On 27/04/2021 22:14, Rémy Maucherat wrote:
I remember after doing the rewrite valve I got asked a bit about
mod_headers because "why not". However, now I recall I found out it would
be far less practical. So I very quickly moved on since it was also less
useful than rewrite. I would still prob
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #3 from Mark Thomas ---
Section 3.1.7 of the WebSocket specification requires endpoint instances are
created via ServerEndpointConfig.Configurator.getEndpointInstance(). Users are
free to supply their own Configurator implementation
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #4 from romain.manni-bucau ---
@Mark: this issue is about the default configurator, fully agree when a custom
configurator is used tomcat will not care.
I also agree encoders/decoders IoC support is not in the specification but not
On Wed, Apr 28, 2021 at 9:07 AM Mark Thomas wrote:
> I'm wondering if there is merit in a Valve-like mechanism for Coyote.
> Name TBD but would look something like:
> - callbacks
>- after request headers are parsed / before the request is prepared
>- after the request is prepared
>- b
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #5 from Remy Maucherat ---
(In reply to romain.manni-bucau from comment #4)
> @Mark: this issue is about the default configurator, fully agree when a
> custom configurator is used tomcat will not care.
I agree if using the default
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Bug ID: 65272
Summary: Problems proccessing HTTP request without CR in last
versions
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
Sever
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new c07530f Refactor system property source to be mor
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #6 from Mark Thomas ---
@Rémy
I think I can see a way to do that. We'll need to check which Configurator was
used in the WsSession constructor to make sure we don't call the
InstanceManager twice. It does mean that the timing of the
https://bz.apache.org/bugzilla/show_bug.cgi?id=65262
--- Comment #7 from romain.manni-bucau ---
@Mark functionally I can leave with current validation but theorically the
validation is only known of the IoC but it is not super aligned on the spec.
To illustrate it take a CDI or Spring encoder, it
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 06eb5b1 Refactor system property source to be more
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2f9a206 Refactor system property source to be more
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Michael Osipov changed:
What|Removed |Added
OS||All
--- Comment #1 from Michael Osipo
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #2 from Miguel ---
(In reply to Michael Osipov from comment #1)
> How old are those systems?
I haven't the data. But I see that HTTP request are 1.0 version... then is very
old...
We have some legacy systems. One of these is a SMS
The Buildbot has detected a restored build on builder tomcat-9-trunk while
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-9-trunk/builds/743
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: asf946_ubuntu
Build Reason: The AnyBranchSchedu
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #3 from Mark Thomas ---
This stricter parsing was introduced as part of the fix for CVE-2020-1935.
Because the fix was in response to a security issue, that makes it a lot less
likely the current behaviour will be changed.
I'll n
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Bug ID: 65273
Summary: NoClassDefFoundError in Apache POI dependency after
upgrading to Tomcat 8.57 in Jira
Product: Tomcat 8
Version: 8.5.57
Hardware: PC
Sta
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Angelica Salazar changed:
What|Removed |Added
OS||All
--- Comment #1 from Angelica Sa
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
Mark Thomas changed:
What|Removed |Added
Summary|NoClassDefFoundError in |NoClassDefFoundError in
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #4 from Miguel ---
(In reply to Mark Thomas from comment #3)
> This stricter parsing was introduced as part of the fix for CVE-2020-1935.
>
> Because the fix was in response to a security issue, that makes it a lot
> less likely th
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #5 from Mark Thomas ---
I've started to look at this. So far I have spotted a couple of minor issues
with the current parsing that I need to fix. Commits for those will follow
shortly.
I haven't yet found any reason not to allow LF
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from c07530f Refactor system property source to be more flexible
new e5468e2 Reject invalid HTTP protocols with 400
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e5468e2a8d3a90b3fb831bd83b156b32736f
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:21:13 2021 +0100
Reject inval
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2ce4ea2f8e9111269e990fff640b48847b9e6d87
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:22:24 2021 +0100
Fix off by o
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 06eb5b1 Refactor system property source to be more flexible
add 8be9764 Reject invalid HTTP protocols with 400 r
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 559a05015601f44de09052cc3ca99f1aa1b4df15
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:21:13 2021 +0100
Reject invali
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 2f9a206 Refactor system property source to be more flexible
new 559a050 Reject invalid HTTP protocols with 400 r
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a2e465cfd980b8350656205f1c6515388f5a1612
Author: Mark Thomas
AuthorDate: Wed Apr 28 17:22:24 2021 +0100
Fix off by on
markt-asf opened a new pull request #417:
URL: https://github.com/apache/tomcat/pull/417
Potential fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Needs careful review, hence using a PR.
If you spot any potential ways an invalid HTTP request line or header could
be:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #6 from Mark Thomas ---
It currently looks like this is fixable. PR at
https://github.com/apache/tomcat/pull/417
Need to allow time for the Tomcat community to review the PR.
--
You are receiving this mail because:
You are the as
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
--- Comment #2 from Mark Thomas ---
First the good news. I can recreate this. I downloaded trail versions of Jira
and R4J, created a single issue, requested an export and saw the exception and
at the bottom of the stack trace:
"Caused by: java
ChristopherSchultz commented on a change in pull request #417:
URL: https://github.com/apache/tomcat/pull/417#discussion_r622458605
##
File path: webapps/docs/changelog.xml
##
@@ -143,6 +143,12 @@
request line, ensure that all the available data is included in the
https://bz.apache.org/bugzilla/show_bug.cgi?id=65273
--- Comment #3 from Angelica Salazar ---
(In reply to Mark Thomas from comment #2)
> First the good news. I can recreate this. I downloaded trail versions of
> Jira and R4J, created a single issue, requested an export and saw the
> exception an
32 matches
Mail list logo
