RE: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[Vincent Massol]

 -Original Message-
 From: Bill Barker [mailto:[EMAIL PROTECTED]]
 Sent: 05 February 2002 06:44
 To: Tomcat Developers List
 Subject: Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt
 
 Issue  Description
 1  Must be able to compile and run under JDK 1.1.8
+   FIXED
 2  Address Cactus failures running with Tomcat 3.3
+   Tried but not 100% successful yet.
 From what little I've seen, I've never really understood this one.
The

so we're 2 ;-). What I don't understand is why Cactus tests run fine on
all servlet containers (including Tomcat 3.2.x and Tomcat 4.x) except
for Tomcat 3.3.x !

 Request runs under a single thread, so yielding shouldn't do anything
at
 all
 (unless the Cactus servlet starts a thread, in which case it is a
Cactus
 problem).  

Cactus is not starting any thread.

 I can see where increasing SoLinger might help, but 0.1 Sec
 should be plenty with an up-to-date machine.  Does the problem appear
when
 you don't use the HTTP connector?

How could I test this as I need to HTTP connector to call the Cactus
servlet ?

Thanks Bill,
-Vincent

 
 
 --
 To unsubscribe, e-mail:   mailto:tomcat-dev-
 [EMAIL PROTECTED]
 For additional commands, e-mail: mailto:tomcat-dev-
 [EMAIL PROTECTED]
 




--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[GOMEZ Henri]

   +5958  Wrong mod_jk.conf for path pattern
Easy enough to fix.  The only question is if we want to change only
${Server}Config, or do we want to change the mod_jk behavior 
so that the two
statements:
JkMount /myApp/foobar/* ajp13
  and
JkMount /myApp/foobar* ajp13
are the same (i.e. more like servlet-mapping)?

Update only Server config since many production sites
use the current JkMount /myApp/foobar/* ajp13 way to 
map their WEBAPP. 

Just to avoid us to upgrade related bugs reports ;)

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[costinm]

On Mon, 4 Feb 2002, Jonathan Reichhold wrote:

 /el-niño.jsp should be sent (per the w3c recommendation) as
 /el-nin%c3%b1o.jsp which is a UTF-8 encoded bytes sequences for any
 characters which aren't in the ~60 characters allowed from ASCII.  The
 encoding used for the byte conversion is not specified in the official
 URI spec (RFC 2396), but the w3c in December recommended UTF-8 should be
 used by all.  IE and Mozilla already appear to encode requests this way.
 The server is technically supposed to attempt to read the bytes as UTF-8
 and decode with the platform default as a fallback.

If UTF8 is sent - we're all happy, and %c3%b1 will be used in the
encoded url ( regardless if the requests came url encoded or with
binary UTF8 in it ). That assuming the char encoding is UTF8 for
the body as well ( which should be in any browser that supports
sending the URL as UTF8).

Having the body and the URL in different encoding is very problematic.
Regardless of W3C recommendations, the servlet spec requires 8859_1
if no encoding is detected ( which is a huge problem ).

The current code can deal with the UTF8 corectly, but it can also
deal with old browsers who will send the URL using the same encoding
as the body ( if you are on a 8859_2 browser, it's likely that will
be used for both, I doubt any browser will send UTF8 ).


 For the record, /el-niño.jsp is /el-nin%f1.jsp if the bytes are encoded
 via iso-latin-1.  Any character 0x7f isn't safe will be encoded as 2-4
 bytes under UTF-8.  Certain byte sequences are also reserved.  I've
 spent a long time with this trying to create truly internationalized
 code.

Great to have you on tomcat-dev !



 If you look at the Java 1.4 Release Candidate you will see that they now
 recognize in URLEncode and URLDecode that this is the correct behaviour.
 URLEncode and URLDecode have deprecated methods that don't pass in the
 encoding.  I think they should default to UTF-8, but the default is the
 platform default.

On java's URLEncode - yes, the default should be utf8 ( but it is the
platform default ). On servlets - no, the spec is clear about that,
the default is 8859_1, and there's little we can do about it ( except
complain, which we did in the last year and so ).

I spent a lot of time making sure all URLEncode/URLDecode are done
with the right charset, i.e. whatever is detected from the request
or session ( since most browsers today are just broken )
You can override the default to UTF8 - but that brakes the servlet
spec and we can't ship with this setting on. And I'm sure
there are many bugs and cases the code can't handle.


 The w3c has a good section on this at
 http://www.w3.org/International/O-URL-and-ident.html

Yes, but what's important for now is the reality that most software
is not designed with internationalization in mind ( and browsers
are the the best example ) :-)

Not sending the charset header when a non-standard encoding is used
is absolutely stupid and against http1.1 spec - but it's what we
have.

Costin


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[Bill Barker]

Issue  Description
1  Must be able to compile and run under JDK 1.1.8
   +   FIXED
2  Address Cactus failures running with Tomcat 3.3
   +   Tried but not 100% successful yet.
From what little I've seen, I've never really understood this one.  The
Request runs under a single thread, so yielding shouldn't do anything at all
(unless the Cactus servlet starts a thread, in which case it is a Cactus
problem).  I can see where increasing SoLinger might help, but 0.1 Sec
should be plenty with an up-to-date machine.  Does the problem appear when
you don't use the HTTP connector?


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[costinm]

On Sat, 2 Feb 2002, Bill Barker wrote:

+4416  URI En/Decoding not working
+  (investigate and fix if feasible)
 My vote is for LATER, since as I understand the bug it is too late to test
 this well, and  the fix (if not done right) has the potential to create
 security problems.  The fix is to basically flip UEncoder on it's head, and
 work with un-safe chars instead of safe chars (as well as to add the
 logic to use the encoding).  If Costin (since it's his baby) thinks he's up
 to it, by all means go for it.  I just don't want to delay the release for
 the amount of time it would take me to make and be comfortable with the fix
 (esp. since there is a work-around already).

I'm not sure I understand - the bug seems to be about
DecodeInterceptor using 8859_1 for decoding, even if a different
decoding was found.

I don't think it is touching UEncoder and the url encoding/decoding.
The url decoding has nothing to do with the charset - we decode
%xx as bytes, the url encoding happens after char-byte and decoding
happen before byte-char conversions ( i.e. uencoding operates on
bytes ).

It is possible we have a bug - and a test case would help finding it. The
code is quite tricky ( I spent huge amounts of time with charset/encoding
issues ), and I agree LATER is good given the risks. But if I have
the test case, I can take a look, it may be a simple fix.

The way it is supposed to work - first the bytes are url decoded,
then we detect the charset, then convert bytes to chars.

Am I missing something here ?

Costin


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[Bill Barker]

- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Sunday, February 03, 2002 10:36 PM
Subject: Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt


 On Sat, 2 Feb 2002, Bill Barker wrote:

 +4416  URI En/Decoding not working
 +  (investigate and fix if feasible)
  My vote is for LATER, since as I understand the bug it is too late to
test
  this well, and  the fix (if not done right) has the potential to create
  security problems.  The fix is to basically flip UEncoder on it's head,
and
  work with un-safe chars instead of safe chars (as well as to add the
  logic to use the encoding).  If Costin (since it's his baby) thinks he's
up
  to it, by all means go for it.  I just don't want to delay the release
for
  the amount of time it would take me to make and be comfortable with the
fix
  (esp. since there is a work-around already).

 I'm not sure I understand - the bug seems to be about
 DecodeInterceptor using 8859_1 for decoding, even if a different
 decoding was found.

 I don't think it is touching UEncoder and the url encoding/decoding.
 The url decoding has nothing to do with the charset - we decode
 %xx as bytes, the url encoding happens after char-byte and decoding
 happen before byte-char conversions ( i.e. uencoding operates on
 bytes ).
My understanding of this is that if the request is for:
/el-niño.jsp
then most of the time Tomcat will read it correctly. But it will return for
requestURI:
/el-ni%A1o.jso
The safe chars map to the same code points under iso-latin-1 and utf-8
(that's why they are safe chars).  UEncoder is strict in what is safe, but
the RFC isn't.  You are allowed to use exteded chars if the other side is
capable of detecting the charset.

 It is possible we have a bug - and a test case would help finding it. The
 code is quite tricky ( I spent huge amounts of time with charset/encoding

 issues ), and I agree LATER is good given the risks. But if I have
 the test case, I can take a look, it may be a simple fix.

 The way it is supposed to work - first the bytes are url decoded,
 then we detect the charset, then convert bytes to chars.

 Am I missing something here ?

 Costin


 --
 To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
mailto:[EMAIL PROTECTED]



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[Bill Barker]

Bugs to investigate  fix or resolve/leave as LATER:
   +4600  Tomcat 3.3 redirect behavior differs from Tomcat 3.2
   +  (try to make 301 or 302 configurable)
   +
   +4416  URI En/Decoding not working
   +  (investigate and fix if feasible)
My vote is for LATER, since as I understand the bug it is too late to test
this well, and  the fix (if not done right) has the potential to create
security problems.  The fix is to basically flip UEncoder on it's head, and
work with un-safe chars instead of safe chars (as well as to add the
logic to use the encoding).  If Costin (since it's his baby) thinks he's up
to it, by all means go for it.  I just don't want to delay the release for
the amount of time it would take me to make and be comfortable with the fix
(esp. since there is a work-around already).
   +
   +5958  Wrong mod_jk.conf for path pattern
Easy enough to fix.  The only question is if we want to change only
${Server}Config, or do we want to change the mod_jk behavior so that the two
statements:
JkMount /myApp/foobar/* ajp13
  and
JkMount /myApp/foobar* ajp13
are the same (i.e. more like servlet-mapping)?
   +



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[Larry Isaacs]

At this moment, I don't have plans to do the release any
differently from 3.3 Final.  It has been over a week since
it tried anything from J-T-C (my builds were failing due a
Tomcat 4.x dependency problem).  I check again tonight.
If something is ready, we can try to include it.  Unfortunately,
I am again out of tough with the status of J-T-C and what
is or isn't ready.  

Cheers,
Larry

 -Original Message-
 From: Bill Barker [mailto:[EMAIL PROTECTED]]
 Sent: Monday, January 21, 2002 6:13 PM
 To: Tomcat Developers List
 Subject: Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt
 
 
 Which AJP is planned to go with this?
 - Original Message -
 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, January 21, 2002 1:39 PM
 Subject: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt
 
 
  larryi  02/01/21 13:39:37
 
Added:   .RELEASE-PLAN-3.3.1.txt
Log:
Proposed Tomcat 3.3.1 release plan
 
Revision  ChangesPath
1.1  jakarta-tomcat/RELEASE-PLAN-3.3.1.txt
 
Index: RELEASE-PLAN-3.3.1.txt

 ===
NOTE: This document is a draft of a release plan for the next
dot release of Tomcat. Nothing in this document should be
considered authoritative until it has been discussed and approved
on the TOMCAT-DEV mailing list.
 
Tomcat 3.3.1 Release Plan
=
 
Objective:
 
The objective of the proposed 3.3.1 release is to 
 provide a bug fix
update to Tomcat 3.3.
 
 
Tomcat 3.3.1 Beta 1 Release:
 
Code Freeze/Tag Date: Jan 27, 2002
Release Manager: Larry Isaacs
 
Prior to this release, the following issues need to be
addressed:
 
Issue  Description
1  Must be able to compile and run under JDK 1.1.8
2  Address Cactus failures running with Tomcat 3.3
 
 
Bugs to investigate  fix or resolve/leave as LATER:
1657  hyphen character '-' in tag name results in Invalid
 expression
  (port fix from Tomcat 4.x Jasper)
3644  Errors reloading resources from jars: 
 possible JDK bug
  (see if recent changes address this)
4382  Starting up twice prevents stopping
  (implement suggested fix)
4600  Tomcat 3.3 redirect behavior differs from Tomcat 3.2
  (try to make 301 or 302 configurable)
4416  URI En/Decoding not working
  (investigate and fix if feasible)
4923  getRealPath().exists() yields security exception
  (investigate and fix if feasible)
5250  Load balancing workers do not correctly 
 handle Cookies
  conformant with RFC 2965
  (investigate and fix if feasible)
5684  WEB-INF/lib jar file loading and operations 
 problems.
  (see if recent changes address this)
5722  Forward to a page that have no extension 
 displays a blank
 page
  (try to fix to do something better than 
 display a blank
 page)
 
 
Tomcat 3.3.1 Release Candidate 1 Release:
 
Code Freeze/Tag Date: Feb 2, 2002
Release Manager: Larry Isaacs
 
Only safe fixes or documentation updates allowed prior to
final release, including:
 
Item  Description
1  Update build.xml to work with Ant 1.4 with 
 no warnings,
 i.e.
   require Ant 1.4.
2  Document special handling of '_' and '.' 
 by AutoWebApp.
   Make special characters configurable.
 
 
Bugs to fix:
5532  underscore is wrong (fixed by item 2 above)
4206  missing config files do not cause an error
  (add error or warning messages)
5769  NT Service display name should not be used 
 as service name
  (determine solution and patch)
4364  build-solaris for Apache connector does not compile
 with -DE
  (do what we can to review and update the 
 connector make
 files)
 
 
Tomcat 3.3.1 Final Release:
 
Code Freeze/Tag Date: Feb 9, 2002
Release Manager: Larry Isaacs
 
The current jakarta-tomcat HEAD will be built and released
as Tomcat 3.3.1 Final
 
 
The following bugs will be updated with the following resolution:
 
Bug   Resolution  From   Description
2202  WORKSFORME  REMIND sendRedirect with 
 enctype=Multipart/form-data
 does not
 work
3168  WONTFIX LATER  Reloading JSP Pages with includes in it
3290  INVALID LATER  Sessions not sharing properly 
 (lack of test
 case)
  WORKSFORME  LATER  request.getParameter(action) 
 return only
 static page
 value
4426  WONTFIX NEWDB polling
5246  WONTFIX NEWillegal tag

Re: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt

[Bill Barker]

Which AJP is planned to go with this?
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 21, 2002 1:39 PM
Subject: cvs commit: jakarta-tomcat RELEASE-PLAN-3.3.1.txt


 larryi  02/01/21 13:39:37

   Added:   .RELEASE-PLAN-3.3.1.txt
   Log:
   Proposed Tomcat 3.3.1 release plan

   Revision  ChangesPath
   1.1  jakarta-tomcat/RELEASE-PLAN-3.3.1.txt

   Index: RELEASE-PLAN-3.3.1.txt
   ===
   NOTE: This document is a draft of a release plan for the next
   dot release of Tomcat. Nothing in this document should be
   considered authoritative until it has been discussed and approved
   on the TOMCAT-DEV mailing list.

   Tomcat 3.3.1 Release Plan
   =

   Objective:

   The objective of the proposed 3.3.1 release is to provide a bug fix
   update to Tomcat 3.3.


   Tomcat 3.3.1 Beta 1 Release:

   Code Freeze/Tag Date: Jan 27, 2002
   Release Manager: Larry Isaacs

   Prior to this release, the following issues need to be
   addressed:

   Issue  Description
   1  Must be able to compile and run under JDK 1.1.8
   2  Address Cactus failures running with Tomcat 3.3


   Bugs to investigate  fix or resolve/leave as LATER:
   1657  hyphen character '-' in tag name results in Invalid
expression
 (port fix from Tomcat 4.x Jasper)
   3644  Errors reloading resources from jars: possible JDK bug
 (see if recent changes address this)
   4382  Starting up twice prevents stopping
 (implement suggested fix)
   4600  Tomcat 3.3 redirect behavior differs from Tomcat 3.2
 (try to make 301 or 302 configurable)
   4416  URI En/Decoding not working
 (investigate and fix if feasible)
   4923  getRealPath().exists() yields security exception
 (investigate and fix if feasible)
   5250  Load balancing workers do not correctly handle Cookies
 conformant with RFC 2965
 (investigate and fix if feasible)
   5684  WEB-INF/lib jar file loading and operations problems.
 (see if recent changes address this)
   5722  Forward to a page that have no extension displays a blank
page
 (try to fix to do something better than display a blank
page)


   Tomcat 3.3.1 Release Candidate 1 Release:

   Code Freeze/Tag Date: Feb 2, 2002
   Release Manager: Larry Isaacs

   Only safe fixes or documentation updates allowed prior to
   final release, including:

   Item  Description
   1  Update build.xml to work with Ant 1.4 with no warnings,
i.e.
  require Ant 1.4.
   2  Document special handling of '_' and '.' by AutoWebApp.
  Make special characters configurable.


   Bugs to fix:
   5532  underscore is wrong (fixed by item 2 above)
   4206  missing config files do not cause an error
 (add error or warning messages)
   5769  NT Service display name should not be used as service name
 (determine solution and patch)
   4364  build-solaris for Apache connector does not compile
with -DE
 (do what we can to review and update the connector make
files)


   Tomcat 3.3.1 Final Release:

   Code Freeze/Tag Date: Feb 9, 2002
   Release Manager: Larry Isaacs

   The current jakarta-tomcat HEAD will be built and released
   as Tomcat 3.3.1 Final


   The following bugs will be updated with the following resolution:

   Bug   Resolution  From   Description
   2202  WORKSFORME  REMIND sendRedirect with enctype=Multipart/form-data
does not
work
   3168  WONTFIX LATER  Reloading JSP Pages with includes in it
   3290  INVALID LATER  Sessions not sharing properly (lack of test
case)
     WORKSFORME  LATER  request.getParameter(action) return only
static page
value
   4426  WONTFIX NEWDB polling
   5246  WONTFIX NEWillegal tag at jsp:plugin
   5411  INVALID NEWJSP session does not work with IE/IIS5/Tomcat
3.3
   5449  WORKSFORME  NEWajp13 and security constraints don't work
   5560  INVALID NEWRemoval of unnecessary white space in output


   The following bugs will be left with their current resolution:

   Bug   Resolution  Description
   2700  LATER   New setStatusLine method?
   3032  LATER   Cannot recover key Exception while using trust
keystore with
 multiple keys
   3298  LATER   IIS-Redirector fails to read from client
   3309  LATER   Cannot use pre-compiled jsp as welcome page
   3798  LATER   Service Manager for Tomcat








 --
 To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
 For