Re: [VOTE] Release tc-native 1.1.15
[ ] Broken [ ] Alpha [ ] Beta [X] Stable (built and tested on Linux PPC) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] Release tc-native 1.1.15
Works for me :-) Test with MAX OS X 10.4.11 APR 1.3.3 Openssl 0.9.8h Am 08.09.2008 um 14:11 schrieb jean-frederic clere: The candidates binaries are available here: http://people.apache.org/~jfclere/tcnative/v1.1.15/ According to the release process, the 1.1.15 tag is: [ ] Broken [ ] Alpha [ ] Beta [x ] Stable Cheers Jean-Frederic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r693412 - /tomcat/current/tc4.1.x/STATUS.txt
Author: markt Date: Tue Sep 9 02:56:19 2008 New Revision: 693412 URL: http://svn.apache.org/viewvc?rev=693412&view=rev Log: Remove backport proposal from TC4. TC5 and TC4 share the same conector code so this only needs backporting in TC5. Modified: tomcat/current/tc4.1.x/STATUS.txt Modified: tomcat/current/tc4.1.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc4.1.x/STATUS.txt?rev=693412&r1=693411&r2=693412&view=diff == --- tomcat/current/tc4.1.x/STATUS.txt (original) +++ tomcat/current/tc4.1.x/STATUS.txt Tue Sep 9 02:56:19 2008 @@ -25,12 +25,3 @@ PATCHES PROPOSED TO BACKPORT: [ New proposals should be added at the end of the list ] -* Fix redirect loop when using URIEncoding="UTF-8" - http://svn.apache.org/viewvc?rev=688857&view=rev - See also: http://marc.info/?t=12196780334&r=1&w=2 - I didn't yet check, if the loop actually happens - for TC 4.1.x, but I propose to keep the CoyoteAdapter - code consistent. - +1: rjung - -1:ยท - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45771] New: Need updated el-ri.jar and el-api.jar
https://issues.apache.org/bugzilla/show_bug.cgi?id=45771 Summary: Need updated el-ri.jar and el-api.jar Product: Tomcat 6 Version: unspecified Platform: PC OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Servlet & JSP API AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The version included is 2 years old and does not include the latest functionality to allow for Factorization of ExpressionFactory. Looks like the code for getting an ExpressionFactory via a Factory was added in revision 1.6 of ExpressionFactory: http://fisheye5.cenqua.com/browse/~raw,r=1.6/glassfish/servlet-api/src/jsr245/src/share/javax/el/ExpressionFactory.java Whereas the version of ExpressionFactory included in JBoss/Tomcat is as old or older than rev 1.5 which is 2 years old: http://fisheye5.cenqua.com/browse/~raw,r=1.5/glassfish/servlet-api/src/jsr245/src/share/javax/el/ExpressionFactory.java which doesn't include the Factory Code. See http://java.sun.com/javaee/5/docs/api/ under ExpressionFactory for the new methods. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn propchange: r673834 - svn:log
Author: markt Revision: 673834 Modified property: svn:log Modified: svn:log at Tue Sep 9 07:04:32 2008 -- --- svn:log (original) +++ svn:log Tue Sep 9 07:04:32 2008 @@ -1,3 +1,4 @@ Make filtering of \r and \n in headers consistent for all connectors. Make handling of 404s consistent across components. Provide option to include custom status message in headers. SRV.5.3 suggests custom messages are intended for the body of the response, not the status line. +This is the security fix for CVE-2008-1232. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn propchange: r680947 - svn:log
Author: markt Revision: 680947 Modified property: svn:log Modified: svn:log at Tue Sep 9 07:14:33 2008 -- --- svn:log (original) +++ svn:log Tue Sep 9 07:14:33 2008 @@ -1,4 +1,5 @@ -Port r673834 to 5.5.x +Port r673834 to 5.5.x/4.1.x Make filtering of \r and \n in headers consistent for all connectors. Make handling of 404s consistent across components. Provide option to include custom status message in headers. SRV.5.3 suggests custom messages are intended for the body of the response, not the status line. +This is the security fix for CVE-2008-1232. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45771] Missing ExpressionFactory.newInstance methods
https://issues.apache.org/bugzilla/show_bug.cgi?id=45771 Remy Maucherat <[EMAIL PROTECTED]> changed: What|Removed |Added Summary|Need updated el-ri.jar and |Missing |el-api.jar |ExpressionFactory.newInstanc ||e methods -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45710] FormAuthenticator - Request Parameters are lost after authentication
https://issues.apache.org/bugzilla/show_bug.cgi?id=45710 --- Comment #2 from Kamal <[EMAIL PROTECTED]> 2008-09-09 09:23:53 PST --- Thanks Mark. I found the problem with my code where we retrieve the Jsessionid using an URL (that does include parameters) and the first request after the Jsessionid (authenticated using j_security_check) includes the parameters. Obviously, the request URLs are different now and the Tomcat 5.5 restores the URL (redirect Location) with no parameters that was used to retrieve the Jsessionid from the server. In short, the approach I used is as follows (might help others looking for a solution) App A uses Form Authentication 1) Call the App A (running in Server 1) through URL (say with parameters) from App B (running in server 2) 2) The server returns the response with Jsessionid (iterate the headers/cookies to retrieve one) 3) Append the Jsessionid to the j_security_check along with username/password and the response header returns the same Jsessionid (authenticated by server) 4) Now, call the App A again with the same URL we used in Step 1. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
