https://bz.apache.org/bugzilla/show_bug.cgi?id=64705
Bug ID: 64705
Summary: Host header differing from URL host is still allowed
(even when allowHostHeaderMismatch="false" in
Connector)
Product: Tomcat 9
Version:
https://bz.apache.org/bugzilla/show_bug.cgi?id=64705
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
OS|
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 7e03713 Tweak the debug logging so the content o
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 504445c Tweak the debug logging so the content of
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7cef66b Tweak the debug logging so the content of
https://bz.apache.org/bugzilla/show_bug.cgi?id=64705
--- Comment #2 from Ronny Standnes-Ellstrøm ---
(In reply to Mark Thomas from comment #1)
> postman isn't doing what you think it is. Testing via telnet confirms Tomcat
> 9.0.x is working as designed (and there have been no changes in this area
markt-asf commented on pull request #332:
URL: https://github.com/apache/tomcat/pull/332#issuecomment-685776905
I'm planning on looking at this next. I'll probably end up merging it
manually as I find it easier to review larger PRs that way. I expect to
back-port it to at least 8.5.x and,
kamnani closed pull request #350:
URL: https://github.com/apache/tomcat/pull/350
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the
kamnani opened a new pull request #351:
URL: https://github.com/apache/tomcat/pull/351
This is a redo of Previous CR : https://github.com/apache/tomcat/pull/331
These changes enable the compiler to remove excess white space from the JSP
files & thus reduce the JVM metadata
_(Cons
kamnani opened a new pull request #352:
URL: https://github.com/apache/tomcat/pull/352
This is a redo of Previous PR: https://github.com/apache/tomcat/pull/348
The following changes have been made based on the suggestions earlier:
1) Flag can be passed through Host Configuration.
markt-asf commented on pull request #332:
URL: https://github.com/apache/tomcat/pull/332#issuecomment-685933557
I just wanted to note that there are some edge cases - mainly around FORM
authentication - I want to think about more carefully. I am also looking at do
more via ActionCode.ACK.
Am 21.08.20 um 20:22 schrieb Mark Thomas:
> Version 1.2.25 includes the following changes compared to 1.2.24
>
> - Improvements to LibreSSL support
>
> - Improvements to HP_UX support
>
> Various other fixes and improvements. See the changelog for details.
>
> The proposed release artefacts can b
rotty3000 commented on pull request #351:
URL: https://github.com/apache/tomcat/pull/351#issuecomment-685946608
I've been wondering why this flag is set by a context param instead of along
with all other jsp compiler flags in the [jasper
options](https://github.com/apache/tomcat/blob/maste
kamnani commented on pull request #351:
URL: https://github.com/apache/tomcat/pull/351#issuecomment-686061378
@rotty3000 Thanks for the comment.
I have added the flag inside the jasper options as mentioned by you. Do we
need any other change to this PR?
--
kdillane commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482606855
##
File path: java/org/apache/jasper/EmbeddedServletOptions.java
##
@@ -635,6 +648,19 @@ public EmbeddedServletOptions(ServletConfig config,
ServletContext
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482622880
##
File path: java/org/apache/jasper/EmbeddedServletOptions.java
##
@@ -635,6 +648,19 @@ public EmbeddedServletOptions(ServletConfig config,
ServletContext
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482623460
##
File path: java/org/apache/jasper/compiler/Generator.java
##
@@ -81,6 +83,13 @@
private static final Class[] OBJECT_CLASS = { Object.class };
+
kdillane commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482627998
##
File path: java/org/apache/jasper/compiler/Generator.java
##
@@ -81,6 +83,13 @@
private static final Class[] OBJECT_CLASS = { Object.class };
+
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482622880
##
File path: java/org/apache/jasper/EmbeddedServletOptions.java
##
@@ -635,6 +648,19 @@ public EmbeddedServletOptions(ServletConfig config,
ServletContext
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482630168
##
File path: java/org/apache/jasper/compiler/Generator.java
##
@@ -81,6 +83,13 @@
private static final Class[] OBJECT_CLASS = { Object.class };
+
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482630308
##
File path: java/org/apache/jasper/Options.java
##
@@ -47,6 +47,13 @@
*/
public boolean getKeepGenerated();
+/**
+ * Returns the Value
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482630168
##
File path: java/org/apache/jasper/compiler/Generator.java
##
@@ -81,6 +83,13 @@
private static final Class[] OBJECT_CLASS = { Object.class };
+
kamnani commented on a change in pull request #351:
URL: https://github.com/apache/tomcat/pull/351#discussion_r482630409
##
File path: java/org/apache/jasper/JspC.java
##
@@ -195,6 +196,7 @@
protected boolean compile = false;
protected boolean failFast = false;
p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 9/1/20 14:38, Mark Thomas wrote:
> On 01/09/2020 18:01, Christopher Schultz wrote:
>> All,
>>
>> I'd like to propose that we publish a security.txt[1] file on our
>> web site under /.well-known/security.txt and /security.txt
>>
>> This file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/21/20 14:22, Mark Thomas wrote:
> Version 1.2.25 includes the following changes compared to 1.2.24
>
> - Improvements to LibreSSL support
>
> - Improvements to HP_UX support
>
> Various other fixes and improvements. See the changelog for
25 matches
Mail list logo
