Summary: Tomcat does not process correctly Etag and send HTTP
400 error code
Product: Tomcat 9
Version: 9.0.45
Hardware: PC
OS: Linux
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277
--- Comment #2 from Mark Thomas ---
The line numbers in the first stack trace do not match with the reported
version. The SetAllPropertiesRule error also looks strange.
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277
Remy Maucherat changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment #1 from Remy
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277
Bug ID: 65277
Summary: org.apache.coyote.ajp.AjpProcessor.service Error
processing request java.lang.NullPointerException
Product: Tomcat 9
Version: 9.0.7
Hardware: PC
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
--- Comment #3 from Angelica Salazar ---
(In reply to Mark Thomas from comment #2)
> First the good news. I can recreate this. I downloaded trail versions of
> Jira and R4J, created a single issue, requested an export and saw the
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
--- Comment #2 from Mark Thomas ---
First the good news. I can recreate this. I downloaded trail versions of Jira
and R4J, created a single issue, requested an export and saw the exception and
at the bottom of the stack trace:
"C
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #6 from Mark Thomas ---
It currently looks like this is fixable. PR at
https://github.com/apache/tomcat/pull/417
Need to allow time for the Tomcat community to review the PR.
--
You are receiving this mail because:
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #5 from Mark Thomas ---
I've started to look at this. So far I have spotted a couple of minor issues
with the current parsing that I need to fix. Commits for those will follow
shortly.
I haven't yet found any reason not to allow
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #4 from Miguel ---
(In reply to Mark Thomas from comment #3)
> This stricter parsing was introduced as part of the fix for CVE-2020-1935.
>
> Because the fix was in response to a security issue, that makes it a lot
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Mark Thomas changed:
What|Removed |Added
Summary|NoClassDefFoundError in |NoClassDefFoundError
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Angelica Salazar changed:
What|Removed |Added
OS||All
--- Comment #1 from Angelica
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Bug ID: 65273
Summary: NoClassDefFoundError in Apache POI dependency after
upgrading to Tomcat 8.57 in Jira
Product: Tomcat 8
Version: 8.5.57
Hardware: PC
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #3 from Mark Thomas ---
This stricter parsing was introduced as part of the fix for CVE-2020-1935.
Because the fix was in response to a security issue, that makes it a lot less
likely the current behaviour will be changed.
I'll
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #2 from Miguel ---
(In reply to Michael Osipov from comment #1)
> How old are those systems?
I haven't the data. But I see that HTTP request are 1.0 version... then is very
old...
We have some legacy systems. One of these is a
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Michael Osipov changed:
What|Removed |Added
OS||All
--- Comment #1 from Michael
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #7 from romain.manni-bucau ---
@Mark functionally I can leave with current validation but theorically the
validation is only known of the IoC but it is not super aligned on the spec.
To illustrate it take a CDI or Spring encoder
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #6 from Mark Thomas ---
@Rémy
I think I can see a way to do that. We'll need to check which Configurator was
used in the WsSession constructor to make sure we don't call the
InstanceManager twice. It does mean that the timing
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Bug ID: 65272
Summary: Problems proccessing HTTP request without CR in last
versions
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #5 from Remy Maucherat ---
(In reply to romain.manni-bucau from comment #4)
> @Mark: this issue is about the default configurator, fully agree when a
> custom configurator is used tomcat will not care.
I agree if using the d
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #4 from romain.manni-bucau ---
@Mark: this issue is about the default configurator, fully agree when a custom
configurator is used tomcat will not care.
I also agree encoders/decoders IoC support is not in the specification
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #3 from Mark Thomas ---
Section 3.1.7 of the WebSocket specification requires endpoint instances are
created via ServerEndpointConfig.Configurator.getEndpointInstance(). Users are
free to supply their own Configurator
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #2 from romain.manni-bucau ---
Hmm, endpoint api starts from a class on server side so should use the related
instance manager instantiator and not only the injection "newInstance"
probably. For an annotated endpoint
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #1 from Mark Thomas ---
WebSocket endpoints already use the InstanceManager.
https://github.com/apache/tomcat/blob/master/java/org/apache/tomcat/websocket/WsSession.java#L180
https://github.com/apache/tomcat/blob/master/java/org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267
Mark Thomas changed:
What|Removed |Added
Summary|Implement mod_hedaers like |Implement mod_headers like
https://bz.apache.org/bugzilla/show_bug.cgi?id=58464
Mark Thomas changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|REOPENED
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267
Bug ID: 65267
Summary: Implement mod_hedaers like filter
Product: Tomcat 10
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity
https://bz.apache.org/bugzilla/show_bug.cgi?id=58464
Gonzalo changed:
What|Removed |Added
Resolution|WONTFIX |---
Status|RESOLVED
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264
--- Comment #3 from linking12 <297442...@qq.com> ---
Do have any suggestions for me to circumvent this problem?
if i use jetty high level api, can resolve this problem?
--
You are receiving this mail because:
You are the assignee for t
https://bz.apache.org/bugzilla/show_bug.cgi?id=65240
Mark Thomas changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65265
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=65265
--- Comment #1 from Remy Maucherat ---
I agree, isBootClassPathSupported should have been used since the exception is
"normal". I'll fix that.
--
You are receiving this mail because:
You are the assignee f
https://bz.apache.org/bugzilla/show_bug.cgi?id=65265
Bug ID: 65265
Summary: getVMInfo() in Diagnostics.java throws exceptions on
jdk > 8
Product: Tomcat 10
Version: 10.0.4
Hardware: PC
OS: Li
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264
--- Comment #1 from linking12 <297442...@qq.com> ---
As jetty commitor said:
1: when i change the server to jetty, the timeout gone and jetty will not occur
any exception;
2: see Jetty's client sending requests, and Tomcat server re
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264
Bug ID: 65264
Summary: Header size is bigger will cause TimeoutException
Product: Tomcat 9
Version: 9.0.45
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
1 - 100 of 43068 matches
Mail list logo
