[Bug 65308] New: NPE in JNDIRealm when no userRoleAttribute is given

2021-05-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 Bug ID: 65308 Summary: NPE in JNDIRealm when no userRoleAttribute is given Product: Tomcat 10 Version: unspecified Hardware: All OS: All Status: NEW

[Bug 65302] Add support for setting com.sun.jndi.ldap.tls.cbtype

2021-05-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302 --- Comment #5 from Christopher Schultz --- (In reply to romain.manni-bucau from comment #4) > Assuming a new "String properties" property is added (with its setter) ... > Can't this issue move to a more generic properties sup

[Bug 65302] Add support for setting com.sun.jndi.ldap.tls.cbtype

2021-05-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302 --- Comment #4 from romain.manni-bucau --- Hi, Maybe a side question/issue: JNDI realm is actually not a JNDI realm but more a sun JNDI realm in the sense its configuration is quite bound to a particular implementation. Assuming a new "S

[Bug 65302] Add support for setting com.sun.jndi.ldap.tls.cbtype

2021-05-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302 --- Comment #3 from Michael Osipov --- (In reply to Christopher Schultz from comment #2) > Would it hurt anything to unconditionally add > com.sun.jndi.ldap.tls.cbtype=tls-server-end-point to the properties used to > i

[Bug 65303] SEVERE http2 NPE

2021-05-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65303 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65303] New: SEVERE http2 NPE

2021-05-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65303 Bug ID: 65303 Summary: SEVERE http2 NPE Product: Tomcat 10 Version: 10.0.5 Hardware: PC OS: Linux Status: NEW Severity: major Priority: P2

[Bug 65301] the enableLookups configuration is not fully active

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301 --- Comment #4 from wangmc --- thanks,You're right. when the system is configured with DNS, getLocalName will attempt to search for "hostname" using the native IP. This will also use the DNS service, which will occasionally result

[Bug 65302] Add support for setting com.sun.jndi.ldap.tls.cbtype

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302 --- Comment #2 from Christopher Schultz --- Would it hurt anything to unconditionally add com.sun.jndi.ldap.tls.cbtype=tls-server-end-point to the properties used to initialize to the InitialContext? Or does this really need to be something

[Bug 65302] Add support for setting com.sun.jndi.ldap.tls.cbtype

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302 --- Comment #1 from Michael Osipov --- Why? I did several reviews of the ticket when it was discussed with security-dev@. The only SASL mech supporting this is GSSAPI and you can request GSS-API to completely encrypt your traffic with Kerberos

[Bug 65302] New: Add support for setting com.sun.jndi.ldap.tls.cbtype

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65302 Bug ID: 65302 Summary: Add support for setting com.sun.jndi.ldap.tls.cbtype Product: Tomcat 9 Version: 9.0.39 Hardware: PC OS: Linux Status: NEW

[Bug 65301] the enableLookups configuration is not fully active

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301 --- Comment #3 from Remy Maucherat --- As it is right now, the enableLookups flags documentation is accurate: "Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host

[Bug 65301] the enableLookups configuration is not fully active

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301 --- Comment #2 from wangmc --- on my service dns is a must. so I disabled Lookups(default is false) in "server.xml".but in my code used RemoteIpValve class, the methord getLocalName does not on the controll of the "enab

[Bug 65301] the enableLookups configuration is not fully active

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301 --- Comment #1 from Remy Maucherat --- Created attachment 37858 --> https://bz.apache.org/bugzilla/attachment.cgi?id=37858=edit Patch This can be fixed easily, *but* there's a problem. Most often (= always) DNS lookup must be disabled,

[Bug 65301] New: the enableLookups configuration is not fully active

2021-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65301 Bug ID: 65301 Summary: the enableLookups configuration is not fully active Product: Tomcat 9 Version: 9.0.41 Hardware: PC OS: Linux Status: NEW

[Bug 62150] Behavior of relative paths with RequestDispatcher has changed

2021-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW

[Bug 58837] support "X-Content-Security-Policy" a.k.a as "CSP"

2021-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65267] Implement mod_headers like filter

2021-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267 Mark Thomas changed: What|Removed |Added CC||hau...@acm.org --- Comment #2 from Mark

[Bug 55383] Improve markup and design of Tomcat's HTML pages

2021-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=55383 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

Bug report for Tomcat Modules [2021/05/09]

2021-05-09 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 9 [2021/05/09]

2021-05-09 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Native [2021/05/09]

2021-05-09 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Connectors [2021/05/09]

2021-05-09 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Taglibs [2021/05/09]

2021-05-09 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 8 [2021/05/09]

2021-05-09 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

[Bug 65267] Implement mod_headers like filter

2021-05-06 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267 --- Comment #1 from Mark Thomas --- Link to more recent discussion where an alternative solution was discussed: https://markmail.org/thread/onzczbc6f73lsntb -- You are receiving this mail because: You are the assignee for the bug

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65244] annotations from @HandlesTypes are checked only at class level when scanning

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65244 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65244] annotations from @HandlesTypes are checked only at class level when scanning

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65244 --- Comment #24 from Mark Thomas --- I have no objection to a back-port now. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e

[Bug 65244] annotations from @HandlesTypes are checked only at class level when scanning

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65244 --- Comment #23 from Remy Maucherat --- (In reply to Remy Maucherat from comment #22) > So the fix will be in 10.0.6, will see if/when/how it can be backported to 9 > and 8.5. Should I backport now or should it be tested in 10.0.6

[Bug 56148] support (multiple) ocsp stapling

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 Mark Thomas changed: What|Removed |Added Version|unspecified |8.5.x-trunk Product|Tomcat 7

[Bug 56614] Add a switch to ignore annotations detection on tag instances for performance reason

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=56614 Mark Thomas changed: What|Removed |Added Version|trunk |8.5.x-trunk Target Milestone

[Bug 57827] Enable adding/removing of members via jmx in a static-membership cluster

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57827 Mark Thomas changed: What|Removed |Added Component|Cluster |Cluster Version|7.0.59

[Bug 60597] Add ability to set cipher suites for websocket client connections

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Mark Thomas changed: What|Removed |Added Product|Tomcat 7|Tomcat 8 Target Milestone

[Bug 56300] [Tribes] No useful examples, lack of documentation

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=56300 Mark Thomas changed: What|Removed |Added Version|unspecified |8.5.x-trunk Component

[Bug 63167] Network Requirements To Resolve No Members Active In Cluster Group

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63167 Mark Thomas changed: What|Removed |Added Target Milestone|--- | Product|Tomcat 7

[Bug 56438] If jar scan does not find context config or TLD config, log a message

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=56438 Mark Thomas changed: What|Removed |Added Product|Tomcat 7|Tomcat 8 Version|7.0.53

[Bug 57872] Do not auto-switch session cookie to version=1 due to '/' in Path when running in "strict compliance" mode (Internet Explorer and rfc6265)

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57872 Mark Thomas changed: What|Removed |Added Component|Catalina|Catalina Target Milestone

[Bug 55477] Add a solution to map a realm name to a security role

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477 Mark Thomas changed: What|Removed |Added Product|Tomcat 7|Tomcat 8 Version|trunk

[Bug 55470] Help users for ClassNotFoundExceptions during startup [PATCH]

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=55470 Mark Thomas changed: What|Removed |Added Component|Catalina|Catalina Target Milestone

[Bug 57367] If JAR scan experiences a stack overflow, give the URL from which each class in the loop was loaded in the complaint

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57367 Mark Thomas changed: What|Removed |Added Product|Tomcat 7|Tomcat 8 Version|7.0.57

[Bug 56787] Simplified jndi name parsing

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=56787 Mark Thomas changed: What|Removed |Added Version|trunk |8.5.x-trunk Product|Tomcat 7

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-05-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-05-04 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #8 from Mark Thomas --- I've applied a fix for Endpoints to 10.0.x, 9.0.x and 8.5.x. I'll look at Encoders and Decoders next so if there are any issues with the current approach do let me know. -- You are receiving this mail

[Bug 65277] org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException

2021-05-04 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277 --- Comment #5 from saranya --- (In reply to Mark Thomas from comment #4) > This looks like an application issue (retaining and using a reference to the > request and/or response after the processing of that request/response has >

[Bug 65277] org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException

2021-05-03 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID Status|NEEDINFO

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-05-03 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution

Bug report for Tomcat 9 [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Native [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 8 [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Modules [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Taglibs [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Connectors [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 7 [2021/05/02]

2021-05-02 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

[Bug 65277] org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277 --- Comment #3 from saranya --- (In reply to Remy Maucherat from comment #1) > Please test with a newer version of Tomcat 9, and also explain how to > reproduce the issue if it actually occurs. @Remy: Thanks for the reply. This happen

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #8 from François PLOU --- Thanks for your answer. I have modified the response header in order to be compliant and problem is the same (check attachement : ok.har and ko.har) I confirm the request as reached Apache Tomcat

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #7 from François PLOU --- Created attachment 37845 --> https://bz.apache.org/bugzilla/attachment.cgi?id=37845=edit ko.har -- You are receiving this mail because: You are the assignee for the

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #6 from François PLOU --- Created attachment 37844 --> https://bz.apache.org/bugzilla/attachment.cgi?id=37844=edit ok.har -- You are receiving this mail because: You are the assignee for the

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #5 from Konstantin Kolinko --- (In reply to François PLOU from comment #0) > When a response to a request contains following header (and more specially > the Etag attribute) : > > Cache-Control, Etag, Expires, L

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #4 from François PLOU --- Yes the 9.0.45 has this behaviour. I forgot to mention the this is not 100% the case. Sometimes it works sometimes not. I just need to click on refresh. The attachment sample.har contains the case

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #3 from François PLOU --- Created attachment 37843 --> https://bz.apache.org/bugzilla/attachment.cgi?id=37843=edit Exported HAR (2) Exported HAR from Firefox when the problem does not occurs -- You are receiving this m

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 --- Comment #2 from François PLOU --- Created attachment 37842 --> https://bz.apache.org/bugzilla/attachment.cgi?id=37842=edit Exported HAR Exported har from firefox with http400 -- You are receiving this mail because:

[Bug 65281] Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 Remy Maucherat changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Remy

[Bug 65281] New: Tomcat does not process correctly Etag and send HTTP 400 error code

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65281 Bug ID: 65281 Summary: Tomcat does not process correctly Etag and send HTTP 400 error code Product: Tomcat 9 Version: 9.0.45 Hardware: PC OS: Linux

[Bug 65277] org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277 --- Comment #2 from Mark Thomas --- The line numbers in the first stack trace do not match with the reported version. The SetAllPropertiesRule error also looks strange. -- You are receiving this mail because: You are the assignee for the bug

[Bug 65277] org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException

2021-04-30 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277 Remy Maucherat changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Remy

[Bug 65277] New: org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException

2021-04-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65277 Bug ID: 65277 Summary: org.apache.coyote.ajp.AjpProcessor.service Error processing request java.lang.NullPointerException Product: Tomcat 9 Version: 9.0.7 Hardware: PC

[Bug 65273] NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.5.57 in Jira

2021-04-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65273] NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.5.57 in Jira

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273 --- Comment #3 from Angelica Salazar --- (In reply to Mark Thomas from comment #2) > First the good news. I can recreate this. I downloaded trail versions of > Jira and R4J, created a single issue, requested an export and saw the >

[Bug 65273] NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.5.57 in Jira

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273 --- Comment #2 from Mark Thomas --- First the good news. I can recreate this. I downloaded trail versions of Jira and R4J, created a single issue, requested an export and saw the exception and at the bottom of the stack trace: "C

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 --- Comment #6 from Mark Thomas --- It currently looks like this is fixable. PR at https://github.com/apache/tomcat/pull/417 Need to allow time for the Tomcat community to review the PR. -- You are receiving this mail because: You

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 --- Comment #5 from Mark Thomas --- I've started to look at this. So far I have spotted a couple of minor issues with the current parsing that I need to fix. Commits for those will follow shortly. I haven't yet found any reason not to allow

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 --- Comment #4 from Miguel --- (In reply to Mark Thomas from comment #3) > This stricter parsing was introduced as part of the fix for CVE-2020-1935. > > Because the fix was in response to a security issue, that makes it a lot >

[Bug 65273] NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.5.57 in Jira

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273 Mark Thomas changed: What|Removed |Added Summary|NoClassDefFoundError in |NoClassDefFoundError

[Bug 65273] NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.57 in Jira

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273 Angelica Salazar changed: What|Removed |Added OS||All --- Comment #1 from Angelica

[Bug 65273] New: NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.57 in Jira

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273 Bug ID: 65273 Summary: NoClassDefFoundError in Apache POI dependency after upgrading to Tomcat 8.57 in Jira Product: Tomcat 8 Version: 8.5.57 Hardware: PC

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 --- Comment #3 from Mark Thomas --- This stricter parsing was introduced as part of the fix for CVE-2020-1935. Because the fix was in response to a security issue, that makes it a lot less likely the current behaviour will be changed. I'll

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 --- Comment #2 from Miguel --- (In reply to Michael Osipov from comment #1) > How old are those systems? I haven't the data. But I see that HTTP request are 1.0 version... then is very old... We have some legacy systems. One of these is a

[Bug 65272] Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 Michael Osipov changed: What|Removed |Added OS||All --- Comment #1 from Michael

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #7 from romain.manni-bucau --- @Mark functionally I can leave with current validation but theorically the validation is only known of the IoC but it is not super aligned on the spec. To illustrate it take a CDI or Spring encoder

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #6 from Mark Thomas --- @Rémy I think I can see a way to do that. We'll need to check which Configurator was used in the WsSession constructor to make sure we don't call the InstanceManager twice. It does mean that the timing

[Bug 65272] New: Problems proccessing HTTP request without CR in last versions

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272 Bug ID: 65272 Summary: Problems proccessing HTTP request without CR in last versions Product: Tomcat 9 Version: 9.0.x Hardware: PC Status: NEW

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #5 from Remy Maucherat --- (In reply to romain.manni-bucau from comment #4) > @Mark: this issue is about the default configurator, fully agree when a > custom configurator is used tomcat will not care. I agree if using the d

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #4 from romain.manni-bucau --- @Mark: this issue is about the default configurator, fully agree when a custom configurator is used tomcat will not care. I also agree encoders/decoders IoC support is not in the specification

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #3 from Mark Thomas --- Section 3.1.7 of the WebSocket specification requires endpoint instances are created via ServerEndpointConfig.Configurator.getEndpointInstance(). Users are free to supply their own Configurator

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #2 from romain.manni-bucau --- Hmm, endpoint api starts from a class on server side so should use the related instance manager instantiator and not only the injection "newInstance" probably. For an annotated endpoint

[Bug 65262] Enable websocket endpoints to be IoC friendly (javaee integration at least)

2021-04-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262 --- Comment #1 from Mark Thomas --- WebSocket endpoints already use the InstanceManager. https://github.com/apache/tomcat/blob/master/java/org/apache/tomcat/websocket/WsSession.java#L180 https://github.com/apache/tomcat/blob/master/java/org

[Bug 65267] Implement mod_headers like filter

2021-04-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267 Mark Thomas changed: What|Removed |Added Summary|Implement mod_hedaers like |Implement mod_headers like

[Bug 58464] servletRequest.getHeaderNames() returns all header names in lower case

2021-04-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58464 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|REOPENED

[Bug 65267] New: Implement mod_hedaers like filter

2021-04-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65267 Bug ID: 65267 Summary: Implement mod_hedaers like filter Product: Tomcat 10 Version: unspecified Hardware: All OS: All Status: NEW Severity

[Bug 58464] servletRequest.getHeaderNames() returns all header names in lower case

2021-04-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58464 Gonzalo changed: What|Removed |Added Resolution|WONTFIX |--- Status|RESOLVED

[Bug 65264] Header size is bigger will cause TimeoutException

2021-04-26 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264 --- Comment #3 from linking12 <297442...@qq.com> --- Do have any suggestions for me to circumvent this problem? if i use jetty high level api, can resolve this problem? -- You are receiving this mail because: You are the assignee for t

[Bug 65240] Multi line CATALINA_OPTS is failing in with new catalina.sh

2021-04-26 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65240 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW

[Bug 65265] getVMInfo() in Diagnostics.java throws exceptions on jdk > 8

2021-04-26 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65265 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65264] Header size is bigger will cause TimeoutException

2021-04-26 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 65265] getVMInfo() in Diagnostics.java throws exceptions on jdk > 8

2021-04-26 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65265 --- Comment #1 from Remy Maucherat --- I agree, isBootClassPathSupported should have been used since the exception is "normal". I'll fix that. -- You are receiving this mail because: You are the assignee f

[Bug 65265] New: getVMInfo() in Diagnostics.java throws exceptions on jdk > 8

2021-04-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65265 Bug ID: 65265 Summary: getVMInfo() in Diagnostics.java throws exceptions on jdk > 8 Product: Tomcat 10 Version: 10.0.4 Hardware: PC OS: Li

[Bug 65264] Header size is bigger will cause TimeoutException

2021-04-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264 --- Comment #1 from linking12 <297442...@qq.com> --- As jetty commitor said: 1: when i change the server to jetty, the timeout gone and jetty will not occur any exception; 2: see Jetty's client sending requests, and Tomcat server re

[Bug 65264] New: Header size is bigger will cause TimeoutException

2021-04-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65264 Bug ID: 65264 Summary: Header size is bigger will cause TimeoutException Product: Tomcat 9 Version: 9.0.45 Hardware: PC OS: Mac OS X 10.1 Status: NEW

Bug report for Tomcat 8 [2021/04/25]

2021-04-25 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Modules [2021/04/25]

2021-04-25 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

  1   2   3   4   5   6   7   8   9   10   >