On Wed, Apr 28, 2021 at 9:07 AM Mark Thomas wrote:
> I'm wondering if there is merit in a Valve-like mechanism for Coyote.
> Name TBD but would look something like:
> - callbacks
>- after request headers are parsed / before the request is prepared
>- after the request is prepared
>-
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #3 from Mark Thomas ---
Section 3.1.7 of the WebSocket specification requires endpoint instances are
created via ServerEndpointConfig.Configurator.getEndpointInstance(). Users are
free to supply their own Configurator
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #4 from romain.manni-bucau ---
@Mark: this issue is about the default configurator, fully agree when a custom
configurator is used tomcat will not care.
I also agree encoders/decoders IoC support is not in the specification but not
ChristopherSchultz commented on a change in pull request #417:
URL: https://github.com/apache/tomcat/pull/417#discussion_r622458605
##
File path: webapps/docs/changelog.xml
##
@@ -143,6 +143,12 @@
request line, ensure that all the available data is included in the
On 27/04/2021 22:14, Rémy Maucherat wrote:
I remember after doing the rewrite valve I got asked a bit about
mod_headers because "why not". However, now I recall I found out it would
be far less practical. So I very quickly moved on since it was also less
useful than rewrite. I would still
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2f9a206 Refactor system property source to be more
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #2 from Miguel ---
(In reply to Michael Osipov from comment #1)
> How old are those systems?
I haven't the data. But I see that HTTP request are 1.0 version... then is very
old...
We have some legacy systems. One of these is a SMS
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Michael Osipov changed:
What|Removed |Added
OS||All
--- Comment #1 from Michael
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 06eb5b1 Refactor system property source to be more
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #5 from Remy Maucherat ---
(In reply to romain.manni-bucau from comment #4)
> @Mark: this issue is about the default configurator, fully agree when a
> custom configurator is used tomcat will not care.
I agree if using the default
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Bug ID: 65272
Summary: Problems proccessing HTTP request without CR in last
versions
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new c07530f Refactor system property source to be
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #6 from Mark Thomas ---
@Rémy
I think I can see a way to do that. We'll need to check which Configurator was
used in the WsSession constructor to make sure we don't call the
InstanceManager twice. It does mean that the timing of
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #7 from romain.manni-bucau ---
@Mark functionally I can leave with current validation but theorically the
validation is only known of the IoC but it is not super aligned on the spec.
To illustrate it take a CDI or Spring encoder,
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
--- Comment #3 from Angelica Salazar ---
(In reply to Mark Thomas from comment #2)
> First the good news. I can recreate this. I downloaded trail versions of
> Jira and R4J, created a single issue, requested an export and saw the
> exception
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #3 from Mark Thomas ---
This stricter parsing was introduced as part of the fix for CVE-2020-1935.
Because the fix was in response to a security issue, that makes it a lot less
likely the current behaviour will be changed.
I'll
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Mark Thomas changed:
What|Removed |Added
Summary|NoClassDefFoundError in |NoClassDefFoundError in
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #4 from Miguel ---
(In reply to Mark Thomas from comment #3)
> This stricter parsing was introduced as part of the fix for CVE-2020-1935.
>
> Because the fix was in response to a security issue, that makes it a lot
> less likely
The Buildbot has detected a restored build on builder tomcat-9-trunk while
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-9-trunk/builds/743
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: asf946_ubuntu
Build Reason: The
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Bug ID: 65273
Summary: NoClassDefFoundError in Apache POI dependency after
upgrading to Tomcat 8.57 in Jira
Product: Tomcat 8
Version: 8.5.57
Hardware: PC
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Angelica Salazar changed:
What|Removed |Added
OS||All
--- Comment #1 from Angelica
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a2e465cfd980b8350656205f1c6515388f5a1612
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:22:24 2021 +0100
Fix off by
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 2f9a206 Refactor system property source to be more flexible
new 559a050 Reject invalid HTTP protocols with 400
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #5 from Mark Thomas ---
I've started to look at this. So far I have spotted a couple of minor issues
with the current parsing that I need to fix. Commits for those will follow
shortly.
I haven't yet found any reason not to allow
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e5468e2a8d3a90b3fb831bd83b156b32736f
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:21:13 2021 +0100
Reject
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2ce4ea2f8e9111269e990fff640b48847b9e6d87
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:22:24 2021 +0100
Fix off by
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from c07530f Refactor system property source to be more flexible
new e5468e2 Reject invalid HTTP protocols with 400
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 06eb5b1 Refactor system property source to be more flexible
add 8be9764 Reject invalid HTTP protocols with 400
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 559a05015601f44de09052cc3ca99f1aa1b4df15
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:21:13 2021 +0100
Reject
markt-asf opened a new pull request #417:
URL: https://github.com/apache/tomcat/pull/417
Potential fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Needs careful review, hence using a PR.
If you spot any potential ways an invalid HTTP request line or header could
be:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #6 from Mark Thomas ---
It currently looks like this is fixable. PR at
https://github.com/apache/tomcat/pull/417
Need to allow time for the Tomcat community to review the PR.
--
You are receiving this mail because:
You are the
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
--- Comment #2 from Mark Thomas ---
First the good news. I can recreate this. I downloaded trail versions of Jira
and R4J, created a single issue, requested an export and saw the exception and
at the bottom of the stack trace:
"Caused by:
32 matches
Mail list logo