dgriffith-lx opened a new pull request, #874:
URL: https://github.com/apache/tomcat/pull/874
Update package for OneLineFormatter to match
[logging.properties](https://github.com/apache/tomcat/blob/9.0.x/conf/logging.properties)
--
This is an automated message from the Apache Git Service.
ChristopherSchultz merged PR #874:
URL: https://github.com/apache/tomcat/pull/874
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 258261ce55 logging doc - fix package for OneLineF
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 18850add22 logging doc - fix package for OneLineFor
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new fd0eac9e76 logging doc - fix package for OneLin
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 1d65c24a76 logging doc - fix package for OneLin
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #15 from Christopher Schultz ---
(In reply to Remy Maucherat from comment #13)
> (In reply to Christopher Schultz from comment #12)
> > I mentioned this in a previous comment. If the file requested exists, I
> > think it should be r
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #12 from Christopher Schultz ---
(In reply to Michael Osipov from comment #11)
> (In reply to Christopher Schultz from comment #8)
> > I think it's reasonable to use the JVM's default locale when there is none
> > presented by the c
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #13 from Remy Maucherat ---
(In reply to Christopher Schultz from comment #12)
> (In reply to Michael Osipov from comment #11)
> > (In reply to Christopher Schultz from comment #8)
> > > I think it's reasonable to use the JVM's defa
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
Remy Maucherat changed:
What|Removed |Added
Attachment #40058|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #8 from Christopher Schultz ---
(In reply to Remy Maucherat from comment #7)
> (In reply to Michael Osipov from comment #6)
> > (In reply to Remy Maucherat from comment #3)
> > > I would have thought this would be (another) feature
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #9 from Christopher Schultz ---
Comments on the patch (latest is attachment #40058 at the time of this
writing). I have only read the patch, not run it.
1. I believe content-negotiation in mod_negotiation is only performed if the
o
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
Christopher Schultz changed:
What|Removed |Added
Attachment #40056|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #6 from Michael Osipov ---
(In reply to Remy Maucherat from comment #3)
> I would have thought this would be (another) feature in default servlet.
> I believe ServletRequest.getLocales() will return a sorted list of locales
> accord
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #7 from Remy Maucherat ---
(In reply to Michael Osipov from comment #6)
> (In reply to Remy Maucherat from comment #3)
> > I would have thought this would be (another) feature in default servlet.
> > I believe ServletRequest.getLoca
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You are recei
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #11 from Michael Osipov ---
(In reply to Christopher Schultz from comment #8)
> (In reply to Remy Maucherat from comment #7)
> > (In reply to Michael Osipov from comment #6)
> > > (In reply to Remy Maucherat from comment #3)
> > > >
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
Remy Maucherat changed:
What|Removed |Added
Attachment #40057|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #3 from Remy Maucherat ---
I would have thought this would be (another) feature in default servlet.
I believe ServletRequest.getLocales() will return a sorted list of locales
according to the quality from the Accept-Language header.
https://bz.apache.org/bugzilla/show_bug.cgi?id=69735
--- Comment #4 from Remy Maucherat ---
Created attachment 40057
--> https://bz.apache.org/bugzilla/attachment.cgi?id=40057&action=edit
Accept-Language in default servlet
Would this be an acceptable impl for simple Accpet-Language support in
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource consumption vulnerability if an HTT
CVE-2025-49125 Apache Tomcat - APR/Native Connector crash leading to DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
A race condition on connection close could trigger a JVM crash when
using the APR/Native connec
Author: markt
Date: Thu Jul 10 18:55:09 2025
New Revision: 1927120
URL: http://svn.apache.org/viewvc?rev=1927120&view=rev
Log:
Update site with latest CVEs
Modified:
tomcat/site/trunk/docs/oldnews-2024.html
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-11.htm
Modified: tomcat/site/trunk/docs/oldnews-2024.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews-2024.html?rev=1927120&r1=1927119&r2=1927120&view=diff
==
--- tomcat/site/trunk/docs/oldnews-2024.html (o
Modified: tomcat/site/trunk/docs/security-10.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1927120&r1=1927119&r2=1927120&view=diff
==
--- tomcat/site/trunk/docs/security-10.html (origin
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart uploa
Correcting typo in fixed versions
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikel
28 matches
Mail list logo
