Re: [VOTE] Releasing Tomcat Connectors 1.2.26

[Peter Rossbach]

Good work!


Apache Tomcat Connectors 1.2.26 is:

[x ] Stable - no major issues, no regressions
[ ] Beta - at least one significant issue -- tell us what it is
[ ] Alpha - multiple significant issues -- tell us what they are




Merry Christmas
Peter

Am 21.12.2007 um 19:41 schrieb Rainer Jung:


Hello to all Tomcat project members,

JK 1.2.26 has been available for testing for some days as a svn
snapshot. Only one small bug has been found and fixed. So I would like
to proceed with the release vote.

If you want to take a look, the final source distribution can be
downloaded from:

http://tomcat.apache.org/dev/dist/tomcat-connectors/jk/source/

The updated documentation can be found at

http://tomcat.apache.org/dev/dist/tomcat-connectors/jk/docs/

Binaries might be available under

http://tomcat.apache.org/dev/dist/tomcat-connectors/jk/binaries/

Linux and Solaris binaries are there, feel free to provide further  
binaries.


So here's the vote. Because of the holidays, the vote will be  
closed on

Monday December 24, 11:00 a.m. GMT.

Apache Tomcat Connectors 1.2.26 is:

[ ] Stable - no major issues, no regressions
[ ] Beta - at least one significant issue -- tell us what it is
[ ] Alpha - multiple significant issues -- tell us what they are

Thank you and a Merry Christmas,

Rainer



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606594 - /tomcat/trunk/conf/catalina.policy

[markt]

Author: markt
Date: Sun Dec 23 11:22:18 2007
New Revision: 606594

URL: http://svn.apache.org/viewvc?rev=606594&view=rev
Log:
Fix CVE-2007-5342. Limit JULI privs to just those required to prevent per 
web-app configurations having too many privs.

Modified:
tomcat/trunk/conf/catalina.policy

Modified: tomcat/trunk/conf/catalina.policy
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?rev=606594&r1=606593&r2=606594&view=diff
==
--- tomcat/trunk/conf/catalina.policy (original)
+++ tomcat/trunk/conf/catalina.policy Sun Dec 23 11:22:18 2007
@@ -62,7 +62,19 @@
 
 // These permissions apply to the logging API
 grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
-permission java.security.AllPermission;
+permission java.util.PropertyPermission 
"java.util.logging.config.class", "read";
+permission java.util.PropertyPermission 
"java.util.logging.config.file", "read";
+permission java.lang.RuntimePermission "shutdownHooks";
+permission java.io.FilePermission 
"${catalina.base}${file.separator}conf${file.separator}logging.properties", 
"read";
+permission java.util.PropertyPermission "catalina.base", "read";
+permission java.util.logging.LoggingPermission "control";
+permission java.io.FilePermission 
"${catalina.base}${file.separator}logs", "read, write";
+permission java.io.FilePermission 
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+permission java.lang.RuntimePermission "getClassLoader";
+// To enable per context logging configuration, permit read access to 
the appropriate file.
+// Be sure that the logging configuration is secure before enabling 
such access
+// eg for the examples web application:
+// permission java.io.FilePermission 
"${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
 "read";
 };
 
 // These permissions apply to the server startup code



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606595 - /tomcat/tc6.0.x/trunk/STATUS.txt

[markt]

Author: markt
Date: Sun Dec 23 11:24:42 2007
New Revision: 606595

URL: http://svn.apache.org/viewvc?rev=606595&view=rev
Log:
Propose fix for CVE-2007-5342

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606595&r1=606594&r2=606595&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 11:24:42 2007
@@ -53,3 +53,9 @@
   http://people.apache.org/~jfclere/patches/Request.patch  
   +1: jfclere, fhanik
   -1:
+
+* Fix CVE-2007-5342
+  JULI permissions need to be restricted
+  http://svn.apache.org/viewvc?rev=606594&view=rev
+  +1: markt
+  -1:



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606596 - /tomcat/current/tc5.5.x/STATUS.txt

[markt]

Author: markt
Date: Sun Dec 23 11:24:55 2007
New Revision: 606596

URL: http://svn.apache.org/viewvc?rev=606596&view=rev
Log:
Propose fix for CVE-2007-5342

Modified:
tomcat/current/tc5.5.x/STATUS.txt

Modified: tomcat/current/tc5.5.x/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=606596&r1=606595&r2=606596&view=diff
==
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Sun Dec 23 11:24:55 2007
@@ -152,3 +152,9 @@
   http://svn.apache.org/viewvc?rev=605364&view=rev
   +1: markt, pero
   -1: 
+
+* Fix CVE-2007-5342
+  JULI permissions need to be restricted
+  http://svn.apache.org/viewvc?rev=606594&view=rev
+  +1: markt
+  -1:



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[CVE-2007-5342] Apache Tomcat's default security policy is too open

[Mark Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CVE-2007-5342: Tomcat's default security policy is too open

Severity:
Low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 5.5.9 to 5.5.25
Tomcat 6.0.0 to 6.0.15

Description:
The JULI logging component allows web applications to provide their own
logging configurations. The default security policy does not restrict this
configuration and allows an untrusted web application to add files or
overwrite existing files where the Tomcat process has the necessary file
permissions to do so.

Mitigation:
Apply the following patch to the catalina.policy file
http://svn.apache.org/viewvc?rev=606594&view=rev
The patch will be included in 5.5.25 onwards and 6.0.16 onwards
This patch is also included at the end of this announcement

Example:
An application could have its own WEB-INF/classes/logging.properties

handlers = org.apache.juli.FileHandler
org.apache.juli.FileHandler.level = FINE
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = mylog.

Credit:
This issue was discovered by Delian Krustev.

References:
http://tomcat.apache.org/security.html

Mark Thomas

*** Patch starts below this line ***
Index: catalina.policy
===
- --- catalina.policy   (revision 606588)
+++ catalina.policy (working copy)
@@ -62,7 +62,19 @@

 // These permissions apply to the logging API
 grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
- -permission java.security.AllPermission;
+permission java.util.PropertyPermission 
"java.util.logging.config.class", "read";
+permission java.util.PropertyPermission 
"java.util.logging.config.file", "read";
+permission java.lang.RuntimePermission "shutdownHooks";
+permission java.io.FilePermission 
"${catalina.base}${file.separator}conf${file.separator}logging.properties", 
"read";
+permission java.util.PropertyPermission "catalina.base", "read";
+permission java.util.logging.LoggingPermission "control";
+permission java.io.FilePermission 
"${catalina.base}${file.separator}logs", "read, write";
+permission java.io.FilePermission 
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+permission java.lang.RuntimePermission "getClassLoader";
+// To enable per context logging configuration, permit read access to 
the appropriate file.
+// Be sure that the logging configuration is secure before enabling 
such access
+// eg for the examples web application:
+// permission java.io.FilePermission 
"${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
 "read";
 };

 // These permissions apply to the server startup code

*** Patch ends above this line ***






-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHbrZQb7IeiTPGAkMRAhg1AJ4ydvIa2WIuHN8x3TKGD01xReatbgCfTtj2
8TzsMaXSUzeuEvnOuY5fmCo=
=N5J9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606598 - /tomcat/site/trunk/build.xml

[markt]

Author: markt
Date: Sun Dec 23 11:29:02 2007
New Revision: 606598

URL: http://svn.apache.org/viewvc?rev=606598&view=rev
Log:
Update the build script now the FAQ is on the wiki.

Modified:
tomcat/site/trunk/build.xml

Modified: tomcat/site/trunk/build.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/build.xml?rev=606598&r1=606597&r2=606598&view=diff
==
--- tomcat/site/trunk/build.xml (original)
+++ tomcat/site/trunk/build.xml Sun Dec 23 11:29:02 2007
@@ -29,28 +29,6 @@
 
 
 
-
-
-
-
-
-
-
-
-
-
-
-
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606599 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

[markt]

Author: markt
Date: Sun Dec 23 11:31:11 2007
New Revision: 606599

URL: http://svn.apache.org/viewvc?rev=606599&view=rev
Log:
Add info for CVE-2007-5342

Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=606599&r1=606598&r2=606599&view=diff
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sun Dec 23 11:31:11 2007
@@ -222,8 +222,46 @@
 
 
 
-
-Fixed in Apache Tomcat 5.5.SVN
+
+Fixed in SVN trunk and proposed for inclusion in 5.5.x
+
+
+
+
+
+
+
+
+
+low: Elevated privileges
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+   CVE-2007-5342
+
+
+The JULI logging component allows web applications to provide their own
+   logging configurations. The default security policy does not restrict
+   this configuration and allows an untrusted web application to add files
+   or overwrite existing files where the Tomcat process has the necessary
+   file permissions to do so.
+
+Affects: 5.5.9-5.5.25
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fixed in Apache Tomcat 5.5.SVN for inclusion in next release
 
 
 

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=606599&r1=606598&r2=606599&view=diff
==
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sun Dec 23 11:31:11 2007
@@ -218,8 +218,46 @@
 
 
 
-
-Fixed in Apache Tomcat 6.0.SVN 
+
+Fixed in SVN trunk and proposed for inclusion in 6.0.x
+
+
+
+
+
+
+
+
+
+low: Elevated privileges
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+   CVE-2007-5342
+
+
+The JULI logging component allows web applications to provide their own
+   logging configurations. The default security policy does not restrict
+   this configuration and allows an untrusted web application to add files
+   or overwrite existing files where the Tomcat process has the necessary
+   file permissions to do so.
+
+Affects: 6.0.0-6.0.15
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fixed in Apache Tomcat 6.0.SVN for inclusion in next release
 
 
 

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=606599&r1=606598&r2=606599&view=diff
==
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sun Dec 23 11:31:11 2007
@@ -28,7 +28,22 @@
 
   
 
-  
+  
+low: Elevated privileges
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+   CVE-2007-5342
+
+The JULI logging component allows web applications to provide their own
+   logging configurations. The default security policy does not restrict
+   this configuration and allows an untrusted web application to add files
+   or overwrite existing files where the Tomcat process has the necessary
+   file permissions to do so.
+
+Affects: 5.5.9-5.5.25
+
+  
+
+  
 important: Information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
CVE-2007-5461

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=606599&r1=606598&r2=606599&view=diff
==
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sun Dec 23 11:31:11 2007
@@ -24,7 +24,22 @@
 
   
 
-  
+  
+low: Elevated privileges
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+   CVE-2007-5342
+
+The JULI logging component allows web applications to provide their own
+   logging configurations. The default security policy does not restrict
+   this configuration and allows an untrusted web application to add files
+   or overwrite existing files where the Tomcat process has the necessary
+   file permissions to do so.
+
+Affects: 6.0.0-6.0.15
+
+  
+
+  
 important: Information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
CVE-2007-5461



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606605 - in /tomcat/tc6.0.x/trunk: STATUS.txt webapps/docs/changelog.xml webapps/docs/config/context.xml

[markt]

Author: markt
Date: Sun Dec 23 12:04:45 2007
New Revision: 606605

URL: http://svn.apache.org/viewvc?rev=606605&view=rev
Log:
Fix bug 44094. Add note about side effects of privileged.

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606605&r1=606604&r2=606605&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 12:04:45 2007
@@ -31,12 +31,6 @@
   +1: jfclere
   -1: fhanik - Can we add the 'package' directive to make the package match 
the dir structure
 
-* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=44094
-  Add note about side-effects of setting privileged on a context
-  http://svn.apache.org/viewvc?rev=605339&view=rev
-  +1: markt, pero, fhanik
-  -1: 
-
 * Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43241
   ServletContext.getResourceAsStream() not spec compliant
   http://svn.apache.org/viewvc?rev=605356&view=rev

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=606605&r1=606604&r2=606605&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Dec 23 12:04:45 2007
@@ -132,6 +132,10 @@
 for a context defined in server.xml rather than failing silently.
 (markt/jim)
   
+  
+44094: Add a note about the side effects of configuring a
+context as privileged. (markt)
+  
 
   


Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml?rev=606605&r1=606604&r2=606605&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml Sun Dec 23 12:04:45 
2007
@@ -181,7 +181,12 @@
 
   
 Set to true to allow this context to use container
-servlets, like the manager servlet.
+servlets, like the manager servlet. Use of the privileged
+attribute will change the context's parent class loader to be the
+Server class loader rather than the Shared class
+loader. Note that in a default installation, the Common class
+loader is used for both the Server and the Shared
+class loaders.
   
 
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44094] - privileged="true" causes ClassNotFound from shared\lib

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44094





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 12:04 ---
Fixed in 6.0.x.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606606 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/core/ApplicationContext.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Sun Dec 23 12:09:23 2007
New Revision: 606606

URL: http://svn.apache.org/viewvc?rev=606606&view=rev
Log:
Fix bug 43241. Make ServletContext.getResourceAsStream() spec compliant

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606606&r1=606605&r2=606606&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 12:09:23 2007
@@ -31,12 +31,6 @@
   +1: jfclere
   -1: fhanik - Can we add the 'package' directive to make the package match 
the dir structure
 
-* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43241
-  ServletContext.getResourceAsStream() not spec compliant
-  http://svn.apache.org/viewvc?rev=605356&view=rev
-  +1: markt, pero, fhanik
-  -1: 
-
 * Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43236
   Reset usingWriter and associated flags when response is reset
   http://svn.apache.org/viewvc?rev=605364&view=rev

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=606606&r1=606605&r2=606606&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java 
Sun Dec 23 12:09:23 2007
@@ -507,7 +507,7 @@
 public InputStream getResourceAsStream(String path) {
 
 path = normalize(path);
-if (path == null)
+if (path == null || !path.startsWith("/"))
 return (null);
 
 DirContext resources = context.getResources();
@@ -865,7 +865,7 @@
 
 String normalized = path;
 
-// Normalize the slashes and add leading slash if necessary
+// Normalize the slashes
 if (normalized.indexOf('\\') >= 0)
 normalized = normalized.replace('\\', '/');
 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=606606&r1=606605&r2=606606&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Dec 23 12:09:23 2007
@@ -39,6 +39,10 @@
 Fix handling of CometEvent.close when called during BEGIN event 
(fhanik)
   
   
+43241: Make ServletContext.getResourceAsStream() conform to
+the specification. Patch provided by John Kew. (markt)
+  
+  
 43594: Use setenv from CATALINA_BASE (if set) in preference
 to the one in CATALINA_HOME. Patch provided by Shaddy Baddah.
 (markt/jim)



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43241] - ServletContext.getResourceAsStream() does not follow API specs for Path

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43241





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 12:09 ---
Fixed in 6.0.x

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606610 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/connector/Response.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Sun Dec 23 12:16:08 2007
New Revision: 606610

URL: http://svn.apache.org/viewvc?rev=606610&view=rev
Log:
Fix bug 43236. After resetting the response, allow the character set to be 
changed.

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606610&r1=606609&r2=606610&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 12:16:08 2007
@@ -31,12 +31,6 @@
   +1: jfclere
   -1: fhanik - Can we add the 'package' directive to make the package match 
the dir structure
 
-* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43236
-  Reset usingWriter and associated flags when response is reset
-  http://svn.apache.org/viewvc?rev=605364&view=rev
-  +1: markt, pero, fhanik
-  -1: 
-
 * Smallest fix to the above patches.
   http://people.apache.org/~jfclere/patches/Request.patch  
   +1: jfclere, fhanik

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java?rev=606610&r1=606609&r2=606610&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java Sun 
Dec 23 12:16:08 2007
@@ -657,6 +657,9 @@
 
 coyoteResponse.reset();
 outputBuffer.reset();
+usingOutputStream = false;
+usingWriter = false;
+isCharacterEncodingSet = false;
 }
 
 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=606610&r1=606609&r2=606610&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Dec 23 12:16:08 2007
@@ -39,6 +39,11 @@
 Fix handling of CometEvent.close when called during BEGIN event 
(fhanik)
   
   
+43236: When resetting the response, also reset the flags
+associated with using a writer or an output stream to allow the user to
+change character set after the reset. (markt)
+  
+  
 43241: Make ServletContext.getResourceAsStream() conform to
 the specification. Patch provided by John Kew. (markt)
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43236] - Response.setCharacterEncoding() fails after Response.getWriter() and Response.reset()

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43236





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 12:16 ---
Fixed in 6.0.x

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606612 - /tomcat/tc6.0.x/trunk/STATUS.txt

[markt]

Author: markt
Date: Sun Dec 23 12:25:00 2007
New Revision: 606612

URL: http://svn.apache.org/viewvc?rev=606612&view=rev
Log:
Add my vote.

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606612&r1=606611&r2=606612&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 12:25:00 2007
@@ -33,7 +33,7 @@
 
 * Smallest fix to the above patches.
   http://people.apache.org/~jfclere/patches/Request.patch  
-  +1: jfclere, fhanik
+  +1: jfclere, fhanik, markt
   -1:
 
 * Fix CVE-2007-5342



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606613 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

[markt]

Author: markt
Date: Sun Dec 23 12:48:49 2007
New Revision: 606613

URL: http://svn.apache.org/viewvc?rev=606613&view=rev
Log:
Align wording. Make it clear some (actually one) issue will not be fixed.

Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/xdocs/security-4.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=606613&r1=606612&r2=606613&view=diff
==
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Sun Dec 23 12:48:49 2007
@@ -218,8 +218,8 @@
 
 
 
-
-Not fixed in Apache Tomcat 4.1.x
+
+Will not be fixed in Apache Tomcat 4.1.x
 
 
 
@@ -244,6 +244,31 @@
 
 Affects: 4.1.15-4.1.SVN
 
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fixed in SVN trunk and proposed for inclusion in 4.1.x
+
+
+
+
+
+
+
+
+
 
 important: Information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
@@ -271,8 +296,8 @@
 
 
 
-
-Fixed in Apache Tomcat 4.1.SVN
+
+Fixed in Apache Tomcat 4.1.SVN for inclusion in next release
 
 
 

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=606613&r1=606612&r2=606613&view=diff
==
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Sun Dec 23 12:48:49 2007
@@ -24,7 +24,7 @@
 
   
 
-  
+  
 moderate: Information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836";>
CVE-2005-4836
@@ -39,6 +39,11 @@
 
 Affects: 4.1.15-4.1.SVN
 
+  
+
+
+  
+
 important: Information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
CVE-2007-5461
@@ -52,7 +57,7 @@
 
   
 
-  
+  
 important: Information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
CVE-2005-3164



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44087] - tomcat-native-1.1.10 duplicate requests on tcp connection

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44087


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 12:52 ---
This has been fixed in svn and will be included in native 1.1.12 onwards.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44117] - ProxyPass in Apache http server wipes session data

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44117


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 12:58 ---
This works for me so most likely this is a configuration issue. Please follow up
on the users list.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606619 - /tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java

[markt]

Author: markt
Date: Sun Dec 23 13:32:23 2007
New Revision: 606619

URL: http://svn.apache.org/viewvc?rev=606619&view=rev
Log:
Tab police - a minor infraction ;)

Modified:
tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=606619&r1=606618&r2=606619&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java Sun Dec 23 
13:32:23 2007
@@ -214,7 +214,7 @@
  * @return The value of useContextClassLoader
  */
 public boolean isUseContextClassLoader() {
-   return useContextClassLoader;
+return useContextClassLoader;
 } 
 
 public void setContainer(Container container) {



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606621 - /tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java

[markt]

Author: markt
Date: Sun Dec 23 13:55:38 2007
New Revision: 606621

URL: http://svn.apache.org/viewvc?rev=606621&view=rev
Log:
Fix 44084 with a patch provided by Noah Levitt. I also made a few additional 
fixes to line lengths etc.

Modified:
tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=606621&r1=606620&r2=606621&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java Sun Dec 23 
13:55:38 2007
@@ -241,21 +241,19 @@
  }
  
  /**
-  * Sets the list of comma-delimited classes that represent 
-  * roles. The classes in the list must implement 
java.security.Principal.
-  * When this accessor is called (for example, by a Digester
-  * instance parsing the
-  * configuration file), it will parse the class names and store the 
resulting
-  * string(s) into the ArrayList field 
roleClasses.
+  * Sets the list of comma-delimited classes that represent roles. The
+  * classes in the list must implement 
java.security.Principal.
+  * The supplied list of classes will be parsed when [EMAIL PROTECTED] 
#start()} is
+  * called.
   */
  public void setRoleClassNames(String roleClassNames) {
  this.roleClassNames = roleClassNames;
- parseClassNames(roleClassNames, roleClasses);
  }
  
  /**
   * Parses a comma-delimited list of class names, and store the class names
-  * in the provided List. Each class must implement 
.
+  * in the provided List. Each class must implement
+  * java.security.Principal.
   * 
   * @param classNamesString a comma-delimited list of fully qualified 
class names.
   * @param classNamesList the list in which the class names will be stored.
@@ -264,12 +262,17 @@
  protected void parseClassNames(String classNamesString, List 
classNamesList) {
  classNamesList.clear();
  if (classNamesString == null) return;
- 
+
+ ClassLoader loader = this.getClass().getClassLoader();
+ if (isUseContextClassLoader())
+ loader = Thread.currentThread().getContextClassLoader();
+
  String[] classNames = classNamesString.split("[ ]*,[ ]*");
  for (int i=0; ijava.security.Principal.
- * When this accessor is called (for example, by a Digester
- * instance parsing the
- * configuration file), it will parse the class names and store the 
resulting
- * string(s) into the ArrayList field 
userClasses.
- */
+  * Sets the list of comma-delimited classes that represent individual
+  * users. The classes in the list must implement
+  * java.security.Principal. The supplied list of classes will
+  * be parsed when [EMAIL PROTECTED] #start()} is called.
+  */
 public void setUserClassNames(String userClassNames) {
 this.userClassNames = userClassNames;
-parseClassNames(userClassNames, userClasses);
 }
 
 
@@ -335,9 +335,10 @@
 // What if the LoginModule is in the container class loader ?
 ClassLoader ocl = null;
 
-if (isUseContextClassLoader()) {
-  ocl=Thread.currentThread().getContextClassLoader();
-  
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+if (!isUseContextClassLoader()) {
+  ocl = Thread.currentThread().getContextClassLoader();
+  Thread.currentThread().setContextClassLoader(
+  this.getClass().getClassLoader());
 }
 
 try {
@@ -348,7 +349,7 @@
 log.error(sm.getString("jaasRealm.unexpectedError"), e);
 return (null);
 } finally {
-if( isUseContextClassLoader()) {
+if(!isUseContextClassLoader()) {
   Thread.currentThread().setContextClassLoader(ocl);
 }
 }
@@ -462,9 +463,9 @@
 Principal userPrincipal = null;
 
 // Scan the Principals for this Subject
-Iterator principals = subject.getPrincipals().iterator();
+Iterator principals = subject.getPrincipals().iterator();
 while (principals.hasNext()) {
-Principal principal = (Principal) principals.next();
+Principal principal = principals.next();
 
 String principalClass = principal.getClass().getName();
 
@@ -547,6 +548,10 @@
 // Perform normal superclass initialization
 super.start();
 
+// These need to be called after loading configuration, in case
+// useContextClassLoader appears after them in xml config
+parseClassNames(userClassNames, userClasses);
+parseClassNames(roleClassNames, roleClasses);
 }
 
 



--

svn commit: r606622 - /tomcat/tc6.0.x/trunk/STATUS.txt

[markt]

Author: markt
Date: Sun Dec 23 13:57:45 2007
New Revision: 606622

URL: http://svn.apache.org/viewvc?rev=606622&view=rev
Log:
Propose fix for 44084

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606622&r1=606621&r2=606622&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 13:57:45 2007
@@ -41,3 +41,9 @@
   http://svn.apache.org/viewvc?rev=606594&view=rev
   +1: markt
   -1:
+
+* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=44084
+  JASSRealm is broken for application provided Principals
+  http://svn.apache.org/viewvc?rev=606621&view=rev
+  +1: markt
+  -1: 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606623 - /tomcat/current/tc5.5.x/STATUS.txt

[markt]

Author: markt
Date: Sun Dec 23 13:57:51 2007
New Revision: 606623

URL: http://svn.apache.org/viewvc?rev=606623&view=rev
Log:
Propose fix for 44084

Modified:
tomcat/current/tc5.5.x/STATUS.txt

Modified: tomcat/current/tc5.5.x/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=606623&r1=606622&r2=606623&view=diff
==
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Sun Dec 23 13:57:51 2007
@@ -158,3 +158,9 @@
   http://svn.apache.org/viewvc?rev=606594&view=rev
   +1: markt
   -1:
+
+* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=44084
+  JASSRealm is broken for application provided Principals
+  http://svn.apache.org/viewvc?rev=606621&view=rev
+  +1: markt
+  -1: 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44084] - JAASRealm useContextClassLoader has problems

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44084





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 13:58 ---
Fixed in trunk and proposed for the next releases of 5.5.x and 6.0.x

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606624 - /tomcat/connectors/trunk/jni/CHANGELOG.txt

[markt]

Author: markt
Date: Sun Dec 23 14:00:52 2007
New Revision: 606624

URL: http://svn.apache.org/viewvc?rev=606624&view=rev
Log:
Set standard properties

Modified:
tomcat/connectors/trunk/jni/CHANGELOG.txt   (props changed)

Propchange: tomcat/connectors/trunk/jni/CHANGELOG.txt
--
svn:eol-style = native

Propchange: tomcat/connectors/trunk/jni/CHANGELOG.txt
--
svn:keywords = Author Date Id Revision



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606630 - /tomcat/connectors/trunk/jni/jnirelease.sh

[markt]

Author: markt
Date: Sun Dec 23 14:42:31 2007
New Revision: 606630

URL: http://svn.apache.org/viewvc?rev=606630&view=rev
Log:
Fix 44131. Include change log in dist. Patch by Ville Skyttä.

Modified:
tomcat/connectors/trunk/jni/jnirelease.sh

Modified: tomcat/connectors/trunk/jni/jnirelease.sh
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/jnirelease.sh?rev=606630&r1=606629&r2=606630&view=diff
==
--- tomcat/connectors/trunk/jni/jnirelease.sh (original)
+++ tomcat/connectors/trunk/jni/jnirelease.sh Sun Dec 23 14:42:31 2007
@@ -62,6 +62,7 @@
 svn cat $SVNBASE/${JKJNIEXT}/KEYS > ${JKJNIDIST}/KEYS
 svn cat $SVNBASE/${JKJNIEXT}/LICENSE > ${JKJNIDIST}/LICENSE
 svn cat $SVNBASE/${JKJNIEXT}/NOTICE > ${JKJNIDIST}/NOTICE
+svn cat $SVNBASE/${JKJNIEXT}/jni/CHANGELOG.txt > ${JKJNIDIST}/CHANGELOG.txt
 svn cat $SVNBASE/${JKJNIEXT}/jni/NOTICE.txt > ${JKJNIDIST}/NOTICE.txt
 svn cat $SVNBASE/${JKJNIEXT}/jni/README.txt > ${JKJNIDIST}/README.txt
 #
@@ -80,6 +81,7 @@
 svn cat $SVNBASE/${JKJNIEXT}/KEYS > ${JKJNIDIST}/KEYS
 svn cat $SVNBASE/${JKJNIEXT}/LICENSE > ${JKJNIDIST}/LICENSE
 svn cat $SVNBASE/${JKJNIEXT}/NOTICE > ${JKJNIDIST}/NOTICE
+svn cat $SVNBASE/${JKJNIEXT}/jni/CHANGELOG.txt > ${JKJNIDIST}/CHANGELOG.txt
 svn cat $SVNBASE/${JKJNIEXT}/jni/NOTICE.txt > ${JKJNIDIST}/NOTICE.txt
 svn cat $SVNBASE/${JKJNIEXT}/jni/README.txt > ${JKJNIDIST}/README.txt
 zip -9rqo ${JKJNIDIST}.zip ${JKJNIDIST}



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44131] - [PATCH] Include CHANGELOG.txt in tomcat-native distributables

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44131


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 14:44 ---
Fixed in svn and will be in the next release. Many thanks for the patch.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44122] - Windows startup script problem

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44122


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||WORKSFORME




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 14:53 ---
This works for me with:
- Server 2003 Ent SP2 + latest updates
- JDK 1.6.0_03
- Tomcat 6.0.14

I can only assume there is something odd about your environment that requires
this fix.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44096] - Find invalid session object.

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44096





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 14:56 ---
Is this when accessing Tomcat directly or is via the AJP connector?

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606633 - /tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java

[markt]

Author: markt
Date: Sun Dec 23 15:07:48 2007
New Revision: 606633

URL: http://svn.apache.org/viewvc?rev=606633&view=rev
Log:
Fix bug 44088. Expire button didn't work. Patch by Ben Short.

Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java

Modified: tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=606633&r1=606632&r2=606633&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Sun 
Dec 23 15:07:48 2007
@@ -981,7 +981,7 @@
 " \n" +
 "  \n" +
 "  \n" +
-"    {10}  {12} \n" +
+"    {10}  {12} \n" +
 "  \n" +
 "  \n" +
 " \n" +
@@ -1000,7 +1000,7 @@
 " \n" +
 "  \n" +
 "  \n" +
-"    {10}  {12} \n" +
+"    {10}  {12} \n" +
 "  \n" +
 "  \n" +
 " \n" +



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606634 - /tomcat/tc6.0.x/trunk/STATUS.txt

[markt]

Author: markt
Date: Sun Dec 23 15:09:08 2007
New Revision: 606634

URL: http://svn.apache.org/viewvc?rev=606634&view=rev
Log:
Propose fix for 44088

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606634&r1=606633&r2=606634&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 15:09:08 2007
@@ -47,3 +47,9 @@
   http://svn.apache.org/viewvc?rev=606621&view=rev
   +1: markt
   -1: 
+
+* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=44088
+  Expire button on Manager web page doesn't work
+  http://svn.apache.org/viewvc?rev=606633&view=rev
+  +1: markt
+  -1: 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44088] - Cannot expire session via html manager webapp

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44088





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 15:09 ---
Fixed in trunk and proposed for 6.0.x

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44086] - Bad errror reporting for abstract class as servlet

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44086


[EMAIL PROTECTED] changed:

   What|Removed |Added

   Severity|minor   |enhancement
 Status|NEW |RESOLVED
 Resolution||WONTFIX




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 15:30 ---
In addition to the error in the logs you quote above this is reported:
 - In the error page when you try and access the servlet
 - Additional log information is provided if debug logging is enabled

There is a balance to strike between stopping a user shooting themselves in the
foot and keeping the code clean. In this case, there is plenty of logging
provided and I don't see a need to do anything further.

If you do feel strongly about this then feel free to re-open this issue and
submit a patch (attach it to this issue) for consideration.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44040] - reproducible failure in TC 6.0.14 logging

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44040


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 15:37 ---
As per http://tomcat.apache.org/tomcat-6.0-doc/logging.html, if you want to use
log4j you need to use output/extras/tomcat-juli.jar and
output/extras/tomcat-juli-adapters.jar

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44017] - if an inesting host is mentioned in server.xml, warn!

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44017


[EMAIL PROTECTED] changed:

   What|Removed |Added

   Severity|normal  |enhancement
 Status|NEW |RESOLVED
 Resolution||WONTFIX




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 15:46 ---
You are confusing the address attribute of the connector and the name attribute
of the host.

I don't see what can easily be done to detect this sort of configuration error.
If you have a suggestion for a code change feel free to re-open this report and
provide a patch.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44096] - Find invalid session object.

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44096





--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 17:18 ---
(In reply to comment #1)
> Is this when accessing Tomcat directly or is via the AJP connector?
Access tomcat directly.



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r606649 - /tomcat/tc6.0.x/trunk/STATUS.txt

[funkman]

Author: funkman
Date: Sun Dec 23 17:21:10 2007
New Revision: 606649

URL: http://svn.apache.org/viewvc?rev=606649&view=rev
Log:
votes

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=606649&r1=606648&r2=606649&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 23 17:21:10 2007
@@ -39,17 +39,17 @@
 * Fix CVE-2007-5342
   JULI permissions need to be restricted
   http://svn.apache.org/viewvc?rev=606594&view=rev
-  +1: markt
+  +1: markt,funkman
   -1:
 
 * Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=44084
   JASSRealm is broken for application provided Principals
   http://svn.apache.org/viewvc?rev=606621&view=rev
-  +1: markt
+  +1: markt,funkman
   -1: 
 
 * Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=44088
   Expire button on Manager web page doesn't work
   http://svn.apache.org/viewvc?rev=606633&view=rev
-  +1: markt
+  +1: markt,funkman
   -1: 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 44122] - Windows startup script problem

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44122


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|WORKSFORME  |




--- Additional Comments From [EMAIL PROTECTED]  2007-12-23 19:30 ---
But the patch is simple and will not break anything.
At the same time it will fix some "odd environments" for users which do not have
enough experience to make the same investigation as I did on silently exit 
script..

So why not to apply the patch?

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Denis LULLIER/Paris est absent(e).

[dlullier]

Je serai absent(e) du  24/12/2007 au 31/12/2007.

Je répondrai à votre message dès mon retour. En cas d'urgence, vous pouvez
contacter Christine DUHAU

Bug report for Tomcat 3 [2007/12/23]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
| 2350|Ver|Nor|2001-06-27|ServletConfig.getInitParameter() requires url-patt|
| 5331|Ass|Nor|2001-12-09|getPathInfo vs URL normalization  |
| 6027|Inf|Maj|2002-01-25|Tomcat  Automatically shuts down as service   |
| 6488|Ver|Maj|2002-02-15|Error: 304. Apparent bug in default ErrorHandler c|
| 7785|Inf|Blk|2002-04-06|tomcat bug in context reloading   |
| 7863|Inf|Maj|2002-04-09|I have a problem when running Tomcat with IIS |
| 8187|Inf|Cri|2002-04-17|Errors when Tomcat used with MS Access database   |
| 9737|Ver|Nor|2002-06-10|ArrayIndexOutOfBoundsException when sending just p|
|10047|Ass|Cri|2002-06-20|IllegalStateException |
|10406|Ass|Cri|2002-07-02|IllegalStateException |
|11087|Inf|Blk|2002-07-23|IllegalStateException |
|12156|Inf|Cri|2002-08-29|Apache and Tomcat 3.3.1 Interworking problem  |
|16363|Ass|Cri|2003-01-23|Stack Overflow accessing compiled JSP - Tomcat 3.2|
|39250|Inf|Cri|2006-04-07|Tomcat 3.2.1 + JDK 1.4|
+-+---+---+--+--+
| Total   14 bugs   |
+---+

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Bug report for Watchdog [2007/12/23]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|  278|Unc|Nor|2000-12-04|Bug in GetParameterValuesTestServlet.java file Bug|
|  279|Unc|Nor|2000-12-04|Logical Error in GetParameterValuesTestServlet Bug|
|  469|Unc|Nor|2001-01-17|in example-taglib.tld "urn" should be "uri" BugRat|
|  470|Unc|Nor|2001-01-17|FAIL positiveForward.jsp and positiveInclude.jsp B|
| 9634|New|Enh|2002-06-05|No tests exist for ServletContext.getResourcePaths|
|10703|New|Enh|2002-07-11|Need to test getRequestURI after RequestDispatcher|
|11336|New|Enh|2002-07-31|Test wrapped path methods with RD.foward()|
|11663|New|Maj|2002-08-13|JSP precompile tests rely on Jasper specific behav|
|11664|New|Maj|2002-08-13|A sweep is needed of all Watchdog 4.0 tag librarie|
|11665|New|Maj|2002-08-13|ServletToJSPErrorPageTest and ServletToServletErro|
|11666|New|Maj|2002-08-13|SetBufferSize_1TestServlet is invalid.|
|14004|New|Maj|2002-10-28|Incorrent behaviour of all attribute-related lifec|
|15504|New|Nor|2002-12-18|JSP positiveGetValues test relies on order preserv|
|24649|New|Nor|2003-11-12|getRemoteHost fails when agent has uppercase chara|
|29398|New|Nor|2004-06-04|Update site and note current status   |
+-+---+---+--+--+
| Total   15 bugs   |
+---+

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Bug report for Tomcat 5 [2007/12/23]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|27122|Opn|Enh|2004-02-20|IE plugins cannot access components through Tomcat|
|28039|Opn|Enh|2004-03-30|Cluster Support for SingleSignOn  |
|29160|Ver|Enh|2004-05-23|precompile problem: _jspx_meth_* (javax.servlet.js|
|29494|Inf|Enh|2004-06-10|No way to set PATH when running as a service on Wi|
|29936|Opn|Blk|2004-07-06|XML parser loading problems by container  |
|30241|Ver|Enh|2004-07-21|Enhance build script to use branch argument when c|
|31257|Opn|Cri|2004-09-16|java.endorsed.dirs is not used when JSP compilatio|
|33262|Inf|Enh|2005-01-27|Service Manager autostart should check for adminis|
|33453|Opn|Enh|2005-02-08|Jasper should recompile JSP files whose datestamps|
|33650|Inf|Enh|2005-02-19|Jasper performance for multiple files processing  |
|33671|Opn|Enh|2005-02-21|Manual Windows service installation with custom na|
|34801|New|Enh|2005-05-08|PATCH: CGIServlet does not terminate child after a|
|34805|Ass|Enh|2005-05-08|warn about invalid security constraint url pattern|
|34868|Ass|Enh|2005-05-11|allow to register a trust store for a session that|
|35054|Inf|Enh|2005-05-25|warn if appBase is not existing as a File or direc|
|35869|Inf|Enh|2005-07-26|Can't run as a service on Windows Server 2003 64-B|
|36133|Inf|Enh|2005-08-10|Support JSS SSL implementation|
|36169|New|Enh|2005-08-12|[PATCH] Enable chunked encoding for requests in II|
|36362|New|Enh|2005-08-25|missing check for Java reserved keywords in tag fi|
|36569|Inf|Enh|2005-09-09|Redirects produce illegal URL's   |
|36837|Inf|Enh|2005-09-28|Looking for ProxyHandler implementation of Http re|
|36922|Inf|Enh|2005-10-04|setup.sh file mis-advertised and missing  |
|36923|New|Nor|2005-10-05|Deactivated EL expressions are not parsed for jsp |
|37018|Ass|Enh|2005-10-11|Document how to use tomcat-SSL with a pkcs11 token|
|37084|Opn|   |2005-10-14|JspC from ant fails on JSPs that use custom taglib|
|37334|Inf|Enh|2005-11-02|Realm digest property not aligned with the adminis|
|37449|Opn|Enh|2005-11-10|Two UserDatabaseRealm break manager user  |
|37485|Inf|Enh|2005-11-14|I'd like to run init SQL after JDBC Connection cre|
|37498|Inf|Nor|2005-11-14|[PATCH] NPE in org.apache.catalina.core.ContainerB|
|37515|Inf|Nor|2005-11-15|smap not generated by JspC when used from Ant for |
|37627|Opn|Nor|2005-11-24|Slow and incomplete dynamic content generation aft|
|37785|Inf|Nor|2005-12-05|Changing startup type via Tomcat Monitor does not |
|37794|Opn|Nor|2005-12-05|getParameter() fails on POST with transfer-encodin|
|37797|Inf|Maj|2005-12-05|Configure Tomcat utility truncates classpath to 96|
|37822|Opn|Nor|2005-12-07|WebappClassLoader interfering with Catalina core c|
|37847|Ass|Enh|2005-12-09|Allow User To Optionally Specify Catalina Output F|
|37869|Opn|Nor|2005-12-12|Cannot obtain client certificate with SSL / client|
|37918|Inf|Nor|2005-12-15|EL cannot find valid getter from object when using|
|37984|New|Nor|2005-12-21|JNDIRealm.java not able to handle MD5 password|
|38001|Inf|Nor|2005-12-22|TruncatedClassFile when loadind applets   |
|38046|Ass|   |2005-12-27|apache-tomcat-5.5.14-deployer doesn't work (Illega|
|38131|New|Enh|2006-01-05|WatchedResource does not work if app is outside "w|
|38197|Opn|Maj|2006-01-09|taglib pool bug when tag is used with jsp:attribut|
|38216|Inf|Enh|2006-01-10|Extend Jmxproxy to allow call of MBean Operations |
|38268|Inf|Enh|2006-01-13|User friendly: Need submit button on adding/deleti|
|38352|Inf|Nor|2006-01-22|Additional Entries for Default catalina.policy fil|
|38360|Inf|Enh|2006-01-24|Domain for session cookies|
|38367|Inf|Nor|2006-01-24|Executing any Catalina Ant task results in an exce|
|38372|Inf|Cri|2006-01-25|tcnative-1.dll response overflow corruption, parti|
|38427|Inf|Nor|2006-01-27|ServletContextListener Notified Multiple Times Whe|
|38483|Inf|Nor|2006-02-01|access log valve uses simpledateformat in tread-un|
|38484|

Bug report for Tomcat 4 [2007/12/23]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
| 3839|Opn|Enh|2001-09-26|Problem bookmarking login page|
| 4227|Opn|Enh|2001-10-17|Invalid CGI path  |
| 5329|New|Enh|2001-12-08|NT Service exits startup before Tomcat is finished|
| 5795|New|Enh|2002-01-10|Catalina Shutdown relies on localhost causing prob|
| 5829|New|Enh|2002-01-13|StandardManager needs to cope with sessions throwi|
| 5985|New|Enh|2002-01-23|Tomcat should perform a more restrictive validatio|
| 6600|Opn|Enh|2002-02-20|enodeURL adds 'jsession' when 'isRequestedSessionI|
| 6614|New|Enh|2002-02-21|Have Bootstrap and StandardClassLoader use the sam|
| 6671|New|Enh|2002-02-25|Simple custom tag example uses old declaration sty|
| 7043|New|Enh|2002-03-12|database user and password for JDBC Based Store   |
| 7374|New|Enh|2002-03-22|Apache Tomcat/4.0.1 message on standard output|
| 7676|New|Enh|2002-04-02|Allow name property to use match experssions in  without className in server.xml produces N|
|11069|Opn|Enh|2002-07-23|Tomcat not flag error if tld is outside of /WEB-IN|
|11129|New|Enh|2002-07-24|New valve for putting the sessionIDs in the reques|
|11248|New|Enh|2002-07-29|DefaultServlet doesn't send expires header|
|11754|Opn|Enh|2002-08-15|Synchronous shutdown script - shutdown.sh should w|
|12069|New|Enh|2002-08-27|Creation of more HttpSession objects for one previ|
|12428|Opn|Enh|2002-09-09|request.getUserPrincipal(): Misinterpretation of s|
|12658|New|Enh|2002-09-15|a proxy host and port at the  element level |
|12766|New|Enh|2002-09-18|Tomcat should use tld files in /WEB-INF/ over vers|
|13309|Opn|Enh|2002-10-04|Catalina calls System.exit()  |
|13634|New|Enh|2002-10-15|Allowing system properties to be substituted in co|
|13689|Opn|Enh|2002-10-16|Classloader paths for 'Common' classes and librari|
|13731|New|Enh|2002-10-17|Final request, response, session and other variabl|
|13941|New|Enh|2002-10-24|reload is VERY slow   |
|13965|New|Enh|2002-10-25|Catalina.sh correction request for Tru64 Unix |
|14097|New|Enh|2002-10-30|hardcoded registry value for vm lets tomcat servic|
|14416|New|Enh|2002-11-10|blank tag name in TLD cause NullPointerException  |
|14635|New|Enh|2002-11-18|Should be possible not to have -MM-DD in log f|
|14766|New|Enh|2002-11-22|Redirect Vavle|
|14993|New|Enh|2002-12-02|Possible obselete synchronized declaration|
|15115|New|Enh|2002-12-05|correct docs... XML parser *cannot* be overridden |
|15417|Opn|Enh|2002-12-16|Add port for forced compilation of JSP pages  |
|15688|New|Enh|2002-12-27|full-qualified names instead of imports   |
|15941|New|Enh|2003-01-10|Expose rootCause exceptions at deeper levels  |
|16294|New|Enh|2003-01-21|Configurable URL Decoding.|
|16357|New|Enh|2003-01-23|"connection timeout reached"  |
|16531|New|Enh|2003-01-29|Updating already deployed ".war" files in a single|
|16579|New|Enh|2003-01-30|documentation page layout/style breaks wrapping to|
|16596|New|Enh|2003-01-30|option for disabling log rotation |
|17070|New|Enh|2003-02-14|The Catalina Ant tasks do not allow for 'reusable'|
|17146|New|Enh|2003-02-18|Simplify build.xml using