svn commit: r664483 - in /tomcat/trunk/java/org/apache/jasper: security/SecurityUtil.java servlet/JspServlet.java
Author: markt
Date: Sun Jun 8 04:30:44 2008
New Revision: 664483
URL: http://svn.apache.org/viewvc?rev=664483&view=rev
Log:
Add an additional layer of protection in case app fails to protect against an
XSS.
Copied filter code to jasper module so no new dependency is created.
Modified:
tomcat/trunk/java/org/apache/jasper/security/SecurityUtil.java
tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityUtil.java?rev=664483&r1=664482&r2=664483&view=diff
==
--- tomcat/trunk/java/org/apache/jasper/security/SecurityUtil.java (original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityUtil.java Sun Jun 8
04:30:44 2008
@@ -40,5 +40,42 @@
return false;
}
-
+
+/**
+ * Filter the specified message string for characters that are sensitive
+ * in HTML. This avoids potential attacks caused by including JavaScript
+ * codes in the request URL that is often reported in error messages.
+ *
+ * @param message The message string to be filtered
+ */
+public static String filter(String message) {
+
+if (message == null)
+return (null);
+
+char content[] = new char[message.length()];
+message.getChars(0, message.length(), content, 0);
+StringBuffer result = new StringBuffer(content.length + 50);
+for (int i = 0; i < content.length; i++) {
+switch (content[i]) {
+case '<':
+result.append("<");
+break;
+case '>':
+result.append(">");
+break;
+case '&':
+result.append("&");
+break;
+case '"':
+result.append(""");
+break;
+default:
+result.append(content[i]);
+}
+}
+return (result.toString());
+
+}
+
}
Modified: tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java?rev=664483&r1=664482&r2=664483&view=diff
==
--- tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java (original)
+++ tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java Sun Jun 8
04:30:44 2008
@@ -35,6 +35,7 @@
import org.apache.jasper.Options;
import org.apache.jasper.compiler.JspRuntimeContext;
import org.apache.jasper.compiler.Localizer;
+import org.apache.jasper.security.SecurityUtil;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -311,8 +312,12 @@
if (includeRequestUri != null) {
// This file was included. Throw an exception as
// a response.sendError() will be ignored
-throw new ServletException(Localizer.getMessage(
-"jsp.error.file.not.found",jspUri));
+String msg = Localizer.getMessage(
+"jsp.error.file.not.found",jspUri);
+// Strictly, filtering this is an application
+// responsibility but just in case...
+throw new ServletException(
+SecurityUtil.filter(msg));
} else {
try {
response.sendError(
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r664485 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sun Jun 8 04:37:18 2008 New Revision: 664485 URL: http://svn.apache.org/viewvc?rev=664485&view=rev Log: Propose enhancement for XSS protection Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=664485&r1=664484&r2=664485&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Jun 8 04:37:18 2008 @@ -108,3 +108,9 @@ http://svn.apache.org/viewvc?rev=664345&view=rev +1: markt -1: + +* Provide belt and braces XSS protection. Really an app responsbility but worth + protecting against in case the app forgets. + http://svn.apache.org/viewvc?rev=664483&view=rev + +1: markt + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r664486 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/core/StandardContextValve.java
Author: markt
Date: Sun Jun 8 04:45:24 2008
New Revision: 664486
URL: http://svn.apache.org/viewvc?rev=664486&view=rev
Log:
Further fix for 43683 - use the new class loader after a context reload
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContextValve.java
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=664486&r1=664485&r2=664486&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Jun 8 04:45:24 2008
@@ -81,13 +81,6 @@
+1: remm, jfclere
-1:
-* Further fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=43683
- Reloaded context has new classloader so the context classloader needs to
- be reset
- http://svn.apache.org/viewvc?rev=661074&view=rev
- +1: markt, remm, pero
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45101
Format header dates obtained from DirContextURLConnection as per HTTP spec
Patch provided by Chris Hubick
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContextValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContextValve.java?rev=664486&r1=664485&r2=664486&view=diff
==
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContextValve.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContextValve.java
Sun Jun 8 04:45:24 2008
@@ -126,7 +126,9 @@
}
// Wait if we are reloading
+boolean reloaded = false;
while (context.getPaused()) {
+reloaded = true;
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
@@ -134,6 +136,15 @@
}
}
+// Reloading will have stopped the old webappclassloader and
+// created a new one
+if (reloaded &&
+context.getLoader() != null &&
+context.getLoader().getClassLoader() != null) {
+Thread.currentThread().setContextClassLoader(
+context.getLoader().getClassLoader());
+}
+
// Select the Wrapper to be used for this Request
Wrapper wrapper = request.getWrapper();
if (wrapper == null) {
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 43683] Accessing Servlet while Reloading context gives 404 error
https://issues.apache.org/bugzilla/show_bug.cgi?id=43683 --- Comment #12 from Mark Thomas <[EMAIL PROTECTED]> 2008-06-08 04:51:26 PST --- The classloader fix has been applied to 6.0.x and will be in 6.0.17. I'll take a look at the remaining issues. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r664494 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml
Author: markt
Date: Sun Jun 8 05:49:50 2008
New Revision: 664494
URL: http://svn.apache.org/viewvc?rev=664494&view=rev
Log:
Fix 42934. Change the order of events on context start so
contextInitialized() event is fired before sessionDidActivate(). The spec isn't
100% clear on the required order but this seems more logical than the current
behaviour.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=664494&r1=664493&r2=664494&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Jun 8 05:49:50 2008
@@ -88,14 +88,6 @@
+1: markt, remm (but there's downside as naming now depends on the utils)
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42934
- Change the order of events on context start so contextInitialized() event is
- fired before sessionDidActivate(). The spec isn't 100% clear on the required
- order but this seems more logical than the current behaviour.
- http://svn.apache.org/viewvc?rev=654932&view=rev
- +1: markt, remm, pero
- -1:
-
* Enhancement https://issues.apache.org/bugzilla/show_bug.cgi?id=45155
Provide a workaround to a buggy MS WebDAV client.
http://svn.apache.org/viewvc?rev=664345&view=rev
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java?rev=664494&r1=664493&r2=664494&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java Sun
Jun 8 05:49:50 2008
@@ -4278,14 +4278,6 @@
}
-// Start manager
-if ((manager != null) && (manager instanceof Lifecycle)) {
-((Lifecycle) getManager()).start();
-}
-
-// Start ContainerBackgroundProcessor thread
-super.threadStart();
-
mainOk = true;
}
@@ -4345,13 +4337,28 @@
lifecycle.fireLifecycleEvent(AFTER_START_EVENT, null);
}
-// Configure and call application event listeners and filters
+// Configure and call application event listeners
if (ok) {
if (!listenerStart()) {
log.error( "Error listenerStart");
ok = false;
}
}
+
+try {
+// Start manager
+if ((manager != null) && (manager instanceof Lifecycle)) {
+((Lifecycle) getManager()).start();
+}
+
+// Start ContainerBackgroundProcessor thread
+super.threadStart();
+} catch(Exception e) {
+log.error("Error manager.start()", e);
+ok = false;
+}
+
+// Configure and call application filters
if (ok) {
if (!filterStart()) {
log.error( "Error filterStart");
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=664494&r1=664493&r2=664494&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Jun 8 05:49:50 2008
@@ -50,6 +50,13 @@
using the webapp class loader when we create them. (markt)
+42934: Change the order of events on context start so
+contextInitialized() event is fired before
+sessionDidActivate(). The spec isn't 100% clear on the
+required order but this seems more logical than the current behaviour.
+(markt)
+
+
43079: Fix identification of suspicious URL patterns. Patch
provided by John Kew. (markt)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 42934] sessionDidActivate() called before contextInitialized()
https://issues.apache.org/bugzilla/show_bug.cgi?id=42934 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #14 from Mark Thomas <[EMAIL PROTECTED]> 2008-06-08 05:51:14 PST --- This has been committed to 6.0.x and will be in 6.0.17 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45156] Symbol not found: _open$UNIX2003
https://issues.apache.org/bugzilla/show_bug.cgi?id=45156 --- Comment #2 from Holger Thurow <[EMAIL PROTECTED]> 2008-06-08 21:54:22 PST --- (In reply to comment #1) > Have you tried building this from the source? > Yes, after I tried installing it from the binary. Installing it from source was easy going. Thanks. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug report for Tomcat 3 [2008/06/08]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 2350|Ver|Nor|2001-06-27|ServletConfig.getInitParameter() requires url-patt| | 6488|Ver|Maj|2002-02-15|Error: 304. Apparent bug in default ErrorHandler c| | 9737|Ver|Nor|2002-06-10|ArrayIndexOutOfBoundsException when sending just p| |44911|Ass|Nor|2008-04-30|Test again from Chirag| +-+---+---+--+--+ | Total4 bugs | +---+ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug report for Watchdog [2008/06/08]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 278|Unc|Nor|2000-12-04|Bug in GetParameterValuesTestServlet.java file Bug| | 279|Unc|Nor|2000-12-04|Logical Error in GetParameterValuesTestServlet Bug| | 469|Unc|Nor|2001-01-17|in example-taglib.tld "urn" should be "uri" BugRat| | 470|Unc|Nor|2001-01-17|FAIL positiveForward.jsp and positiveInclude.jsp B| | 9634|New|Enh|2002-06-05|No tests exist for ServletContext.getResourcePaths| |10703|New|Enh|2002-07-11|Need to test getRequestURI after RequestDispatcher| |11336|New|Enh|2002-07-31|Test wrapped path methods with RD.foward()| |11663|New|Maj|2002-08-13|JSP precompile tests rely on Jasper specific behav| |11664|New|Maj|2002-08-13|A sweep is needed of all Watchdog 4.0 tag librarie| |11665|New|Maj|2002-08-13|ServletToJSPErrorPageTest and ServletToServletErro| |11666|New|Maj|2002-08-13|SetBufferSize_1TestServlet is invalid.| |14004|New|Maj|2002-10-28|Incorrent behaviour of all attribute-related lifec| |15504|New|Nor|2002-12-18|JSP positiveGetValues test relies on order preserv| |24649|New|Nor|2003-11-12|getRemoteHost fails when agent has uppercase chara| |29398|New|Nor|2004-06-04|Update site and note current status | +-+---+---+--+--+ | Total 15 bugs | +---+ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug report for Tomcat 4 [2008/06/08]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 3839|Opn|Enh|2001-09-26|Problem bookmarking login page| | 4227|Opn|Enh|2001-10-17|Invalid CGI path | | 5329|New|Enh|2001-12-08|NT Service exits startup before Tomcat is finished| | 5795|New|Enh|2002-01-10|Catalina Shutdown relies on localhost causing prob| | 5829|New|Enh|2002-01-13|StandardManager needs to cope with sessions throwi| | 5985|New|Enh|2002-01-23|Tomcat should perform a more restrictive validatio| | 6600|Opn|Enh|2002-02-20|enodeURL adds 'jsession' when 'isRequestedSessionI| | 6614|New|Enh|2002-02-21|Have Bootstrap and StandardClassLoader use the sam| | 6671|New|Enh|2002-02-25|Simple custom tag example uses old declaration sty| | 7043|New|Enh|2002-03-12|database user and password for JDBC Based Store | | 7374|New|Enh|2002-03-22|Apache Tomcat/4.0.1 message on standard output| | 7676|New|Enh|2002-04-02|Allow name property to use match experssions in without className in server.xml produces N| |11129|New|Enh|2002-07-24|New valve for putting the sessionIDs in the reques| |11248|New|Enh|2002-07-29|DefaultServlet doesn't send expires header| |11754|Opn|Enh|2002-08-15|Synchronous shutdown script - shutdown.sh should w| |12069|New|Enh|2002-08-27|Creation of more HttpSession objects for one previ| |12428|Opn|Enh|2002-09-09|request.getUserPrincipal(): Misinterpretation of s| |12658|New|Enh|2002-09-15|a proxy host and port at the element level | |12766|New|Enh|2002-09-18|Tomcat should use tld files in /WEB-INF/ over vers| |13309|Opn|Enh|2002-10-04|Catalina calls System.exit() | |13634|New|Enh|2002-10-15|Allowing system properties to be substituted in co| |13689|Opn|Enh|2002-10-16|Classloader paths for 'Common' classes and librari| |13731|New|Enh|2002-10-17|Final request, response, session and other variabl| |13941|New|Enh|2002-10-24|reload is VERY slow | |13965|New|Enh|2002-10-25|Catalina.sh correction request for Tru64 Unix | |14097|New|Enh|2002-10-30|hardcoded registry value for vm lets tomcat servic| |14416|New|Enh|2002-11-10|blank tag name in TLD cause NullPointerException | |14635|New|Enh|2002-11-18|Should be possible not to have -MM-DD in log f| |14766|New|Enh|2002-11-22|Redirect Vavle| |14993|New|Enh|2002-12-02|Possible obselete synchronized declaration| |15115|New|Enh|2002-12-05|correct docs... XML parser *cannot* be overridden | |15417|Opn|Enh|2002-12-16|Add port for forced compilation of JSP pages | |15688|New|Enh|2002-12-27|full-qualified names instead of imports | |15941|New|Enh|2003-01-10|Expose rootCause exceptions at deeper levels | |16294|New|Enh|2003-01-21|Configurable URL Decoding.| |16357|New|Enh|2003-01-23|"connection timeout reached" | |16531|New|Enh|2003-01-29|Updating already deployed ".war" files in a single| |16579|New|Enh|2003-01-30|documentation page layout/style breaks wrapping to| |16596|New|Enh|2003-01-30|option for disabling log rotation | |17070|New|Enh|2003-02-14|The Catalina Ant tasks do not allow for 'reusable'| |17146|New|Enh|2003-02-18|Simplify build.xml using
Bug report for Tomcat 5 [2008/06/08]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |27122|Opn|Enh|2004-02-20|IE plugins cannot access components through Tomcat| |28039|Opn|Enh|2004-03-30|Cluster Support for SingleSignOn | |29160|Ver|Enh|2004-05-23|precompile problem: _jspx_meth_* (javax.servlet.js| |29494|Inf|Enh|2004-06-10|No way to set PATH when running as a service on Wi| |29936|Opn|Blk|2004-07-06|XML parser loading problems by container | |30241|Ver|Enh|2004-07-21|Enhance build script to use branch argument when c| |31257|Opn|Cri|2004-09-16|java.endorsed.dirs is not used when JSP compilatio| |33262|Inf|Enh|2005-01-27|Service Manager autostart should check for adminis| |33453|Opn|Enh|2005-02-08|Jasper should recompile JSP files whose datestamps| |33650|Inf|Enh|2005-02-19|Jasper performance for multiple files processing | |33671|Opn|Enh|2005-02-21|Manual Windows service installation with custom na| |34526|Opn|Nor|2005-04-19|Truncated content in decompressed requests from mo| |34801|New|Enh|2005-05-08|PATCH: CGIServlet does not terminate child after a| |34805|Ass|Enh|2005-05-08|warn about invalid security constraint url pattern| |34868|Ass|Enh|2005-05-11|allow to register a trust store for a session that| |35054|Inf|Enh|2005-05-25|warn if appBase is not existing as a File or direc| |35959|Opn|Enh|2005-08-01|mod_jk not independant of UseCanonicalName| |36133|Inf|Enh|2005-08-10|Support JSS SSL implementation| |36169|New|Enh|2005-08-12|[PATCH] Enable chunked encoding for requests in II| |36362|New|Enh|2005-08-25|missing check for Java reserved keywords in tag fi| |36569|Inf|Enh|2005-09-09|Redirects produce illegal URL's | |36837|Inf|Enh|2005-09-28|Looking for ProxyHandler implementation of Http re| |36922|Inf|Enh|2005-10-04|setup.sh file mis-advertised and missing | |36923|New|Nor|2005-10-05|Deactivated EL expressions are not parsed for jsp | |37018|Ass|Enh|2005-10-11|Document how to use tomcat-SSL with a pkcs11 token| |37084|Opn|Reg|2005-10-14|JspC from ant fails on JSPs that use custom taglib| |37334|Inf|Enh|2005-11-02|Realm digest property not aligned with the adminis| |37449|Opn|Enh|2005-11-10|Two UserDatabaseRealm break manager user | |37458|Opn|Nor|2005-11-10|Datarace on org.apache.catalina.loader.WebappClass| |37485|Inf|Enh|2005-11-14|I'd like to run init SQL after JDBC Connection cre| |37498|Inf|Nor|2005-11-14|[PATCH] NPE in org.apache.catalina.core.ContainerB| |37515|Inf|Nor|2005-11-15|smap not generated by JspC when used from Ant for | |37627|Opn|Nor|2005-11-24|Slow and incomplete dynamic content generation aft| |37785|Inf|Nor|2005-12-05|Changing startup type via Tomcat Monitor does not | |37794|Opn|Nor|2005-12-05|getParameter() fails on POST with transfer-encodin| |37797|Inf|Maj|2005-12-05|Configure Tomcat utility truncates classpath to 96| |37847|Ass|Enh|2005-12-09|Allow User To Optionally Specify Catalina Output F| |37869|Opn|Nor|2005-12-12|Cannot obtain client certificate with SSL / client| |37918|Inf|Nor|2005-12-15|EL cannot find valid getter from object when using| |37984|New|Nor|2005-12-21|JNDIRealm.java not able to handle MD5 password| |38046|Ass|Reg|2005-12-27|apache-tomcat-5.5.14-deployer doesn't work (Illega| |38197|Opn|Maj|2006-01-09|taglib pool bug when tag is used with jsp:attribut| |38216|Inf|Enh|2006-01-10|Extend Jmxproxy to allow call of MBean Operations | |38217|Ver|Enh|2006-01-10|mention that private key password and keystore pas| |38268|Inf|Enh|2006-01-13|User friendly: Need submit button on adding/deleti| |38352|Inf|Nor|2006-01-22|Additional Entries for Default catalina.policy fil| |38360|Inf|Enh|2006-01-24|Domain for session cookies| |38367|Inf|Nor|2006-01-24|Executing any Catalina Ant task results in an exce| |38372|Inf|Cri|2006-01-25|tcnative-1.dll response overflow corruption, parti| |38427|Inf|Nor|2006-01-27|ServletContextListener Notified Multiple Times Whe| |38483|New|Nor|2006-02-01|access log valve uses simpledateformat in tread-un| |38484|
