[Bug 65645] New: illegal reflective access warning when deploying app using Tomcat manager

2021-10-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65645

Bug ID: 65645
   Summary: illegal reflective access warning when deploying app
using Tomcat manager
   Product: Tomcat 9
   Version: 9.0.54
  Hardware: Other
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: abhish...@formsite.com
  Target Milestone: -

We recently upgraded to Java 11 and seeing the following warning when using
Tomcat manager to deploy an app.


WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by
org.apache.catalina.loader.WebappClassLoaderBase
(file:/opt/apache-tomcat-9.0.54/lib/catalina.jar) to field
java.io.ObjectStreamClass$Caches.localDescs
WARNING: Please consider reporting this to the maintainers of
org.apache.catalina.loader.WebappClassLoaderBase
WARNING: Use --illegal-access=warn to enable warnings of further illegal
reflective access operations
WARNING: All illegal access operations will be denied in a future release

Command to deploy the app is:

wget --connect-timeout=60 --http-user=$TC_MGR_USERNAME
--http-password=$TC_MGR_PASSWORD --no-check-certificate --header='Host:
$hostname'
'https://$ip_address/mgr/text/deploy?war=file:$WAR=/app1=true' -O -

Environment: 
Tomcat 9.0.54
Cent OS 7 
# java -version
openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)


I see that it was fixed in https://bz.apache.org/bugzilla/show_bug.cgi?id=62901
but I am able to see the problem.

Thank you in for looking into this. Please let me know if you need any
additional information.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65433] Possible StringIndexOutOfBoundsException for symlinks in DirResourceSet.listWebAppPaths

2021-10-18 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65433

Christopher Schultz  changed:

   What|Removed |Added

 CC||krya...@gmail.com

--- Comment #3 from Christopher Schultz  ---
*** Bug 65637 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65637] Error starting child: Caused by: java.lang.StringIndexOutOfBoundsException

2021-10-18 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65637

Christopher Schultz  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #2 from Christopher Schultz  ---
Please upgrade Tomcat for the fix.

*** This bug has been marked as a duplicate of bug 65433 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65637] Error starting child: Caused by: java.lang.StringIndexOutOfBoundsException

2021-10-18 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65637

Christopher Schultz  changed:

   What|Removed |Added

  Attachment #38071|text/x-log  |text/plain
  mime type||

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 9 [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53602|Ver|Enh|2012-07-25|Support for HTTP status code 451  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|Inf|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|Inf|Enh|2018-08-09|Compress log files after rotation |
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
|63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti|
|64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot|
|64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin|
|64395|New|Enh|2020-04-30|Windows Installer should offer an option to select|
|65208|New|Enh|2021-03-29|Multi-threaded loading of servlets|
|65302|New|Enh|2021-05-12|Add support for setting com.sun.jndi.ldap.tls.cbty|
|65350|Inf|Nor|2021-06-03|The index ID of the request header that Jetty sent|
|65401|New|Enh|2021-06-28|do no silently fail on javax.net.ssl.SSLHandshakeE|
|65571|Inf|Nor|2021-09-14|ClientAbortException in Tomcat 9.0.50 and 9.0.52  |
+-+---+---+--+--+
| Total   36 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Modules [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
|64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available|
|64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return|
|64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour|
|64570|New|Nor|2020-07-01|Transaction not rollbacked if autocommit is false |
|64809|New|Nor|2020-10-13|Connection properties not reset to defaults when C|
|65347|New|Nor|2021-06-02|The equals method from statements generated by the|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comman

Bug report for Tomcat 8 [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r|
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|65408|Inf|Nor|2021-06-30|tomcat8.5.X occurs an AssertionError occationally |
|65455|Inf|Nor|2021-07-19|after about 10 days ago, tomcat8.5.63 can't respon|
|65637|New|Nor|2021-10-15|Error starting child: Caused by: java.lang.StringI|
+-+---+---+--+--+
| Total   41 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Connectors [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
|64775|Inf|Nor|2020-09-28|mod_jk is sending both Content-Length and Transfer|
|65488|New|Nor|2021-08-08|Destroy method is not being called during Failover|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Native [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|64826|New|Maj|2020-10-19|libtcnative prompts for private key password in so|
|64862|New|Enh|2020-10-30|Improve LibreSSL support  |
|65344|New|Enh|2021-05-31|OpenSSL configuration |
+-+---+---+--+--+
| Total4 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Taglibs [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
|64649|New|Nor|2020-08-06|XSLT transformation - document('') doesn't return |
|65491|New|Nor|2021-08-09|Behavior differences with c:import when flushing o|
+-+---+---+--+--+
| Total   12 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 10 [2021/10/17]

2021-10-17 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|64353|New|Enh|2020-04-15|Add support for accessing server certificate from |
|64549|New|Enh|2020-06-23|create a project module to launch Tomcat in OSGi  |
|64550|New|Enh|2020-06-23|create a project module to launch Tomcat in JPMS  |
|64943|New|Enh|2020-11-29|[Patch] Add support for Unix Domain Sockets to org|
|65124|New|Enh|2021-02-03|Inefficient generated JSP code|
|65267|New|Enh|2021-04-27|Implement mod_headers like filter |
|65391|New|Enh|2021-06-19|Additional user attributes queried by (some) realm|
|65635|New|Enh|2021-10-15|Methods to return auth errors |
+-+---+---+--+--+
| Total8 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65637] Error starting child: Caused by: java.lang.StringIndexOutOfBoundsException

2021-10-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65637

--- Comment #1 from Konstantin Ryadov  ---
Created attachment 38071
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38071=edit
Tomcat log with java.lang.StringIndexOutOfBoundsException

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65637] New: Error starting child: Caused by: java.lang.StringIndexOutOfBoundsException

2021-10-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65637

Bug ID: 65637
   Summary: Error starting child: Caused by:
java.lang.StringIndexOutOfBoundsException
   Product: Tomcat 8
   Version: 8.5.69
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: krya...@gmail.com
  Target Milestone: 

Directory symlink inside webapp//WEB-INF directory leads to
java.lang.StringIndexOutOfBoundsException - see attached tomcat_0.log

The application do not start.

Apache Tomcat/8.5.69
Jun 30 2021 18:00:00 UTC
8.5.69.0
Linux   
3.10.0-1160.25.1.el7.x86_64 
amd64   
/usr/java/jdk1.8.0_212-amd64/jre
1.8.0_212-b10   
Oracle Corporation

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65635] Methods to return auth errors

2021-10-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65635

Mark Thomas  changed:

   What|Removed |Added

   Severity|normal  |enhancement

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65635] Methods to return auth errors

2021-10-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65635

Werner Daehn  changed:

   What|Removed |Added

 OS||All
 CC||werner.da...@googlemail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65635] New: Methods to return auth errors

2021-10-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65635

Bug ID: 65635
   Summary: Methods to return auth errors
   Product: Tomcat 10
   Version: 10.0.0
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Authentication
  Assignee: dev@tomcat.apache.org
  Reporter: werner.da...@googlemail.com
  Target Milestone: --

I am using FormBased login. If there is an error during login, tomcat redirects
to an error page and there I show a static text: "login failed".
But there is no way foreseen to tell the user why it failed. Sometimes you
don't want to, sometimes it is essential. I have seen quite a lot of questions
in that area in stack overflow, so it is nothing new.

Regarding the types of error, let me categorize them into four buckets:

1. username or password wrong: In this case we do not want to provide any
feedback for security ressons. A "username/password" wrong message is enough.

2. Issues with the IDP, e.g. the user database is down, network issues, too
many SQL connections open,  all the infrastructure related issues.
Returning a static text would cause the user to retry, to change his password
or whatever. What he should do is calling IT to fix the infrastructure problem.
username/password is valid, it is just that it cannot be validated!

3. Login succeeds but a follow up action is needed. Password is flagged as
to-be-changed and a password-change dialog must be shown. Database is in
maintenance mode. This requires either a different page or additional feedback
to the error page in order to render the correct controls.

4. Issues with the Realm or its configuration. Realm implementation has a NPE.
Realm requires a setting but it is not provided. These are setup issues and
looking into the webserver logs is fine, although a user feedback might be
better still. Then the user would know it is not his fault.

It is my believe that the tomcat should provide(!) a mechanism to attach error
information to the error page in order to have the option to show different
things then. And it is the Realm developer's(!) decision what to return and
what is better hidden.

>From an implementation point if view I would think it is easy to do as well,
without any backward compatibility issues. In the FormBasedRealm I would wrap
all authenticate() calls into try-catch-Throwable and attach the exception to
the redirect call. Either as URL parameter, better as a session variable. Per
my understanding a session exists already at that point in time.
Might be better to add IOExceptions to the Realm Interface but that would not
be backward compatible.

Also I would expose a logger object for all classes extending the RealmBase
class. Just to motivate people using it more.

Do you concur?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63191] RemoteEndpoint.Async#sendText(String, SendHandler) never calls the callback

2021-10-10 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63191

--- Comment #19 from Boris Petrov  ---
Still happening on Tomcat 9.0.54 and CometD 6.0.4.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Native [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|64826|New|Maj|2020-10-19|libtcnative prompts for private key password in so|
|64862|New|Enh|2020-10-30|Improve LibreSSL support  |
|65344|New|Enh|2021-05-31|OpenSSL configuration |
+-+---+---+--+--+
| Total4 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 9 [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53602|Ver|Enh|2012-07-25|Support for HTTP status code 451  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|Inf|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|Inf|Enh|2018-08-09|Compress log files after rotation |
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
|63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti|
|64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot|
|64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin|
|64395|New|Enh|2020-04-30|Windows Installer should offer an option to select|
|65208|New|Enh|2021-03-29|Multi-threaded loading of servlets|
|65302|New|Enh|2021-05-12|Add support for setting com.sun.jndi.ldap.tls.cbty|
|65350|Inf|Nor|2021-06-03|The index ID of the request header that Jetty sent|
|65401|New|Enh|2021-06-28|do no silently fail on javax.net.ssl.SSLHandshakeE|
|65571|Inf|Nor|2021-09-14|ClientAbortException in Tomcat 9.0.50 and 9.0.52  |
+-+---+---+--+--+
| Total   36 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Connectors [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
|64775|Inf|Nor|2020-09-28|mod_jk is sending both Content-Length and Transfer|
|65488|New|Nor|2021-08-08|Destroy method is not being called during Failover|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 10 [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|64353|New|Enh|2020-04-15|Add support for accessing server certificate from |
|64549|New|Enh|2020-06-23|create a project module to launch Tomcat in OSGi  |
|64550|New|Enh|2020-06-23|create a project module to launch Tomcat in JPMS  |
|64943|New|Enh|2020-11-29|[Patch] Add support for Unix Domain Sockets to org|
|65124|New|Enh|2021-02-03|Inefficient generated JSP code|
|65267|New|Enh|2021-04-27|Implement mod_headers like filter |
|65391|New|Enh|2021-06-19|Additional user attributes queried by (some) realm|
+-+---+---+--+--+
| Total7 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Modules [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
|64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available|
|64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return|
|64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour|
|64570|New|Nor|2020-07-01|Transaction not rollbacked if autocommit is false |
|64809|New|Nor|2020-10-13|Connection properties not reset to defaults when C|
|65347|New|Nor|2021-06-02|The equals method from statements generated by the|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comman

Bug report for Taglibs [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
|64649|New|Nor|2020-08-06|XSLT transformation - document('') doesn't return |
|65491|New|Nor|2021-08-09|Behavior differences with c:import when flushing o|
+-+---+---+--+--+
| Total   12 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 8 [2021/10/10]

2021-10-10 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r|
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|65408|Inf|Nor|2021-06-30|tomcat8.5.X occurs an AssertionError occationally |
|65455|Inf|Nor|2021-07-19|after about 10 days ago, tomcat8.5.63 can't respon|
+-+---+---+--+--+
| Total   40 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65571] ClientAbortException in Tomcat 9.0.50 and 9.0.52

2021-10-06 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65571

--- Comment #3 from Mark Thomas  ---
(In reply to sutharvismay from comment #2)
> Shouldn't we receive
> IOException for closing string and not wrap fail string. As per the stack
> trace we had status is CLOSED.

No. The closing and closed flags track the status of a normal, server initiated
close. You are seeing the result of what looks like an unexpected - possibly
client initiated - close.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65571] ClientAbortException in Tomcat 9.0.50 and 9.0.52

2021-10-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65571

--- Comment #2 from sutharvis...@gmail.com ---
I'm working on reproducing this behavior. I have a following question.

https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/util/net/SecureNioChannel.java#L794

This line check for whether line is closed or not. Shouldn't we receive
IOException for closing string and not wrap fail string. As per the stack trace
we had status is CLOSED.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Native [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|64826|New|Maj|2020-10-19|libtcnative prompts for private key password in so|
|64862|New|Enh|2020-10-30|Improve LibreSSL support  |
|65344|New|Enh|2021-05-31|OpenSSL configuration |
+-+---+---+--+--+
| Total4 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Connectors [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
|64775|Inf|Nor|2020-09-28|mod_jk is sending both Content-Length and Transfer|
|65488|New|Nor|2021-08-08|Destroy method is not being called during Failover|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 9 [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53602|Ver|Enh|2012-07-25|Support for HTTP status code 451  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|Inf|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|Inf|Enh|2018-08-09|Compress log files after rotation |
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
|63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti|
|64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot|
|64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin|
|64395|New|Enh|2020-04-30|Windows Installer should offer an option to select|
|65208|New|Enh|2021-03-29|Multi-threaded loading of servlets|
|65302|New|Enh|2021-05-12|Add support for setting com.sun.jndi.ldap.tls.cbty|
|65350|Inf|Nor|2021-06-03|The index ID of the request header that Jetty sent|
|65401|New|Enh|2021-06-28|do no silently fail on javax.net.ssl.SSLHandshakeE|
|65571|Inf|Nor|2021-09-14|ClientAbortException in Tomcat 9.0.50 and 9.0.52  |
+-+---+---+--+--+
| Total   36 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Modules [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
|64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available|
|64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return|
|64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour|
|64570|New|Nor|2020-07-01|Transaction not rollbacked if autocommit is false |
|64809|New|Nor|2020-10-13|Connection properties not reset to defaults when C|
|65347|New|Nor|2021-06-02|The equals method from statements generated by the|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comman

Bug report for Tomcat 8 [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r|
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|65408|Inf|Nor|2021-06-30|tomcat8.5.X occurs an AssertionError occationally |
|65455|Inf|Nor|2021-07-19|after about 10 days ago, tomcat8.5.63 can't respon|
+-+---+---+--+--+
| Total   40 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 10 [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|64353|New|Enh|2020-04-15|Add support for accessing server certificate from |
|64549|New|Enh|2020-06-23|create a project module to launch Tomcat in OSGi  |
|64550|New|Enh|2020-06-23|create a project module to launch Tomcat in JPMS  |
|64943|New|Enh|2020-11-29|[Patch] Add support for Unix Domain Sockets to org|
|65124|New|Enh|2021-02-03|Inefficient generated JSP code|
|65267|New|Enh|2021-04-27|Implement mod_headers like filter |
|65391|New|Enh|2021-06-19|Additional user attributes queried by (some) realm|
+-+---+---+--+--+
| Total7 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Taglibs [2021/10/03]

2021-10-03 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
|64649|New|Nor|2020-08-06|XSLT transformation - document('') doesn't return |
|65491|New|Nor|2021-08-09|Behavior differences with c:import when flushing o|
+-+---+---+--+--+
| Total   12 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65599] Tomcat 8.5 cannot compile JSPs with Java 17 (System cannot be resolved)

2021-10-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65599

Konstantin Kolinko  changed:

   What|Removed |Added

 Resolution|INVALID |WONTFIX

--- Comment #2 from Konstantin Kolinko  ---
Additional notes:
1. This is reproducible with Tomcat 8.5.72 (RC) and Java 17.0.0

a) The following unit test is failing (for all connectors):
org.apache.catalina.mapper.TestMapperWebapps

b) In the examples web application the following pages are failing to compile:
Servlet Examples -> async1 and async3
JSP Examples -> Include
http://localhost:8080/examples/async/async1
http://localhost:8080/examples/async/async3
http://localhost:8080/examples/jsp/include/include.jsp

All other pages are OK.


2. Looking the "Include" page example, when the error occurs,
there are TWO errors that are logged:

a) In localhost.*.log

The same error message, as seen on the failing JSP page,
[[[
02-Oct-2021 18:19:06.305 SEVERE [http-nio-8080-exec-1]
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for
servlet [jsp] in context with path [/examples] threw exception [Unable to
compile class for JSP: 

An error occurred at line: [17] in the jsp file: [/jsp/include/foo.jsp]
System cannot be resolved
14:   See the License for the specific language governing permissions and
15:   limitations under the License.
16: 
17: --%><%= System.currentTimeMillis() %>


Stacktrace:] with root cause
 org.apache.jasper.JasperException: Unable to compile class for JSP: 

An error occurred at line: [17] in the jsp file: [/jsp/include/foo.jsp]
System cannot be resolved
14:   See the License for the specific language governing permissions and
15:   limitations under the License.
16: 
17: --%><%= System.currentTimeMillis() %>


Stacktrace:
  at
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:101)
  at
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:213)
  at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:556)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:380)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:350)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
  at
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:597)
  at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:398)
  at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:383)
  at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:331)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
  at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
  at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
  at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at
org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
  at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:196)
  at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
  at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
  at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
  at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
  at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
  at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
  at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
  at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
  at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
  at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1650)
  at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  at
org.apache.tomcat.util.th

[Bug 65553] Orphaned thread by JNDIRealm / clearReferencesThreads reports memory leak

2021-09-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #6 from Mark Thomas  ---
Work-around added in:
- 10.1.x for 10.1.0-M6 onwards
- 10.0.x for 10.0.12 onwards
- 9.0.x for 9.0.54 onwards
- 8.5.x for 8.5.72 onwards

It will need to stay in place for these versions. Once there a fix in the JRE
and Tomcat's minimum JRE version is known to include the fix, then we can
remove the work-around.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65599] Tomcat 8.5 cannot compile JSPs with Java 17 (System cannot be resolved)

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65599

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #1 from Mark Thomas  ---
This is as expected.

Tomcat 8.5.x is required (by the Java EE specification) to run on Java 7. The
version of ECJ that ships with Tomcat 8.5.x is the most recent that runs on
Java 7.

Tomcat has been written so that if you replace the ECJ Jar with a newer version
(and run on a newer version of Java) you can compile against more recent
versions of Java. The other option is to switch to using Ant as the compiler.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65586] JarContents#mightContainResource doesn't return true when finding directory in jar file by using bloom filter

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65586

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Mark Thomas  ---
Fixed in:
- 10.1.x for 10.1.0-M6 onwards
- 10.0.x for 10.0.12 onwards
- 9.0.x for 9.0.54 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65599] New: Tomcat 8.5 cannot compile JSPs with Java 17 (System cannot be resolved)

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65599

Bug ID: 65599
   Summary: Tomcat 8.5 cannot compile JSPs with Java 17 (System
cannot be resolved)
   Product: Tomcat 8
   Version: 8.5.71
  Hardware: PC
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Jasper
  Assignee: dev@tomcat.apache.org
  Reporter: denis.fuenzal...@microsoft.com
  Target Milestone: 

Created attachment 38049
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38049=edit
Catalina output with the stacktrace when attempting to compile the JSP in Java
17

When running the latest Tomcat 8.5.71 with Java 17, it seems the version of ECL
bundled with Tomcat is too old and cannot load the classes from the JDK,
resulting in an error when compiling trivial JSPs like the following:

<%@ page session="false" pageEncoding="UTF-8" contentType="text/html;
charset=UTF-8" %>


  
<%= System.getProperty("os.name") %>
  


The error looks like:

HTTP Status 500 – Internal Server Error
Type Exception Report

Message Unable to compile class for JSP:

Description The server encountered an unexpected condition that
prevented it from fulfilling the request.

Exception

org.apache.jasper.JasperException: Unable to compile class for JSP: 

An error occurred at line: [5] in the jsp file: [/index.jsp]
System cannot be resolved
2: 
3: 
4:   
5: <%= System.getProperty("os.name") %>
6:   
7: 

We've found that replacing the ECL Jar bundled with Tomcat 8.5.71
(ecj-4.6.3.jar) with the version from Tomcat 9.0.53 (ecj-4.20.jar) fixes the
issue.

We've tested this occurs with JDKs from multiple vendors including Adoptium,
Oracle (from jdk.java.net) and Azul.

Kind regards,

-- Denis

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65586] JarContents#mightContainResource doesn't return true when finding directory in jar file by using bloom filter

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65586

--- Comment #1 from Mark Thomas  ---
That is a very clear description. Thank you. I am working on a fix now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65585] Obsolete comment at top of build.properties.default file

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65585

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 OS||All
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Fixed in:
- 10.1.x for 10.1.0-M6 onwards
- 10.0.x for 10.0.12 onwards
- 9.0.x for 9.0.54 onwards
- 8.5.x for 8.5.72 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65598] Security by default with Tomcat error pages

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65598

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Mark Thomas  ---
Discussion of this topic - if desired - belongs on the users list.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65598] New: Security by default with Tomcat error pages

2021-09-27 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65598

Bug ID: 65598
   Summary: Security by default with Tomcat error pages
   Product: Tomcat 8
   Version: 8.5.71
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: alexand...@gmx.net
  Target Milestone: 

The default error pages provide a detailed report and server version by
default.

To prevent information disclosure and gathering this default behaviour should
be changed to not to report this information.

This could probably be done by setting


public class ErrorReportValve extends ValveBase {

private boolean showReport = false;

private boolean showServerInfo = false;
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Modules [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
|64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available|
|64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return|
|64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour|
|64570|New|Nor|2020-07-01|Transaction not rollbacked if autocommit is false |
|64809|New|Nor|2020-10-13|Connection properties not reset to defaults when C|
|65347|New|Nor|2021-06-02|The equals method from statements generated by the|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comman

Bug report for Tomcat Native [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|64826|New|Maj|2020-10-19|libtcnative prompts for private key password in so|
|64862|New|Enh|2020-10-30|Improve LibreSSL support  |
|65344|New|Enh|2021-05-31|OpenSSL configuration |
+-+---+---+--+--+
| Total4 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Connectors [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
|64775|Inf|Nor|2020-09-28|mod_jk is sending both Content-Length and Transfer|
|65488|New|Nor|2021-08-08|Destroy method is not being called during Failover|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 9 [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53602|Ver|Enh|2012-07-25|Support for HTTP status code 451  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|Inf|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|Inf|Enh|2018-08-09|Compress log files after rotation |
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
|63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti|
|64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot|
|64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin|
|64395|New|Enh|2020-04-30|Windows Installer should offer an option to select|
|65208|New|Enh|2021-03-29|Multi-threaded loading of servlets|
|65302|New|Enh|2021-05-12|Add support for setting com.sun.jndi.ldap.tls.cbty|
|65350|Inf|Nor|2021-06-03|The index ID of the request header that Jetty sent|
|65401|New|Enh|2021-06-28|do no silently fail on javax.net.ssl.SSLHandshakeE|
|65553|New|Min|2021-09-06|Orphaned thread by JNDIRealm / clearReferencesThre|
|65571|Inf|Nor|2021-09-14|ClientAbortException in Tomcat 9.0.50 and 9.0.52  |
|65586|New|Nor|2021-09-22|JarContents#mightContainResource doesn't return tr|
+-+---+---+--+--+
| Total   38 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 10 [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|64353|New|Enh|2020-04-15|Add support for accessing server certificate from |
|64549|New|Enh|2020-06-23|create a project module to launch Tomcat in OSGi  |
|64550|New|Enh|2020-06-23|create a project module to launch Tomcat in JPMS  |
|64943|New|Enh|2020-11-29|[Patch] Add support for Unix Domain Sockets to org|
|65124|New|Enh|2021-02-03|Inefficient generated JSP code|
|65267|New|Enh|2021-04-27|Implement mod_headers like filter |
|65391|New|Enh|2021-06-19|Additional user attributes queried by (some) realm|
|65585|New|Trv|2021-09-21|Obsolete comment at top of build.properties.defaul|
+-+---+---+--+--+
| Total8 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 8 [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r|
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|65408|Inf|Nor|2021-06-30|tomcat8.5.X occurs an AssertionError occationally |
|65455|Inf|Nor|2021-07-19|after about 10 days ago, tomcat8.5.63 can't respon|
+-+---+---+--+--+
| Total   40 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Taglibs [2021/09/26]

2021-09-26 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
|64649|New|Nor|2020-08-06|XSLT transformation - document('') doesn't return |
|65491|New|Nor|2021-08-09|Behavior differences with c:import when flushing o|
+-+---+---+--+--+
| Total   12 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65587] https://tomcat.apache.org/download-90.cgi is not accessible

2021-09-22 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65587

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Mark Thomas  ---
This has been fixed now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65587] https://tomcat.apache.org/download-90.cgi is not accessible

2021-09-22 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65587

--- Comment #1 from Mark Thomas  ---
Thanks for the report. It looks like some recent changes overnight to the
mirror script broke at least Tomcat downloads for at least some users.

That script isn't under the control of the Tomcat project but we are in touch
with the team that manages it to get it fixed.

Until the the script is fixed, you should be able to obtain Tomcat 9 from:
https://dlcdn.apache.org/tomcat/tomcat-9/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65587] New: https://tomcat.apache.org/download-90.cgi is not accessible

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65587

Bug ID: 65587
   Summary: https://tomcat.apache.org/download-90.cgi is not
accessible
   Product: Tomcat 9
   Version: unspecified
  Hardware: All
OS: All
Status: NEW
  Severity: critical
  Priority: P2
 Component: Documentation
  Assignee: dev@tomcat.apache.org
  Reporter: sandipdhak...@gmail.com
  Target Milestone: -

Created attachment 38040
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38040=edit
The attachment contains an error while browsing the URL
https://tomcat.apache.org/download-90.cgi from Firefox browser.

I have been trying this morning from 6 am NPT to download tomcat 9 from the
URL: https://tomcat.apache.org/download-90.cgi but it is showing the following
error.

/var/www/dyn/closer.lua:322: attempt to index local 'cdn_uri_check' (a nil
value) 

I thought that this could be a problem on my browser only and after that, I've
checked this on Google Chrome, Firefox, and Microsoft Edge but still getting
the same error. 

Furthermore, I've also checked this on Windows and ubuntu but the error exists.

I have attached the error screenshot on the attachment, please have a look.

Best Regards,
Sandip Dhakal

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65586] JarContents#mightContainResource doesn't return true when finding directory in jar file by using bloom filter

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65586

DigitalCat  changed:

   What|Removed |Added

Summary|JarContents#mightContainRes |JarContents#mightContainRes
   |ource doesn't return true   |ource doesn't return true
   |when found directory in jar |when finding directory in
   |file by using bloom filter  |jar file by using bloom
   ||filter

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65586] New: JarContents#mightContainResource doesn't return true when found directory in jar file by using bloom filter

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65586

Bug ID: 65586
   Summary: JarContents#mightContainResource doesn't return true
when found directory in jar file by using bloom filter
   Product: Tomcat 9
   Version: unspecified
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: digital...@huawei.com
  Target Milestone: -

Dear all

When using a bloom filter to speed up archive lookups
(useBloomFilterForArchives = "true" in context.xml) in Tomcat9, tomcat will
fail to get resources from jar file in some special condition.

For example , when we want to find a directory resource in xxx.jar by using a
bloom filter,

if we use " cl.getResouce("/org/apache/coyote", "/WEB-INF/classes") " to get
resources , noting will be returned,  
(By the way,
we find the same way to be used to get resources in the xmlbeans-4.0.0.jar
org.apache.xmlbeans.impl.schema.SchemaTypeLoaderImpl#isPath30)

but if we use cl.getResouce("/org/apache/coyote/", "/WEB-INF/classes") , it
will return the resources we want successfully.

if we do not use bloomFilter , both ways will return resources successfully. 

It is cause by org.apache.catalina.webresources.JarContents#JarContents who
create hashCode of JarEntry.getName(), if JarEntry is directory, its name
contain

"/" at the last of string. 

So when you use param didn't contain "/" at last,
org.apache.catalina.webresources.JarContents#mightContainResource will return
false.

For example:

JarFile jarFile = new JarFile("D:\\tomcat-coyote.jar");

JarContents jarContents  = new JarContents(jarFile);

// false

System.out.println(jarContents.mightContainResource("/org/apache/catalina",
"/WEB-INF/classes"));

// true
   
System.out.println(jarContents.mightContainResource("/org/apache/catalina/",
"/WEB-INF/classes"));

So I suggest changing JarContents#hashcode like this to ignore end slash of
path

private int hashcode(String content, int startPos, int hashPrime) {
int h = hashPrime/2;
int contentLength = content.length();

if (contentLength > 1 && content.charAt(contentLength - 1) == '/') {
// ignore end slash
contentLength--;
}

for (int i = startPos; i < contentLength; i++) {
h = hashPrime * h + content.charAt(i);
}

if (h < 0) {
h = h * -1;
}
return h;
}



sorry ,I am not native speaker , hope that I made it clear!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65585] New: Obsolete comment at top of build.properties.default file

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65585

Bug ID: 65585
   Summary: Obsolete comment at top of build.properties.default
file
   Product: Tomcat 10
   Version: 10.1.0-M5
  Hardware: PC
Status: NEW
  Severity: trivial
  Priority: P2
 Component: Documentation
  Assignee: dev@tomcat.apache.org
  Reporter: knst.koli...@gmail.com
  Target Milestone: --

Just noted. There is a comment at the top of build.properties.default file
(line #16) in all current versions of Tomcat says:

[[[
# -
# build.properties.sample
#
# This is an example "build.properties" file, used to customize building
# Tomcat for your local environment.  It defines the location of all external
# modules that Tomcat depends on.  Copy this file to "build.properties"
# in the top-level source directory, and customize it as needed.
# -
]]]

a) This file is not "build.properties.sample", but "build.properties.default".

b) It suggests copying the entire file. It would be better to copy just the
values that you are going to change.

c) Properties that can be configured like that are not limited to those listed
in this file. Almost any property declared in build.xml can be overwritten in
this way.

Maybe just reference to BUILDING.txt where this could be documented with more
details.

(I think properties declared with  task cannot be overwritten like
that.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 56516] VariableInfo doesn't handle scope changes correctly

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=56516

--- Comment #8 from Mark Thomas  ---
It has been a long time comping but the move to Eclipse and Jakarta EE means I
can now propose changes to the JSP spec to address this.

Given the circumstances, the proposed changes are very modest and aim to
provide a workable solution with the minimal amount of change.

The current location for the issue is:
https://github.com/eclipse-ee4j/jsp-api/issues/42

Please add any comments there.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65448] Download of file via Servlet OutputStream blocks when using SSL

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65448

Mark Thomas  changed:

   What|Removed |Added

 OS||All
Version|9.0.52  |9.0.50

--- Comment #30 from Mark Thomas  ---
Restore correct version and OS info. This should not be edited.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65448] Download of file via Servlet OutputStream blocks when using SSL

2021-09-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65448

patrickzeitz  changed:

   What|Removed |Added

Version|9.0.50  |9.0.52
 OS|All |Windows Server 2016

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Modules [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
|64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available|
|64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return|
|64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour|
|64570|New|Nor|2020-07-01|Transaction not rollbacked if autocommit is false |
|64809|New|Nor|2020-10-13|Connection properties not reset to defaults when C|
|65347|New|Nor|2021-06-02|The equals method from statements generated by the|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comman

Bug report for Tomcat Native [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|64826|New|Maj|2020-10-19|libtcnative prompts for private key password in so|
|64862|New|Enh|2020-10-30|Improve LibreSSL support  |
|65344|New|Enh|2021-05-31|OpenSSL configuration |
+-+---+---+--+--+
| Total4 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Connectors [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
|64775|Inf|Nor|2020-09-28|mod_jk is sending both Content-Length and Transfer|
|65488|New|Nor|2021-08-08|Destroy method is not being called during Failover|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 10 [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|64353|New|Enh|2020-04-15|Add support for accessing server certificate from |
|64549|New|Enh|2020-06-23|create a project module to launch Tomcat in OSGi  |
|64550|New|Enh|2020-06-23|create a project module to launch Tomcat in JPMS  |
|64943|New|Enh|2020-11-29|[Patch] Add support for Unix Domain Sockets to org|
|65124|New|Enh|2021-02-03|Inefficient generated JSP code|
|65267|New|Enh|2021-04-27|Implement mod_headers like filter |
|65391|New|Enh|2021-06-19|Additional user attributes queried by (some) realm|
+-+---+---+--+--+
| Total7 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 8 [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r|
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|65408|Inf|Nor|2021-06-30|tomcat8.5.X occurs an AssertionError occationally |
|65455|Inf|Nor|2021-07-19|after about 10 days ago, tomcat8.5.63 can't respon|
+-+---+---+--+--+
| Total   40 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 9 [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53602|Ver|Enh|2012-07-25|Support for HTTP status code 451  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|Inf|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|Inf|Enh|2018-08-09|Compress log files after rotation |
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
|63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti|
|64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot|
|64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin|
|64395|New|Enh|2020-04-30|Windows Installer should offer an option to select|
|65208|New|Enh|2021-03-29|Multi-threaded loading of servlets|
|65302|New|Enh|2021-05-12|Add support for setting com.sun.jndi.ldap.tls.cbty|
|65350|Inf|Nor|2021-06-03|The index ID of the request header that Jetty sent|
|65401|New|Enh|2021-06-28|do no silently fail on javax.net.ssl.SSLHandshakeE|
|65553|New|Min|2021-09-06|Orphaned thread by JNDIRealm / clearReferencesThre|
|65571|Inf|Nor|2021-09-14|ClientAbortException in Tomcat 9.0.50 and 9.0.52  |
+-+---+---+--+--+
| Total   37 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Taglibs [2021/09/19]

2021-09-19 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
|64649|New|Nor|2020-08-06|XSLT transformation - document('') doesn't return |
|65491|New|Nor|2021-08-09|Behavior differences with c:import when flushing o|
+-+---+---+--+--+
| Total   12 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65577] Intermittent AccessControlException using NIO2 with security manager enabled

2021-09-17 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65577

--- Comment #3 from David  ---
Thanks for the quick turnaround Mark. We will look into migrating off of
security manager.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65577] Intermittent AccessControlException using NIO2 with security manager enabled

2021-09-17 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65577

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Mark Thomas  ---
Fixed in:
- 10.1.x for 10.1.0-M6 onwards
- 10.0.x for 10.0.12 onwards
- 9.0.x for 9.0.54 onwards
- 8.5.x for 8.5.72 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65577] Intermittent AccessControlException using NIO2 with security manager enabled

2021-09-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65577

Mark Thomas  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Mark Thomas  ---
We'll tale a look but given that the long term future of the Java security
manager doesn't look good you might want to look at why you want to run under a
security manager and what alternative solutions are available.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65577] New: Intermittent AccessControlException using NIO2 with security manager enabled

2021-09-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65577

Bug ID: 65577
   Summary: Intermittent AccessControlException using NIO2 with
security manager enabled
   Product: Tomcat 8
   Version: 8.5.70
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: shakita.3df4f...@nicoric.com
  Target Milestone: 

We are doing some testing prior to upgrading from 8.5.66 to 8.5.70. When we
configure a SSL/TLS connector using Nio2 and run Tomcat with Security Manger
enabled we are getting intermittent java.security.AccessControlException errors
when accessing the default Tomcat root, e.g. https://hostname:8443/

We have observed the issue using Oracle Java 1.8.0_251, 1.8.0_301 and 11.0.8
2020-07-14 LTS on Windows Server 2019 and RedHat Linux 7.

When we change the connector configuration to use
org.apache.coyote.http11.Http11NioProtocol the errors are not present.

Example connector configuration








The catalina.policy is the default one which comes with the 8.5.70 release

Startup command:

.\catalina.bat start -security

Example error message


16-Sep-2021 12:38:11.824 SEVERE [https-jsse-nio2-8443-exec-4]
org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun Error running
socket processor
java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"accessClassInPackage.org.apache.tomcat.util.net")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:886)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
at
sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:405)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at
org.apache.tomcat.util.net.SecureNio2Channel.processSNI(SecureNio2Channel.java:387)
at
org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:231)
at
org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:222)
at
org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1593)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:)
at
org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:104)
at
org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:97)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Example Java security debug output
-

access: access denied ("java.lang.RuntimePermission"
"accessClassInPackage.org.apache.tomcat.util.net")
java.lang.Exception: Stack trace
at java.base/java.lang.Thread.dumpStack(Thread.java:1387)
at
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:462)
at
java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at
java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1290)
at
java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:575)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at
org.apache.tomcat.util.net.SecureNio2Channel.processSNI(SecureNio2Channel.java:387)
at
org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:231)
at
org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:222)
at
org.apache.tomcat.util.net.Nio2Endpoint$Sock

[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #6 from Mark Thomas  ---
You don't have to understand the project's decision to use per release branch
KEYS files. The project has made the decision and it is clear from the comments
on this issue and the archives that that is a decision that the Tomcat project
community is happy with.

KEYS files in current branches have been aligned with the per version KEYS
files.

violetagg's key has been added to the per version keys for 8.x

remm's old DSA key has been added to the per version keys for 6.x

markt's key has been added to the per version keys for 5.x

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65553] Orphaned thread by JNDIRealm / clearReferencesThreads reports memory leak

2021-09-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553

--- Comment #5 from Mark Thomas  ---
OpenJDK bug created

https://bugs.openjdk.java.net/browse/JDK-8273874

We will still need to address this in Tomcat to cover the time until we can
guarantee that the version of the JRE that Tomcat is running on has the
appropriate fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65571] ClientAbortException in Tomcat 9.0.50 and 9.0.52

2021-09-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65571

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO

--- Comment #1 from Mark Thomas  ---
There is not enough information provided in this report for the Tomcat
community to investigate.

As a minimum we need:
- the full stack trace
- a description of what triggered the issue
- the steps to reproduce this issue from a clean install of the latest 9.0.x
release (9.0.53 as I write this).

Without the above information this issue will eventually be resolved as
WONTFIX.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65517] upgrade to axis2-adb 1.8.0 to address CVE-2020-0822

2021-09-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517

--- Comment #4 from Mikko Suonio  ---
I would like Tomcat developers to state clearly that this is not a valid
vulnerability. This would make it easier for Tomcat users to dismiss the issue
detected by vulnerability analysis of their software.

Also, it would be excellent, if you could communicate these inaccuracies to
NIST NVD. This might help to correct the CVE description faster and reduce the
impact to Tomcat users. If this is not possible, users could point NIST staff
to the issue description on Tomcat site and forums, if available.

Thank you for the quick response. I do not understand why Tomcat was associated
with this CVE.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65517] upgrade to axis2-adb 1.8.0 to address CVE-2020-0822

2021-09-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517

--- Comment #3 from Jeehong Min  ---
I filed the original bug.  Afterwards, I realized that I made a mistake when I
was tracing dependencies with CVEs.  Tomcat does not have any dependencies on
axis2-adb.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65517] upgrade to axis2-adb 1.8.0 to address CVE-2020-0822

2021-09-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517

--- Comment #2 from Mark Thomas  ---
Let me turn that around. What is your basis for claiming that this is a valid
vulnerability in Apache Tomcat?

(Hint: The original description for this contained multiple inaccuracies so
don't take any of that information at face value)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65517] upgrade to axis2-adb 1.8.0 to address CVE-2020-0822

2021-09-15 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517

--- Comment #1 from Mikko Suonio  ---
Can you comment on why this is invalid? Since this is related to a CVE, the
impact needs to be analyzed in many organizations.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

--- Comment #5 from Sebb  ---
AFAICT there are only about 15 keys that have been used to sign releases since
version 5, so I don't understand the reluctance to use a single shared file.

I don't think it is safe to delete the existing files as they may be referenced
in links, but it would be possible to use a single canonical file going
forward.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

--- Comment #4 from Sebb  ---
There are also issues with:

v5.5.36
v6.0.0-alpha
v6.0.0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65571] New: ClientAbortException in Tomcat 9.0.50 and 9.0.52

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65571

Bug ID: 65571
   Summary: ClientAbortException in Tomcat 9.0.50 and 9.0.52
   Product: Tomcat 9
   Version: 9.0.50
  Hardware: PC
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: sutharvis...@gmail.com
  Target Milestone: -

Hi, I am getting below exception when I upgrade to 9.0.50 or 9.0.52.
I have looked at this bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65368
I wonder if the fix is also needed on the server side too. 
Also, If I revert back to 9.0.48 then I'm not seeing this exception.

Caused by: java.io.IOException: Unable to wrap data, invalid status [CLOSED]
at org.apache.tomcat.util.net.SecureNioChannel.write(SecureNioChannel.java:819)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.doWrite(NioEndpoint.java:1364)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.tomcat.util.net.SocketWrapperBase.doWrite(SocketWrapperBase.java:766)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.tomcat.util.net.SocketWrapperBase.flushBlocking(SocketWrapperBase.java:719)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.tomcat.util.net.SocketWrapperBase.flush(SocketWrapperBase.java:709)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.coyote.http11.Http11OutputBuffer$SocketOutputBuffer.flush(Http11OutputBuffer.java:573)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.coyote.http11.filters.IdentityOutputFilter.flush(IdentityOutputFilter.java:117)
~[tomcat-coyote.jar:9.0.50]
at
org.apache.coyote.http11.Http11OutputBuffer.flush(Http11OutputBuffer.java:221)
~[tomcat-coyote.jar:9.0.50]
at org.apache.coyote.http11.Http11Processor.flush(Http11Processor.java:1205)
~[tomcat-coyote.jar:9.0.50]
at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:402)
~[tomcat-coyote.jar:9.0.50]
at org.apache.coyote.Response.action(Response.java:209)
~[tomcat-coyote.jar:9.0.50]
at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:306)
~[catalina.jar:9.0.50]

Regards,
Vismay

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

--- Comment #4 from Sebb  ---
In which case, why do the per-release KEYS files contain more entries than the
per version KEYS files?

For example:

https://archive.apache.org/dist/tomcat/tomcat-9/KEYS is about 14K
whereas
https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.53/KEYS is 41K

It seems like the process is not being followed.

I have checked quite a few .asc files for the Tomcat 9 series, and it does look
like all the keys used for signing are in the parent KEYS file.

However that is not the case for Tomcat-8
I found issues with versions 8.0.39 onwards.

I've not checked any other Tomcat major versions.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

--- Comment #3 from Christopher Schultz  ---
(In reply to Sebb from comment #0)
> The KEYS file at that level is used for all 9.x releases, and must therefore
> contain the keys used for all the releases.
> 
> Once a key used for a release has been added to a KEYS file, it should never
> be removed. The process described above does not make that clear.

+1

> The process seems needlessly complicated.
> 
> Most other projects use a single KEYS file maintained at the project level:
> https://dist.apache.org/repos/dist/release/tomcat/KEYS

Take a look at the release history for Tomcat. There have been many release
managers. We have decided to use separate release-based KEYS files to keep the
files more manageable. For example, it's easier to see if a key is in the file
when there aren't dozens of keys in it, especially if the same RM has used more
than one key through the years.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

--- Comment #2 from vacancies  ---
Yes it is must that shared keys files must contain keys for all relevant
release while in Tomcat 9 as it is used here https://www.vacancies.ae

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

--- Comment #1 from Remy Maucherat  ---
The two keys that are in the KEYS for Tomcat 9.0 should be enough. Is there a
build that was not signed by one of the two keys that are in there ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65570] New: Shared KEYS files must contain keys for all relevant release

2021-09-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65570

Bug ID: 65570
   Summary: Shared KEYS files must contain keys for all relevant
release
   Product: Tomcat 9
   Version: unspecified
  Hardware: PC
OS: Mac OS X 10.1
Status: NEW
  Severity: normal
  Priority: P2
 Component: Documentation
  Assignee: dev@tomcat.apache.org
  Reporter: s...@apache.org
  Target Milestone: -

The Wiki Release process page [1] says:

"svn checkout --depth immediates
https://dist.apache.org/repos/dist/release/tomcat/tomcat-9/ 
and update the KEYS file there to be the same as the one used for release"

The KEYS file at that level is used for all 9.x releases, and must therefore
contain the keys used for all the releases.

Once a key used for a release has been added to a KEYS file, it should never be
removed. The process described above does not make that clear.

The process seems needlessly complicated.

Most other projects use a single KEYS file maintained at the project level:
https://dist.apache.org/repos/dist/release/tomcat/KEYS

When a new signing key is used for a release, add it to the file.
Job done.

N.B. this bug report also probably applies to the other Tomcat releases.

[1] https://cwiki.apache.org/confluence/display/TOMCAT/ReleaseProcess

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Native [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|64826|New|Maj|2020-10-19|libtcnative prompts for private key password in so|
|64862|New|Enh|2020-10-30|Improve LibreSSL support  |
|65344|New|Enh|2021-05-31|OpenSSL configuration |
+-+---+---+--+--+
| Total4 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Modules [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
|64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available|
|64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return|
|64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour|
|64570|New|Nor|2020-07-01|Transaction not rollbacked if autocommit is false |
|64809|New|Nor|2020-10-13|Connection properties not reset to defaults when C|
|65347|New|Nor|2021-06-02|The equals method from statements generated by the|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comman

Bug report for Tomcat 10 [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|64353|New|Enh|2020-04-15|Add support for accessing server certificate from |
|64549|New|Enh|2020-06-23|create a project module to launch Tomcat in OSGi  |
|64550|New|Enh|2020-06-23|create a project module to launch Tomcat in JPMS  |
|64943|New|Enh|2020-11-29|[Patch] Add support for Unix Domain Sockets to org|
|65124|New|Enh|2021-02-03|Inefficient generated JSP code|
|65267|New|Enh|2021-04-27|Implement mod_headers like filter |
|65391|New|Enh|2021-06-19|Additional user attributes queried by (some) realm|
+-+---+---+--+--+
| Total7 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 9 [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53602|Ver|Enh|2012-07-25|Support for HTTP status code 451  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|Inf|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|Inf|Enh|2018-08-09|Compress log files after rotation |
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
|63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti|
|64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot|
|64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin|
|64395|New|Enh|2020-04-30|Windows Installer should offer an option to select|
|65208|New|Enh|2021-03-29|Multi-threaded loading of servlets|
|65302|New|Enh|2021-05-12|Add support for setting com.sun.jndi.ldap.tls.cbty|
|65350|Inf|Nor|2021-06-03|The index ID of the request header that Jetty sent|
|65401|New|Enh|2021-06-28|do no silently fail on javax.net.ssl.SSLHandshakeE|
|65553|New|Min|2021-09-06|Orphaned thread by JNDIRealm / clearReferencesThre|
+-+---+---+--+--+
| Total   36 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat Connectors [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
|64775|Inf|Nor|2020-09-28|mod_jk is sending both Content-Length and Transfer|
|65488|New|Nor|2021-08-08|Destroy method is not being called during Failover|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Tomcat 8 [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r|
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|65408|Inf|Nor|2021-06-30|tomcat8.5.X occurs an AssertionError occationally |
|65455|Inf|Nor|2021-07-19|after about 10 days ago, tomcat8.5.63 can't respon|
+-+---+---+--+--+
| Total   40 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Bug report for Taglibs [2021/09/12]

2021-09-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
|64649|New|Nor|2020-08-06|XSLT transformation - document('') doesn't return |
|65491|New|Nor|2021-08-09|Behavior differences with c:import when flushing o|
+-+---+---+--+--+
| Total   12 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65565] Tomcat responds with HTTP status code 503 with response body upstream connect error or disconnect/reset before headers. reset reason: remote refused stream reset

2021-09-09 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65565

--- Comment #3 from Mark Thomas  ---
If you aren't using a reverse proxy, where is the 503 response coming from?

Again, the users mailing list is the place to seek help.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65565] Tomcat responds with HTTP status code 503 with response body upstream connect error or disconnect/reset before headers. reset reason: remote refused stream reset

2021-09-09 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65565

--- Comment #2 from Juhi Gupta  ---
We are not using reverse proxy and we have used all the default values for both
spring boot and tomcat.
Are  there any specific configuration you are looking for?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65565] Tomcat responds with HTTP status code 503 with response body upstream connect error or disconnect/reset before headers. reset reason: remote refused stream reset

2021-09-09 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65565

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #1 from Mark Thomas  ---
There is insufficient information provided in this report to demonstrate that
Tomcat is behaving incorrectly. The "remote refused stream reset" behaviour may
be correct depending on the configuration of the reverse proxy which is
completely missing from this report.

Even with the reverse proxy configuration, there is insufficient information
provided in this report to enable anyone to start an investigation.

Please take your enquiry to the Tomcat users mailing list. If, and only if, you
are able to provide a test case that demonstrates this issue then re-open this
issue and provide the test case along with the steps to reproduce.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65565] New: Tomcat responds with HTTP status code 503 with response body upstream connect error or disconnect/reset before headers. reset reason: remote refused stream reset

2021-09-09 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65565

Bug ID: 65565
   Summary: Tomcat responds with HTTP status code 503 with
response body upstream connect error or
disconnect/reset before headers. reset reason: remote
refused stream reset
   Product: Tomcat 9
   Version: 9.0.52
  Hardware: All
OS: All
Status: NEW
  Severity: blocker
  Priority: P2
 Component: WebSocket
  Assignee: dev@tomcat.apache.org
  Reporter: juhigupta...@gmail.com
  Target Milestone: -

Hello, I have following configuration setup in my production environment:

Java Application with following configuration:
1. Sprint boot server version 2.5.4
2. Tomcat version 9.0.52
3. Inside our Application we have enabled HTTP 2 version by using following
bean code
```
@Bean
public TomcatConnectorCustomizer customizer() {
  return (connector) -> connector.addUpgradeProtocol(new Http2Protocol());
  }
```

4. All the other Spring boot and Tomcat configuration/properties are default
5. Running this Application as docker container (using base image of alpine) on
cloud in which we have installed tomcat-native which has following libs
https://pkgs.alpinelinux.org/contents?branch=edge=tomcat-native=x86=community

Issue faced: When the client call this java application, it receives HTTP
status code 503 with response body as "upstream connect error or
disconnect/reset before headers. reset reason: remote refused stream reset"
They happen almost 2-3 times in an hour with normal load

We didnt get these errors while using HTTP 1 but have started to notice this
issue when we upgraded Tomcat to use HTTP 2


We also enabled internal logs for tomcat to be printed by using these
application property
logging.level.org.apache.tomcat=ERROR
logging.level.org.apache.catalina=ERROR
but no additional information was printed out when we get this error.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65563] DefaultServlet's doPut returns HTTP code 400 when using Content-Range

2021-09-09 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65563

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---
Thanks for the report, PR and analysis. Good quality bug reports like this are
always appreciated.

Fixed in:
- 10.1.x for 10.1.0-M6 onwards
- 10.0.x for 10.0.12 onwards
- 9.0.x for 9.0.54 onwards
- 8.5.x for 8.5.71 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65563] DefaultServlet's doPut returns HTTP code 400 when using Content-Range

2021-09-09 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65563

--- Comment #2 from Mark Thomas  ---
No need for multiple PRs. If the PR is accepted, it will be merged to whichever
branch and then cherry-picked to the other branches.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65563] DefaultServlet's doPut returns HTTP code 400 when using Content-Range

2021-09-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65563

--- Comment #1 from Thierry Guérin  ---
Pull request for the main branch: https://github.com/apache/tomcat/pull/449
This fixes the problem on my tests (tested on the 9.0.x branch, which is the
one I use in my project). 
Should I create a pull request for each branch ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65563] New: DefaultServlet's doPut returns HTTP code 400 when using Content-Range

2021-09-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65563

Bug ID: 65563
   Summary: DefaultServlet's doPut returns HTTP code 400 when
using Content-Range
   Product: Tomcat 9
   Version: 9.0.x
  Hardware: PC
OS: Linux
Status: NEW
  Severity: regression
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: t_gue...@hotmail.com
  Target Milestone: -

Context:
we have some integration tests for our WebDAV client that use Tomcat-Embedded
as the WebDAV server (using org.apache.catalina.servlets.WebdavServlet). I'm in
the process of migrating tomcat-embedded from 7.0.x to 9.0.x, and one of the
tests is about resume support, i.e. uploads the same file multiple times, with
each time the file growing in size. For this the client uses the Content-Range
header.
This test fails with all supported versions of Tomcat (8.5.x, 9.0.x and 10.0.x)
because of a regression introduced during a refactoring (commit
d1f58003a97af79df452cdbe5e94052acc4b7188 on the 9.0.x branch on GitHub).

The Content-Range parser fails to parse headers of the form
Content-Range: bytes 42-1233/1234
and so the
org.apache.catalina.servlets.DefaultServlet.parseContentRange(HttpServletRequest,
HttpServletResponse) method send a code 400 as response.
Looking at the ContentRange.java code, it expects the following form:
bytes=42-1233/1234  (note the "=")
At first I thought that this might be a change in the Content-Range
specification or some ambiguity in the specification (as our client code has
successfully submitted such requests for a long time to Apache Web server's
WebDAV module).

However, the two RFCs where I found references to the Content-Range header both
state  that the correct form doesn't have an equal sign : 
https://datatracker.ietf.org/doc/html/rfc7233#page-12
https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 65548] Webapp context not loaded after calling addServiced, check and removeServiced calls

2021-09-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65548

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEEDINFO|RESOLVED

--- Comment #3 from Mark Thomas  ---
Yes. It is mentioned in the change log for 10.0.3, 9.0.44 and 8.5.64 but not
very clearly. I'll update the change log.

See BZ 65136 for details but the short version was the the "serviced" flag had
multiple issues (not atomic, was a List rather than a Set).

Patches: http://tomcat.markmail.org/thread/jnhjgmmddibw6qhl

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



  1   2   3   4   5   6   7   8   9   10   >