[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-06-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #30 from Robert Gacki --- Docker Swarm is not the only environment that may experience a regression. I have a client that has an "acme-xy" TLD for the internal network. We upgraded our Spring Boot applications to 2.0.2, which ships

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-06-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Mark Thomas changed: What|Removed |Added CC||andresgsei...@gmail.com --- Comment #29

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #28 from Tim Levett --- I'd like to provide some clarification for the docker swarm users that are experiencing this issue. We are using docker stacks in docker swarm that are deploying spring-boot applications with embedded

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-23 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #27 from Mark Thomas --- Simply wait (until early next month) for next release round and upgrade then. -- You are receiving this mail because: You are the assignee for the bug.

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-23 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #26 from ZhiFeng Hu --- Though it was a specification. why not gave us an setting or configuration to disable the check ? Gave us a switch please. or we can not upgrade our projects to latest tomcat. or we

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-23 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #25 from Mark Thomas --- The Host validation is not optional. It is a specification requirement. The changes discussed in comment #14 and comment #15 (using the same rules for the final segment as the other

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-23 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #24 from ZhiFeng Hu --- How to remove the validation for host name? I want to use any string as the host name . Would you please let us choice ? -- You are receiving this mail because: You are the assignee

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-23 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Mark Thomas changed: What|Removed |Added CC||hufeng1...@gmail.com

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-18 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #22 from Mark Thomas --- *** Bug 62383 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug.

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-18 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #21 from Mark Thomas --- *** Bug 62383 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug.

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-18 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Mark Thomas changed: What|Removed |Added CC||social...@outlook.com

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-17 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #19 from Alex --- > If you'd like to debate Tomcat's development methodologies, release cycles, > or test-coverage, you are welcome to join the dev mailing list. I don't know if this reply should go there

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Christopher Schultz changed: What|Removed |Added Attachment #35931|0 |1

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #18 from Christopher Schultz --- (In reply to Alex from comment #16) > > This issue highlights that Tomcat can always use more real-world testing > > and I would encourage folks to download the

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #16 from Alex --- > This issue highlights that Tomcat can always use more real-world testing and > I would encourage folks to download the release candidates as the votes are > announced and test them in

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #15 from Mark Thomas --- Ah. Found the reference for the final segment being alphabetic: >From RFC 1123 However, a valid host name can never have the dotted-decimal form #.#.#.#, since at least the highest-level

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #14 from Mark Thomas --- Generally, the tightening up of validation like this stems from a security vulnerability report where mal-formed input results in unintended consequences. Usually information disclosure of

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #13 from Alex --- > While Tomcat doesn't have a formal policy, the general expectation is that > clients confirm to the relevant RFCs. Therefore, Tomcat does, from time to > time, tighten up the

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #12 from Robert Rettig --- (In reply to Mark Thomas from comment #11) > 'data-service.tenant1-apps.svc' is a valid domain name so that should be OK. > > I don't know enough about docker to know if using

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #11 from Mark Thomas --- 'data-service.tenant1-apps.svc' is a valid domain name so that should be OK. I don't know enough about docker to know if using 'tasks.service-name' in that way is a valid usage or not.

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #10 from Robert Rettig --- (In reply to Mark Thomas from comment #8) > My limited understanding after reading the Docket documentation is that > tasks. is used (via DNS) to get a list of all of the tasks >

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #9 from Robert Rettig --- (In reply to Mark Thomas from comment #8) > My limited understanding after reading the Docket documentation is that > tasks. is used (via DNS) to get a list of all of the tasks >

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #8 from Mark Thomas --- My limited understanding after reading the Docket documentation is that tasks. is used (via DNS) to get a list of all of the tasks backing the service. Why would there be a HTTP request to

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #7 from Mark Thomas --- (In reply to Mark Thomas from comment #6) > (In reply to Robert Rettig from comment #4) > > Created attachment 35931 [details] > > Fixes hyphen validation > > This patch is not consistent

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #6 from Mark Thomas --- (In reply to Robert Rettig from comment #4) > Created attachment 35931 [details] > Fixes hyphen validation This patch is not consistent with the RFCs for host / domain names. I'm currently

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #5 from Robert Rettig --- This effects version 8.5.31 too, which has much bigger impact to other projects! see:

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Robert Rettig changed: What|Removed |Added CC|

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #3 from Mark Thomas --- The data on the wire will be after the punnycode encoding so the validation performed by this parser should be correct (Tomcat allows '-' in every element apart from the gTLD). To get to

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #2 from Christopher Schultz --- Hyphens (-) are allowed to be allowed in hostnames, but not in TLDs[1] I wonder if this is too restrictive for Tomcat, and whether or not it would apply (unfairly) to

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #1 from Luko --- I have the same issue. In my opinion the issue is in Tomcat host validation. My application DNS alias looks like this : myapp-t.my-dommain where -t is env (test) my-domain is the domain name (yes,