[tomcat-native] branch main updated: Fix typo

This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new c4c3b1372 Fix typo c4c3b1372 is described

[Bug 64862] Improve LibreSSL support

https://bz.apache.org/bugzilla/show_bug.cgi?id=64862 --- Comment #1 from Michael Osipov --- As of libressl-portable: b52dc3d9b292f4f644d7506a2d62df11f2a6e269 tomcat-native: 1.2.32 tomcat-native does not compile anymore: > $ make > /bin/sh /usr/local/share/apr/build-1/libtool --silent

[Bug 66005] Apache crashes, if there is a tomcat server, which can not be resolved

https://bz.apache.org/bugzilla/show_bug.cgi?id=66005 --- Comment #1 from Lothar --- I did some further investigation. with strace SEGSEGV was raised 0.44 after start up: 0.44 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_USER, si_pid=52811, si_uid=0} --- 0.116226 +++ killed by SIGSEGV (core

[Bug 66009] M-TLS Fails, no user is found because "OID.2.5.4.5" is used as field name instead of "SERIALNUMBER", in Subject

https://bz.apache.org/bugzilla/show_bug.cgi?id=66009 Remy Maucherat changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #4 from Remy

[Bug 66005] Apache crashes, if there is a tomcat server, which can not be resolved

https://bz.apache.org/bugzilla/show_bug.cgi?id=66005 --- Comment #2 from Christopher Schultz --- You have no provided enough information to investigate this crash. Does the log file end after what you have posted? Please post the full backtrace of the crash, or, if you are comfortable doing

[Bug 66005] Apache crashes, if there is a tomcat server, which can not be resolved

https://bz.apache.org/bugzilla/show_bug.cgi?id=66005 Christopher Schultz changed: What|Removed |Added Status|NEW |NEEDINFO -- You are receiving

Re: Native Compilation, Continuation 2022

Filip, On 4/11/22 18:32, Filip Hanik wrote: Hi folks, I'm jumping in on the bandwagon again. Specifically to talk some more about native compilation. The graal compiler is making headway, and it's becoming better and better at native compilation [1]. I'll put some historical context at the

[Bug 66008] Jasper Documentation is misleading (if not wrong) about the trimSpaces option

https://bz.apache.org/bugzilla/show_bug.cgi?id=66008 --- Comment #1 from Christopher Schultz --- This seems like a matter of opinion over the definition of "useless". The whole point of the option *is* to affect the output. The documentation could be improved for "Production Configuration" to

[Bug 66009] M-TLS Fails, no user is found because "OID.2.5.4.5" is used as field name instead of "SERIALNUMBER", in Subject

https://bz.apache.org/bugzilla/show_bug.cgi?id=66009 --- Comment #5 from Maikel --- Thanks for the information, I did not know I could use X509UsernameRetrieverClassName to change the behavior. We where using the certificate functionality out of the box with only some changes in the config

[Bug 66009] M-TLS Fails, no user is found because "OID.2.5.4.5" is used as field name instead of "SERIALNUMBER", in Subject

https://bz.apache.org/bugzilla/show_bug.cgi?id=66009 --- Comment #6 from Christopher Schultz --- (In reply to Remy Maucherat from comment #1) > https://github.com/apache/tomcat/commit/ > b21268dcebc3d470430227978caa4f168a3346d4 My guess is that the above patch will fix this issue. Can you

Re: Native Compilation, Continuation 2022

On Wed, Apr 13, 2022 at 9:45 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > Filip, > > On 4/11/22 18:32, Filip Hanik wrote: > > Hi folks, > > > > I'm jumping in on the bandwagon again. Specifically to talk some more > about > > native compilation. The graal compiler is making

[Bug 66009] M-TLS Fails, no user is found because "OID.2.5.4.5" is used as field name instead of "SERIALNUMBER", in Subject

https://bz.apache.org/bugzilla/show_bug.cgi?id=66009 --- Comment #7 from Christopher Schultz --- Actually, this ought to do the trick: import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import

[Bug 66013] New: missing class javax.servlet.jsp.tagext.TagExtraInfo used by org.apache.jasper.compiler.TagLibraryInfoImpl

https://bz.apache.org/bugzilla/show_bug.cgi?id=66013 Bug ID: 66013 Summary: missing class javax.servlet.jsp.tagext.TagExtraInfo used by org.apache.jasper.compiler.TagLibraryInfoImpl Product: Tomcat 10 Version: 10.0.20

[GitHub] [tomcat] markt-asf commented on pull request #504: disable jsp and jspx by default

markt-asf commented on PR #504: URL: https://github.com/apache/tomcat/pull/504#issuecomment-1098727906 This is a bad idea for so many different reasons. To name a few: - "Spring4Shell" allows arbitrary file uploads. All an attacker has to do to bypass this change is to upload a

[GitHub] [tomcat] markt-asf closed pull request #504: disable jsp and jspx by default

markt-asf closed pull request #504: disable jsp and jspx by default URL: https://github.com/apache/tomcat/pull/504 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To

[GitHub] [tomcat] k4n5ha0 opened a new pull request, #504: disable jsp and jspx by default

k4n5ha0 opened a new pull request, #504: URL: https://github.com/apache/tomcat/pull/504 jsp and jspx is dangerous. likes spring4shell and others hacker,they use uplaod jsp or write a webshell to disk. If project need jsp or jspx, they pack web.xml in war with jsp mappings by themself.