https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
--- Comment #4 from Nick Williams nicho...@nicholaswilliams.net ---
Excellent! Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
-
To
https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
--- Comment #2 from Mark Thomas ma...@apache.org ---
Using Tomcat via web start is so far away from normal usage I view this as an
enhancement.
The patch may be trivial but I think some time needs to be spent thinking about
the security
https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
--- Comment #1 from Nick Williams nicho...@nicholaswilliams.net ---
I disagree with categorizing this as an enhancement. I believe this is a major
bug. The facts are very simple: In an environment in which Tomcat otherwise
runs without
2013/3/29 Nick Williams nicho...@nicholaswilliams.net:
(..) Note that Log4j2 is going to have a log4j-taglib artifact that
(naturally) will have a TLD in its META-INF. Since Tomcat by default excludes
log4j*.jar, that has to be removed from catalina.properties in order to make
it work. It
On Mar 29, 2013, at 12:57 PM, Konstantin Kolinko wrote:
2013/3/29 Nick Williams nicho...@nicholaswilliams.net:
(..) Note that Log4j2 is going to have a log4j-taglib artifact that
(naturally) will have a TLD in its META-INF. Since Tomcat by default
excludes log4j*.jar, that has to be
https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Severity|major |enhancement
--
You
On Feb 26, 2013, at 11:21 AM, Christopher Schultz wrote:
Mark,
On 2/21/13 8:34 AM, Mark Thomas wrote:
JRE JARs.
I think scanning of these should be made optional and disabled by
default. This will reduce the list of JARs we have to maintain in
jarsToSkip. I intend to implement this
https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
Bug ID: 54745
Summary: Tomcat JarScanning does not work when Tomcat started
with Java Web Start
Product: Tomcat 8
Version: trunk
Hardware: All
OS
https://issues.apache.org/bugzilla/show_bug.cgi?id=54745
Nick Williams nicho...@nicholaswilliams.net changed:
What|Removed |Added
Attachment #30097|0 |1
Mark,
On 2/21/13 8:34 AM, Mark Thomas wrote:
JRE JARs.
I think scanning of these should be made optional and disabled by
default. This will reduce the list of JARs we have to maintain in
jarsToSkip. I intend to implement this unless there are any objections.
+1
Will you be checking the
2013/2/21 Mark Thomas ma...@apache.org:
An issue at work prompted me to take another look at this thread:
http://markmail.org/thread/qanw2psjsx32feek
There are some useful things there that I think it is worth following up on.
(..)
jarsToScan
This is a little more complicated.
First of
An issue at work prompted me to take another look at this thread:
http://markmail.org/thread/qanw2psjsx32feek
There are some useful things there that I think it is worth following up on.
JRE JARs.
I think scanning of these should be made optional and disabled by
default. This will reduce the
From: Mark Thomas [mailto:ma...@apache.org]
Subject: JarScanning
jarsToScan
This is a little more complicated.
First of all, how does it work? The suggestion is:
- If jarsToScan matches, scan it
- else if jarsToSkip matches, skip it
- else scan it
From the above, it looks like the only
: JarScanning
jarsToScan
This is a little more complicated.
First of all, how does it work? The suggestion is:
- If jarsToScan matches, scan it
- else if jarsToSkip matches, skip it
- else scan it
From the above, it looks like the only purpose of jarsToScan is to avoid
checking
On 21/02/2013 16:39, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: JarScanning
jarsToScan This is a little more complicated. First of all, how
does it work? The suggestion is: - If jarsToScan matches, scan it -
else if jarsToSkip matches, skip it - else
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: JarScanning
From the above, it looks like the only purpose of jarsToScan is to
avoid checking the jarsToSkip list. Unless such checking is
expensive, this seems like an unnecessary complication.
It lets you do things like
On 21.02.2013 17:34, Mark Thomas wrote:
An issue at work prompted me to take another look at this thread:
http://markmail.org/thread/qanw2psjsx32feek
There are some useful things there that I think it is worth following up on.
JRE JARs.
I think scanning of these should be made optional
apply globally should be in a separate file, not in
/META-INF/context.xml.
Like I said, just my $0.02.
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52924
2013/2/21 Caldarale, Charles R chuck.caldar...@unisys.com
From: Mark Thomas [mailto:ma...@apache.org]
Subject: JarScanning
19 matches
Mail list logo