DO NOT REPLY [Bug 47088] Default conf/server.xml needs addition to fix constant cpu usage with isapi_redirect.dll
https://issues.apache.org/bugzilla/show_bug.cgi?id=47088 Rainer Jung changed: What|Removed |Added Severity|blocker |normal -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: participate in tomcat 7
Where can I find petter Anas > Date: Thu, 23 Apr 2009 18:27:20 +0100 > From: ma...@apache.org > To: dev@tomcat.apache.org > Subject: Re: participate in tomcat 7 > > Anas Ahmed wrote: > > Hello all, > > my proposal about improve jmx for tomcat was rejected. > > but i'm desiring to participate in tomcat development. > > i want to ask if it possible to do the project without GSOC ? > > is the dev list can provide mentor to do this project in the summer? > > Absolutely. I think Peter expressed an interest in mentoring this project. > > Mark > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > _ Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009
Re: participate in tomcat 7
Anas Ahmed wrote: Where can I find petter Ask the question(s) here, Peter may answer but also most of the developers could help. Cheers Jean-Frederic Anas Date: Thu, 23 Apr 2009 18:27:20 +0100 From: ma...@apache.org To: dev@tomcat.apache.org Subject: Re: participate in tomcat 7 Anas Ahmed wrote: Hello all, my proposal about improve jmx for tomcat was rejected. but i'm desiring to participate in tomcat development. i want to ask if it possible to do the project without GSOC ? is the dev list can provide mentor to do this project in the summer? Absolutely. I think Peter expressed an interest in mentoring this project. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org _ Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: participate in tomcat 7
Anas Ahmed wrote: > > Where can I find petter Hopefully on this list :) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 41509] Jasper tries to add permissions to readonly PermissionCollection
https://issues.apache.org/bugzilla/show_bug.cgi?id=41509 --- Comment #4 from Steve Loughran 2009-04-24 08:41:28 PST --- It is a shame that this is a WONTFIX as it may stop Jasper working with RMI Java6+ JVM. One needs security for its classloader to work, the other bangs up against a changed semantics of Sun's JVM. It is also hard to see how this can be fixed in Jasper. Here is what the Java6 javadocs have to say on the topic: "Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should solely rely on the implies method to perform policy checks. If an application absolutely must call a getPermissions method, it should call getPermissions(ProtectionDomain). The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource." What would happen if Jasper could recognise the situation in which there was a read-only policy and skip trying to set permissions -or could it perhaps check to see if the permissions were already granted by the security manager before trying to set them? See also http://mail-archives.apache.org/mod_mbox/incubator-river-user/200810.mbox/%3c20081015181649.gb4...@east%3e -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 41509] Jasper tries to add permissions to readonly PermissionCollection
https://issues.apache.org/bugzilla/show_bug.cgi?id=41509 --- Comment #5 from Mark Thomas 2009-04-24 08:49:06 PST --- Jasper already tries to set the permission, catches the exception it if fails and carries on anyway. What other changes are you looking for? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r768338 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/config/loader.xml
Author: markt Date: Fri Apr 24 15:53:27 2009 New Revision: 768338 URL: http://svn.apache.org/viewvc?rev=768338&view=rev Log: WebappLoader expects loaderClass to be an instance of o.a.c.loader.WebappClassloader so add that to the docs Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/webapps/docs/config/loader.xml Propchange: tomcat/tc6.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Fri Apr 24 15:53:27 2009 @@ -1 +1 @@ -/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291,750921,751286-751287,751295,757774,758596 +/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291,750921,751286-751287,751295,757774,758596,768335 Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/loader.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/loader.xml?rev=768338&r1=768337&r2=768338&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/config/loader.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/config/loader.xml Fri Apr 24 15:53:27 2009 @@ -122,6 +122,8 @@ Java class name of the java.lang.ClassLoader implementation class to use. If not specified, the default value is +org.apache.catalina.loader.WebappClassLoader. Custom +loaderClass implementations must extend org.apache.catalina.loader.WebappClassLoader. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r768335 - /tomcat/trunk/webapps/docs/config/loader.xml
Author: markt Date: Fri Apr 24 15:44:42 2009 New Revision: 768335 URL: http://svn.apache.org/viewvc?rev=768335&view=rev Log: WebappLoader expects loaderClass to be an instance of o.a.c.loader.WebappClassloader so add that to the docs Modified: tomcat/trunk/webapps/docs/config/loader.xml Modified: tomcat/trunk/webapps/docs/config/loader.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/loader.xml?rev=768335&r1=768334&r2=768335&view=diff == --- tomcat/trunk/webapps/docs/config/loader.xml (original) +++ tomcat/trunk/webapps/docs/config/loader.xml Fri Apr 24 15:44:42 2009 @@ -122,6 +122,8 @@ Java class name of the java.lang.ClassLoader implementation class to use. If not specified, the default value is +org.apache.catalina.loader.WebappClassLoader. Custom +loaderClass implementations must extend org.apache.catalina.loader.WebappClassLoader. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=45255 --- Comment #9 from Folke B. 2009-04-24 16:38:05 PST --- (In reply to comment #7) > Created an attachment (id=23284) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23284) [details] > Patch to allow URL rewriting to be disabled > > Attaching a proposed patch for review. We also need to make sure that "jsessionid" isn't accepted anymore if present. Please take a look at CoyoteAdapter.parseSessionCookieId() and make the patch apply the same checks to parseSessionId() with context.getUrlRewriting(). Thanks! -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
