https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #30 from Robert Gacki ---
Docker Swarm is not the only environment that may experience a regression. I
have a client that has an "acme-xy" TLD for the internal network. We upgraded
our Spring Boot applications to 2.0.2, which ships
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Mark Thomas changed:
What|Removed |Added
CC||andresgsei...@gmail.com
--- Comment #29
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #28 from Tim Levett ---
I'd like to provide some clarification for the docker swarm users that are
experiencing this issue. We are using docker stacks in docker swarm that are
deploying spring-boot applications with embedded tomcat.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #27 from Mark Thomas ---
Simply wait (until early next month) for next release round and upgrade then.
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #26 from ZhiFeng Hu ---
Though it was a specification. why not gave us an setting or configuration to
disable the check ?
Gave us a switch please. or we can not upgrade our projects to latest tomcat.
or we should have to switch to
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #25 from Mark Thomas ---
The Host validation is not optional. It is a specification requirement.
The changes discussed in comment #14 and comment #15 (using the same rules for
the final segment as the other segments) have been made
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #24 from ZhiFeng Hu ---
How to remove the validation for host name?
I want to use any string as the host name .
Would you please let us choice ?
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Mark Thomas changed:
What|Removed |Added
CC||hufeng1...@gmail.com
--- Comment #23 fro
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #22 from Mark Thomas ---
*** Bug 62383 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #21 from Mark Thomas ---
*** Bug 62383 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Mark Thomas changed:
What|Removed |Added
CC||social...@outlook.com
--- Comment #20 fr
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #19 from Alex ---
> If you'd like to debate Tomcat's development methodologies, release cycles,
> or test-coverage, you are welcome to join the dev mailing list.
I don't know if this reply should go there but:
(In reply to Christ
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Christopher Schultz changed:
What|Removed |Added
Attachment #35931|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #18 from Christopher Schultz ---
(In reply to Alex from comment #16)
> > This issue highlights that Tomcat can always use more real-world testing
> > and I would encourage folks to download the release candidates as the votes
> >
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #16 from Alex ---
> This issue highlights that Tomcat can always use more real-world testing and
> I would encourage folks to download the release candidates as the votes are
> announced and test them in their environments. The mo
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #15 from Mark Thomas ---
Ah. Found the reference for the final segment being alphabetic:
>From RFC 1123
However, a valid host name can never have the dotted-decimal form #.#.#.#,
since at least the highest-level component label wi
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #14 from Mark Thomas ---
Generally, the tightening up of validation like this stems from a security
vulnerability report where mal-formed input results in unintended consequences.
Usually information disclosure of some form. In this
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #13 from Alex ---
> While Tomcat doesn't have a formal policy, the general expectation is that
> clients confirm to the relevant RFCs. Therefore, Tomcat does, from time to
> time, tighten up the validation of input data when gaps
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #12 from Robert Rettig ---
(In reply to Mark Thomas from comment #11)
> 'data-service.tenant1-apps.svc' is a valid domain name so that should be OK.
>
> I don't know enough about docker to know if using 'tasks.service-name' in
> th
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #11 from Mark Thomas ---
'data-service.tenant1-apps.svc' is a valid domain name so that should be OK.
I don't know enough about docker to know if using 'tasks.service-name' in that
way is a valid usage or not.
--
You are receivin
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #10 from Robert Rettig ---
(In reply to Mark Thomas from comment #8)
> My limited understanding after reading the Docket documentation is that
> tasks. is used (via DNS) to get a list of all of the tasks
> backing the service.
>
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #9 from Robert Rettig ---
(In reply to Mark Thomas from comment #8)
> My limited understanding after reading the Docket documentation is that
> tasks. is used (via DNS) to get a list of all of the tasks
> backing the service.
>
> W
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #8 from Mark Thomas ---
My limited understanding after reading the Docket documentation is that
tasks. is used (via DNS) to get a list of all of the tasks
backing the service.
Why would there be a HTTP request to "tasks." rather th
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #7 from Mark Thomas ---
(In reply to Mark Thomas from comment #6)
> (In reply to Robert Rettig from comment #4)
> > Created attachment 35931 [details]
> > Fixes hyphen validation
>
> This patch is not consistent with the RFCs for h
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #6 from Mark Thomas ---
(In reply to Robert Rettig from comment #4)
> Created attachment 35931 [details]
> Fixes hyphen validation
This patch is not consistent with the RFCs for host / domain names. I'm
currently -1 on applying it
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #5 from Robert Rettig ---
This effects version 8.5.31 too, which has much bigger impact to other
projects!
see:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/tags/TOMCAT_8_5_31/java/org/apache/tomcat/util/http/parser/HttpParser.java?
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Robert Rettig changed:
What|Removed |Added
CC||robert@rettig.bayern
--- Comment #4 fr
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #3 from Mark Thomas ---
The data on the wire will be after the punnycode encoding so the validation
performed by this parser should be correct (Tomcat allows '-' in every element
apart from the gTLD).
To get to the original report,
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #2 from Christopher Schultz ---
Hyphens (-) are allowed to be allowed in hostnames, but not in TLDs[1]
I wonder if this is too restrictive for Tomcat, and whether or not it would
apply (unfairly) to punycode hostnames. My sense is
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #1 from Luko ---
I have the same issue.
In my opinion the issue is in Tomcat host validation.
My application DNS alias looks like this : myapp-t.my-dommain
where -t is env (test)
my-domain is the domain name (yes, with minus sign (-
31 matches
Mail list logo
