DO NOT REPLY [Bug 48358] JSP-unloading reloaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358 --- Comment #13 from Christian Brandel 2010-11-22 04:58:13 EST --- Excellent, Rainer! Excuse my ignorance, if this is somehow obvious from the patch itself (this'll be my first patch): Against which version can this be applied? 6.0.29? 6.x trunk from SVN? Thanks, Chris -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037658 - /tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Author: markt
Date: Mon Nov 22 10:16:37 2010
New Revision: 1037658
URL: http://svn.apache.org/viewvc?rev=1037658&view=rev
Log:
Fix ordering functionality for Manager app
Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=1037658&r1=1037657&r2=1037658&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Mon
Nov 22 10:16:37 2010
@@ -948,9 +948,9 @@ public final class HTMLManagerServlet ex
orderBy = req.getParameter("order");
if ("DESC".equalsIgnoreCase(orderBy)) {
comparator = new ReverseComparator(comparator);
-// orderBy = "ASC";
+orderBy = "ASC";
} else {
-//orderBy = "DESC";
+orderBy = "DESC";
}
try {
Collections.sort(sessions, comparator);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037659 - /tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
Author: markt
Date: Mon Nov 22 10:18:17 2010
New Revision: 1037659
URL: http://svn.apache.org/viewvc?rev=1037659&view=rev
Log:
Simplify escapeXml(Object)
Modified:
tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
Modified: tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java?rev=1037659&r1=1037658&r2=1037659&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java Mon Nov 22
10:18:17 2010
@@ -176,7 +176,7 @@ public class JspHelper {
public static String escapeXml(Object obj) {
String value = null;
try {
-value = (obj == null) ? null : String.valueOf(obj);
+value = (obj == null) ? null : obj.toString();
} catch (Exception e) {
// Ignore
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037661 - /tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
Author: markt
Date: Mon Nov 22 10:30:05 2010
New Revision: 1037661
URL: http://svn.apache.org/viewvc?rev=1037661&view=rev
Log:
Fix primary sessions not always treated as such by Manager app.
Modified:
tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp?rev=1037661&r1=1037660&r2=1037661&view=diff
==
--- tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp Mon Nov 22
10:30:05 2010
@@ -95,7 +95,13 @@
-
+<%
+if ("Primary".equals(request.getParameter("sessionType"))) {
+%>
+
+<%
+}
+%>
@@ -138,9 +144,10 @@
<%
- if
("Primary".equals(request.getAttribute("sessionType"))) {
+ if
("Primary".equals(request.getParameter("sessionType"))) {
%>
+
<%
} else {
out.print("Primary sessions only");
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037663 - /tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Author: markt
Date: Mon Nov 22 10:32:12 2010
New Revision: 1037663
URL: http://svn.apache.org/viewvc?rev=1037663&view=rev
Log:
Fix manager app - attribute removed message was not being displayed
Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=1037663&r1=1037662&r2=1037663&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Mon
Nov 22 10:32:12 2010
@@ -860,7 +860,7 @@ public final class HTMLManagerServlet ex
removeSessionAttribute(cn, sessionId, name, smClient);
String outMessage = removed ? "Session attribute '" + name + "'
removed." : "Session did not contain any attribute named '" + name + "'";
req.setAttribute(APPLICATION_MESSAGE, outMessage);
-
resp.sendRedirect(resp.encodeRedirectURL(req.getRequestURL().append("?path=").append(cn.getPath()).append("&action=sessionDetail&sessionId=").append(sessionId).toString()));
+displaySessionDetailPage(req, resp, cn, sessionId, smClient);
return;
} // else
displaySessionsListPage(cn, req, resp, smClient);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50312] New: Unable to start Tomcat6.0.18 after stopping, in Solaris OS
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312 Summary: Unable to start Tomcat6.0.18 after stopping, in Solaris OS Product: Tomcat 6 Version: 6.0.18 Platform: Sun OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: chaitanyas...@gmail.com Hi Team, When we stop the tomcat by command./shutdown.sh and try to start Tomcat in solaris platform by ./startup.sh command it is always throwing the below exception.Please help us by giving solution ASAP. Error: Exception thrown by the agent : java.rmi.server.ExportException: Port already in use: 9898; nested exception is: java.net.BindException: Address already in use Regards, Krishna -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50312] Unable to start Tomcat6.0.18 after stopping, in Solaris OS
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas 2010-11-22 05:49:04 EST --- Bugzilla is not a support forum. Please use the users mailing list. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037669 - /tomcat/trunk/webapps/docs/changelog.xml
Author: markt Date: Mon Nov 22 11:05:28 2010 New Revision: 1037669 URL: http://svn.apache.org/viewvc?rev=1037669&view=rev Log: Add recent HTML manager app fixes Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1037669&r1=1037668&r2=1037669&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 22 11:05:28 2010 @@ -269,6 +269,18 @@ 50303: Update JNDI how-to to reflect new JavaMail download location and that JAF is now included in Java SE 6. (markt) + +Fix ordering functionality on sessions page for HTML Manager +application. (markt) + + +Fix primary sessions not always being treated as such in HTML Manager +application. (markt) + + +Fix message not being displayed after session attribute removal in HTML +Manager application. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037677 - /tomcat/trunk/java/org/apache/catalina/mbeans/MBeanUtils.java
Author: markt
Date: Mon Nov 22 11:41:34 2010
New Revision: 1037677
URL: http://svn.apache.org/viewvc?rev=1037677&view=rev
Log:
Ensure MBean names are correct generated for version ROOT web applications.
Fix ContextResource case that was using old path=... rather than new context=...
Modified:
tomcat/trunk/java/org/apache/catalina/mbeans/MBeanUtils.java
Modified: tomcat/trunk/java/org/apache/catalina/mbeans/MBeanUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/mbeans/MBeanUtils.java?rev=1037677&r1=1037676&r2=1037677&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/mbeans/MBeanUtils.java (original)
+++ tomcat/trunk/java/org/apache/catalina/mbeans/MBeanUtils.java Mon Nov 22
11:41:34 2010
@@ -48,6 +48,7 @@ import org.apache.catalina.deploy.Contex
import org.apache.catalina.deploy.ContextResource;
import org.apache.catalina.deploy.ContextResourceLink;
import org.apache.catalina.deploy.NamingResources;
+import org.apache.catalina.util.ContextName;
import org.apache.catalina.valves.ValveBase;
import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.ajp.AjpAprProtocol;
@@ -495,12 +496,9 @@ public class MBeanUtils {
ObjectName name = null;
Host host = (Host)context.getParent();
-String contextName = context.getName();
-if (!contextName.startsWith("/")) {
-contextName = "/" + contextName;
-}
+ContextName cn = new ContextName(context.getName());
name = new ObjectName(domain + ":j2eeType=WebModule,name=//" +
- host.getName()+ contextName +
+ host.getName()+ cn.getDisplayName() +
",J2EEApplication=none,J2EEServer=none");
return (name);
@@ -528,14 +526,11 @@ public class MBeanUtils {
name = new ObjectName(domain + ":type=Environment" +
",resourcetype=Global,name=" + environment.getName());
} else if (container instanceof Context) {
-String contextName = ((Context)container).getName();
-if (!contextName.startsWith("/")) {
-contextName = "/" + contextName;
-}
-
-Host host = (Host) ((Context)container).getParent();
+Context context = ((Context)container);
+ContextName cn = new ContextName(context.getName());
+Container host = context.getParent();
name = new ObjectName(domain + ":type=Environment" +
-",resourcetype=Context,context=" + contextName +
+",resourcetype=Context,context=" + cn.getDisplayName()
+
",host=" + host.getName() +
",name=" + environment.getName());
}
@@ -566,12 +561,11 @@ public class MBeanUtils {
",resourcetype=Global,class=" + resource.getType() +
",name=" + quotedResourceName);
} else if (container instanceof Context) {
-String path = ((Context)container).getPath();
-if (path.length() < 1)
-path = "/";
-Host host = (Host) ((Context)container).getParent();
+Context context = ((Context)container);
+ContextName cn = new ContextName(context.getName());
+Container host = context.getParent();
name = new ObjectName(domain + ":type=Resource" +
-",resourcetype=Context,path=" + path +
+",resourcetype=Context,context=" + cn.getDisplayName()
+
",host=" + host.getName() +
",class=" + resource.getType() +
",name=" + quotedResourceName);
@@ -605,14 +599,11 @@ public class MBeanUtils {
",resourcetype=Global" +
",name=" + quotedResourceLinkName);
} else if (container instanceof Context) {
-String contextName = ((Context)container).getName();
-if (!contextName.startsWith("/")) {
-contextName = "/" + contextName;
-}
-
-Host host = (Host) ((Context)container).getParent();
+Context context = ((Context)container);
+ContextName cn = new ContextName(context.getName());
+Container host = context.getParent();
name = new ObjectName(domain + ":type=ResourceLink" +
-",resourcetype=Context,context=" + contextName +
+",resourcetype=Context,context=" + cn.getDisplayName()
+
",host=" + host.getName() +
",name=" + quotedResourceLinkName);
}
@@ -707,13 +698,11 @@ public class MBeanUtils {
name = new ObjectName(domain + ":type=Loade
svn commit: r1037681 - /tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
Author: markt
Date: Mon Nov 22 11:45:57 2010
New Revision: 1037681
URL: http://svn.apache.org/viewvc?rev=1037681&view=rev
Log:
Use correct MBean name for Mangers
Fix Eclipse niggle
Modified:
tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1037681&r1=1037680&r2=1037681&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Mon
Nov 22 11:45:57 2010
@@ -184,6 +184,7 @@ public class StatusTransformer {
writer.print(formatTime(new Long(result[12] / 1000), true));
writer.print("");
} else if (mode == 1){
+// NO-OP
}
}
@@ -626,7 +627,7 @@ public class StatusTransformer {
}
ObjectName queryManager = new ObjectName
-(objectName.getDomain() + ":type=Manager,path=" + contextName
+(objectName.getDomain() + ":type=Manager,context=" +
contextName
+ ",host=" + hostName + ",*");
Set managersON =
mBeanServer.queryNames(queryManager, null);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037682 - in /tomcat/trunk: java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java java/org/apache/catalina/ant/jmx/JMXAccessorSetTask.java webapps/docs/cluster-howto.xml webapps/doc
Author: markt
Date: Mon Nov 22 11:46:46 2010
New Revision: 1037682
URL: http://svn.apache.org/viewvc?rev=1037682&view=rev
Log:
Update docs to new MBean names
Modified:
tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java
tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorSetTask.java
tomcat/trunk/webapps/docs/cluster-howto.xml
tomcat/trunk/webapps/docs/funcspecs/mbean-names.xml
tomcat/trunk/webapps/docs/monitoring.xml
Modified:
tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java?rev=1037682&r1=1037681&r2=1037682&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java
Mon Nov 22 11:46:46 2010
@@ -44,10 +44,10 @@ import org.apache.tools.ant.BuildExcepti
*
*
* Get a session attribute hello from session with ref ${sessionid.0}
form
- * app Catalina:type=Manager,path=/ClusterTest,host=localhost
+ * app Catalina:type=Manager,context=/ClusterTest,host=localhost
*
*
*
svn commit: r1037683 - in /tomcat/trunk: java/org/apache/catalina/core/StandardWrapper.java webapps/docs/changelog.xml
Author: markt
Date: Mon Nov 22 11:49:05 2010
New Revision: 1037683
URL: http://svn.apache.org/viewvc?rev=1037683&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50310
Ensure Servlet info is displayed in Manager application
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java?rev=1037683&r1=1037682&r2=1037683&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java Mon Nov 22
11:49:05 2010
@@ -1720,7 +1720,7 @@ public class StandardWrapper extends Con
private String getWebModuleKeyProperties() {
-StringBuilder keyProperties = new StringBuilder(",WebModule=");
+StringBuilder keyProperties = new StringBuilder(",WebModule=//");
String hostName = getParent().getParent().getName();
if (hostName == null) {
keyProperties.append("DEFAULT");
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1037683&r1=1037682&r2=1037683&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 22 11:49:05 2010
@@ -281,6 +281,10 @@
Fix message not being displayed after session attribute removal in HTML
Manager application. (markt)
+
+50310: Fix display of Servlet information in Manager
+application. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50312] Unable to start Tomcat6.0.18 after stopping, in Solaris OS
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312 chaitanyas...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED CC||chaitanyas...@gmail.com Resolution|INVALID | --- Comment #2 from chaitanyas...@gmail.com 2010-11-22 06:50:20 EST --- Hi Mark Thomas, Thanks for update. Please let us know who are users mailing list. Actually we are in emergency to fix this issue. Regards, Krishna -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50310] Manager detailed status page does not display servlets
https://issues.apache.org/bugzilla/show_bug.cgi?id=50310 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Mark Thomas 2010-11-22 06:50:29 EST --- Fixed in 7.0.x and will be included in 7.0.5 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50312] Unable to start Tomcat6.0.18 after stopping, in Solaris OS
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||INVALID --- Comment #3 from Mark Thomas 2010-11-22 06:52:11 EST --- http://tomcat.apache.org/findhelp.html Please do not re-open this issue. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1037360 - /tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/
See Commons Jexl 2.0 for an example. On 21 November 2010 02:26, Jeremy Boynes wrote: > Can we generate these during the build rather than checking in the generated > source? > > On Nov 20, 2010, at 4:18 PM, kkoli...@apache.org wrote: > >> Author: kkolinko >> Date: Sun Nov 21 00:18:14 2010 >> New Revision: 1037360 >> >> URL: http://svn.apache.org/viewvc?rev=1037360&view=rev >> Log: >> Formatting followup. >> I am reverting formatting that was done in r1037284, >> because all of these classes are generated ones. >> >> I am copying the old versions from r1037283. >> >> Added: >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ELParser.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ELParser.java >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ELParserConstants.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ELParserConstants.java >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ELParserTokenManager.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ELParserTokenManager.java >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ParseException.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/ParseException.java >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/SimpleCharStream.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/SimpleCharStream.java >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/Token.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/Token.java >> >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/TokenMgrError.java >> - copied unchanged from r1037283, >> tomcat/taglibs/standard/trunk/jstlel/src/main/java/org/apache/taglibs/standard/lang/jstl/parser/TokenMgrError.java >> >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50273] AprEndpoint logs socket accept fails altough error is harmless
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 --- Comment #7 from Michael Osipov <1983-01...@gmx.net> 2010-11-22 07:40:03 EST --- Mark, now I get this: INFO: Pausing Coyote HTTP/1.1 on http-8443 22.11.2010 13:30:21 org.apache.tomcat.util.net.AprEndpoint$Acceptor run WARNUNG: Socket accept failed org.apache.tomcat.jni.Error: Kein Pufferplatz verfügbar at org.apache.tomcat.jni.Socket.accept(Native Method) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:1170) at java.lang.Thread.run(Thread.java:619) 22.11.2010 13:30:22 org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Which seems correct. I changed the log level and will check the logs in the next couple of days. But it seems to be fixed by that. I am just curious if the root cause of this can be fixed in APR or not? Your solution is a mere workaround. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
License of border-radius.htc in TC7 ROOT webapp
Hi, all! The file /webapps/ROOT/border-radius.htc in the current trunk does not have the ASL header, nor any other explicit license. I think that the origins are here: [1] http://www.htmlremix.com/css/curved-corner-border-radius-cross-browser [2] http://code.google.com/p/curved-corner/ [3] http://code.google.com/p/curved-corner/downloads/detail?name=border-radius.htc [2] says Code license: GNU General Public License v3 Content license: Creative Commons 3.0 BY I think that we cannot use it as is. It provides support for those rounded corners in certain versions of MSIE. Testing with IE7, if I remove it, there are straight square corners and the gradient background is misplaced. I do not like the wrong background, but straight corners are nice. Anyway, it is not a big deal and the page is still usable. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50273] AprEndpoint logs socket accept fails altough error is harmless
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 --- Comment #8 from Mark Thomas 2010-11-22 08:26:06 EST --- Thanks for your testing. This is good news. I'll get this fix into 7.0.x and proposed for 6.0.x later today. Yes the solution is a workaround but while HP-UX is returning this error code for multiple errors - some of which are fatal and some of which are not - there isn't a huge amount that can be done about it. It is probably possible to put a work-around into Tomcat's native connector or maybe even the APR library but I avoided that for two reasons: - my C knowledge is only very basic - the fact that the error message can't just be ignored - even on HP-UX means that an error code has to be returned to Tomcat's acceptor thread anyway which would require a work-around not dissimilar from what I already wrote. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037715 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml
Author: markt
Date: Mon Nov 22 13:42:01 2010
New Revision: 1037715
URL: http://svn.apache.org/viewvc?rev=1037715&view=rev
Log:
Fix https://issues.apache.org/bugzilla/process_bug.cgi
Provide a workaround for an HP-UX issue that can result in large numbers of
SEVERE log messages appearing in the logs as a result of normal operation.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1037715&r1=1037714&r2=1037715&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon Nov 22
13:42:01 2010
@@ -912,6 +912,7 @@ public class AprEndpoint extends Abstrac
*/
protected class Acceptor extends Thread {
+private final Log log = LogFactory.getLog(AprEndpoint.Acceptor.class);
/**
* The background thread that listens for incoming TCP/IP connections
and
@@ -954,7 +955,22 @@ public class AprEndpoint extends Abstrac
}
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
-if (running)
log.error(sm.getString("endpoint.accept.fail"), t);
+if (running) {
+String msg = sm.getString("endpoint.accept.fail");
+if (t instanceof Error) {
+Error e = (Error) t;
+if (e.getError() == 233) {
+// Not an error on HP-UX so log as a warning
+// so it can be filtered out on that platform
+// See bug 50273
+log.warn(msg, t);
+} else {
+log.error(msg, t);
+}
+} else {
+log.error(msg, t);
+}
+}
}
// The processor will recycle itself when it finishes
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1037715&r1=1037714&r2=1037715&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 22 13:42:01 2010
@@ -197,6 +197,11 @@
50192: Improve performance for EL when running under a
security manager. Based on a patch by Robert Goff. (markt)
+
+50273: Provide a workaround for an HP-UX issue that can
+result in large numbers of SEVERE log messages appearing in the logs as
+a result of normal operation. (markt)
+
50293: Increase the size of internal ELResolver array from
2
to 8 since in typical usage there are at least 5 resolvers. Based on a
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037717 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Mon Nov 22 13:43:30 2010 New Revision: 1037717 URL: http://svn.apache.org/viewvc?rev=1037717&view=rev Log: Proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037717&r1=1037716&r2=1037717&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 13:43:30 2010 @@ -235,3 +235,10 @@ PATCHES PROPOSED TO BACKPORT: http://people.apache.org/~markt/patches/2010-11-18-session-rate-stats.patch +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 + Provide a workaround for an HP-UX issue that can result in large numbers of + SEVERE log messages appearing in the logs as a result of normal operation. + +1: markt + -1: + \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1037715 - svn:log
Author: markt Revision: 1037715 Modified property: svn:log Modified: svn:log at Mon Nov 22 13:44:09 2010 -- --- svn:log (original) +++ svn:log Mon Nov 22 13:44:09 2010 @@ -1,2 +1,2 @@ -Fix https://issues.apache.org/bugzilla/process_bug.cgi +Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 Provide a workaround for an HP-UX issue that can result in large numbers of SEVERE log messages appearing in the logs as a result of normal operation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50273] AprEndpoint logs socket accept fails altough error is harmless
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 --- Comment #9 from Mark Thomas 2010-11-22 08:45:45 EST --- Fixed in 7.0.x and will be included in 7.0.5 onwards Proposed for 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037721 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 22 13:57:10 2010 New Revision: 1037721 URL: http://svn.apache.org/viewvc?rev=1037721&view=rev Log: add patch URL and vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037721&r1=1037720&r2=1037721&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 13:57:10 2010 @@ -239,6 +239,7 @@ PATCHES PROPOSED TO BACKPORT: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 Provide a workaround for an HP-UX issue that can result in large numbers of SEVERE log messages appearing in the logs as a result of normal operation. - +1: markt + http://svn.apache.org/viewvc?rev=1037715&view=rev + +1: markt, kkolinko -1: \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50273] AprEndpoint logs socket accept fails altough error is harmless
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273 --- Comment #10 from Michael Osipov <1983-01...@gmx.net> 2010-11-22 09:00:00 EST --- Great news. Thanks for the quick help. Do you think it is worth raising a ticket at APR with a link to this one? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1036981 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
This goes as CTR and was not applied to trunk.
If voting is needed, count me as +1 for this.
2010/11/19 :
> Author: markt
> Date: Fri Nov 19 19:01:34 2010
> New Revision: 1036981
>
> URL: http://svn.apache.org/viewvc?rev=1036981&view=rev
> Log:
> Additional info for https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
> Add the error number to the message
>
> Modified:
> tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
>
> Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
> URL:
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java?rev=1036981&r1=1036980&r2=1036981&view=diff
> ==
> --- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java (original)
> +++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java Fri Nov 19
> 19:01:34 2010
> @@ -43,7 +43,7 @@ public class Error extends Exception {
> */
> private Error(int error, String description)
> {
> - super(description);
> + super(error + ": " + description);
> this.error = error;
> this.description = description;
> }
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1036981 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
On 22/11/2010 14:08, Konstantin Kolinko wrote:
> This goes as CTR and was not applied to trunk.
> If voting is needed, count me as +1 for this.
Sorry - that was my mistake. I committed to 6.0.x rather than trunk.
I'll fix trunk in a sec.
If it gets another quick +1 I'll leave it, else I'll revert it later today.
Mark
>
> 2010/11/19 :
>> Author: markt
>> Date: Fri Nov 19 19:01:34 2010
>> New Revision: 1036981
>>
>> URL: http://svn.apache.org/viewvc?rev=1036981&view=rev
>> Log:
>> Additional info for https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
>> Add the error number to the message
>>
>> Modified:
>>tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
>>
>> Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java?rev=1036981&r1=1036980&r2=1036981&view=diff
>> ==
>> --- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java (original)
>> +++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java Fri Nov 19
>> 19:01:34 2010
>> @@ -43,7 +43,7 @@ public class Error extends Exception {
>> */
>> private Error(int error, String description)
>> {
>> -super(description);
>> +super(error + ": " + description);
>> this.error = error;
>> this.description = description;
>> }
>>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037728 - /tomcat/trunk/java/org/apache/tomcat/jni/Error.java
Author: markt
Date: Mon Nov 22 14:12:05 2010
New Revision: 1037728
URL: http://svn.apache.org/viewvc?rev=1037728&view=rev
Log:
Additional info for https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
Add the error number to the message
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/Error.java
Modified: tomcat/trunk/java/org/apache/tomcat/jni/Error.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/Error.java?rev=1037728&r1=1037727&r2=1037728&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/jni/Error.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/Error.java Mon Nov 22 14:12:05 2010
@@ -45,7 +45,7 @@ public class Error extends Exception {
*/
private Error(int error, String description)
{
-super(description);
+super(error + ": " + description);
this.error = error;
this.description = description;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50306] Detect stuck threads
https://issues.apache.org/bugzilla/show_bug.cgi?id=50306 --- Comment #4 from Rainer Jung 2010-11-22 09:13:44 EST --- I see basically two aspects that code inside Tomcat could add: 1) Extraction of relevant information Since we know, which thread works on which request and we know a lot about the request meta data (e.g. when it started) and about the threads (e.g. CPU usage), we can very efficiently inspect the stacks for exactly those threads that work on the same request for longer than some configured limit. No need to dump stacks for all threads (a lot of them idle in the pools or connected to the web server but not working on a request). 2) Reduction of polling interval Since we focus on the relevant info we can do more frequent checks than one would do with a plain "dump all stacks". E.g. every 10 seconds instead of every one minute. If there is no long running request, no stack to inspect. Yes, all of that can be done by a JMX client. But the client needs to be powerful enough to add logic like retrieving the in-flight requests, extracting those that already take to long, then retrieving the stacks for those requests etc. What I don't have a nice idea about is how to actually use that information. Of course you could simply log the stacks and the request meta data for the long running requests, but for an average admin this might be to technical (of no real use). Though it would be helpful for his application provider when he starts analyzing reasons for performance problems. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48358] JSP-unloading reloaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358 --- Comment #14 from Rainer Jung 2010-11-22 09:18:24 EST --- As far as I remember it should apply cleanly to 6.0.29 and 6.0.x trunk (as of now). Try it and shout if it doesn't work. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1036981 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
On 22.11.2010 15:10, Mark Thomas wrote:
On 22/11/2010 14:08, Konstantin Kolinko wrote:
This goes as CTR and was not applied to trunk.
If voting is needed, count me as +1 for this.
Sorry - that was my mistake. I committed to 6.0.x rather than trunk.
I'll fix trunk in a sec.
If it gets another quick +1 I'll leave it, else I'll revert it later today.
Here's another quick +1.
2010/11/19:
Author: markt
Date: Fri Nov 19 19:01:34 2010
New Revision: 1036981
URL: http://svn.apache.org/viewvc?rev=1036981&view=rev
Log:
Additional info for https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
Add the error number to the message
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java?rev=1036981&r1=1036980&r2=1036981&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java Fri Nov 19
19:01:34 2010
@@ -43,7 +43,7 @@ public class Error extends Exception {
*/
private Error(int error, String description)
{
-super(description);
+super(error + ": " + description);
this.error = error;
this.description = description;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1036981 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/Error.java
On 22/11/2010 14:33, Rainer Jung wrote: > On 22.11.2010 15:10, Mark Thomas wrote: >> On 22/11/2010 14:08, Konstantin Kolinko wrote: >>> This goes as CTR and was not applied to trunk. >>> If voting is needed, count me as +1 for this. >> >> Sorry - that was my mistake. I committed to 6.0.x rather than trunk. >> I'll fix trunk in a sec. >> >> If it gets another quick +1 I'll leave it, else I'll revert it later >> today. > > Here's another quick +1. Thanks. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037735 - in /tomcat/trunk: java/org/apache/coyote/AsyncStateMachine.java test/org/apache/catalina/core/TestAsyncContextImpl.java webapps/docs/changelog.xml
Author: markt
Date: Mon Nov 22 14:35:51 2010
New Revision: 1037735
URL: http://svn.apache.org/viewvc?rev=1037735&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50308
Allow asynchronous request processing to call AsyncContext.dispatch() once the
asynchronous request has timed out.
Modified:
tomcat/trunk/java/org/apache/coyote/AsyncStateMachine.java
tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/coyote/AsyncStateMachine.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/AsyncStateMachine.java?rev=1037735&r1=1037734&r2=1037735&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/AsyncStateMachine.java (original)
+++ tomcat/trunk/java/org/apache/coyote/AsyncStateMachine.java Mon Nov 22
14:35:51 2010
@@ -213,7 +213,8 @@ public class AsyncStateMachine {
boolean doDispatch = false;
if (state == AsyncState.STARTING) {
state = AsyncState.MUST_DISPATCH;
-} else if (state == AsyncState.STARTED) {
+} else if (state == AsyncState.STARTED ||
+state == AsyncState.TIMING_OUT) {
state = AsyncState.DISPATCHING;
doDispatch = true;
} else {
Modified: tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java?rev=1037735&r1=1037734&r2=1037735&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java Mon
Nov 22 14:35:51 2010
@@ -314,14 +314,20 @@ public class TestAsyncContextImpl extend
}
public void testTimeoutListenerComplete() throws Exception {
-doTestTimeout(true);
+doTestTimeout(true, null);
}
public void testTimeoutListenerNoComplete() throws Exception {
-doTestTimeout(false);
+doTestTimeout(false, null);
+}
+
+public void testTimeoutListenerDispatch() throws Exception {
+doTestTimeout(true, "/nonasync");
}
-private void doTestTimeout(boolean completeOnTimeout) throws Exception {
+
+private void doTestTimeout(boolean completeOnTimeout, String dispatchUrl)
+throws Exception {
// Setup Tomcat instance
Tomcat tomcat = getTomcatInstance();
@@ -336,12 +342,19 @@ public class TestAsyncContextImpl extend
Context ctx = tomcat.addContext("", docBase.getAbsolutePath());
-TimeoutServlet timeout = new TimeoutServlet(completeOnTimeout);
+TimeoutServlet timeout =
+new TimeoutServlet(completeOnTimeout, dispatchUrl);
Wrapper wrapper = Tomcat.addServlet(ctx, "time", timeout);
wrapper.setAsyncSupported(true);
ctx.addServletMapping("/async", "time");
+if (dispatchUrl != null) {
+NonAsyncServlet nonAsync = new NonAsyncServlet();
+Tomcat.addServlet(ctx, "nonasync", nonAsync);
+ctx.addServletMapping(dispatchUrl, "nonasync");
+}
+
tomcat.start();
ByteChunk res = getUrl("http://localhost:"; + getPort() + "/async");
StringBuilder expected = new StringBuilder();
@@ -349,7 +362,11 @@ public class TestAsyncContextImpl extend
if (!completeOnTimeout) {
expected.append("onError-");
}
-expected.append("onComplete-");
+if (dispatchUrl == null) {
+expected.append("onComplete-");
+} else {
+expected.append("NonAsyncServletGet-");
+}
assertEquals(expected.toString(), res.toString());
}
@@ -357,9 +374,11 @@ public class TestAsyncContextImpl extend
private static final long serialVersionUID = 1L;
private boolean completeOnTimeout;
-
-public TimeoutServlet(boolean completeOnTimeout) {
+private String dispatchUrl;
+
+public TimeoutServlet(boolean completeOnTimeout, String dispatchUrl) {
this.completeOnTimeout = completeOnTimeout;
+this.dispatchUrl = dispatchUrl;
}
@Override
@@ -370,7 +389,8 @@ public class TestAsyncContextImpl extend
final AsyncContext ac = req.startAsync();
ac.setTimeout(3000);
-ac.addListener(new TrackingListener(false, completeOnTimeout));
+ac.addListener(new TrackingListener(
+false, completeOnTimeout, dispatchUrl));
} else
resp.getWriter().print("FAIL: Async unsupported");
}
@@ -463,7 +483,7 @@ public class TestAsyncContextImpl extend
final AsyncContext ctxt =
DO NOT REPLY [Bug 50308] Call to AsyncContext.dispatch() in the onTimeout callback throws exception
https://issues.apache.org/bugzilla/show_bug.cgi?id=50308 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Mark Thomas 2010-11-22 09:37:26 EST --- Thanks for the report. This has been fixed in 7.0.x and will be included in 7.0.5 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50306] Detect stuck threads
https://issues.apache.org/bugzilla/show_bug.cgi?id=50306 --- Comment #5 from Konstantin Kolinko 2010-11-22 09:52:30 EST --- 1) The manager webapp already has a list of requests being processed on the "Server Status" page, as Mark mentioned. One can make them as clickable, with more info displayed on demand. 2) If some "scan worker thread" self-diagnostic activity is needed inside Tomcat, one can wrap it into o.a.c.LifecycleListener and add to server.xml. I doubt that there is one-fits-all solution here, but I won't stop anyone contributing. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50316] New: Minor glitch with display of negative TTL on sessionDetail.jsp
https://issues.apache.org/bugzilla/show_bug.cgi?id=50316 Summary: Minor glitch with display of negative TTL on sessionDetail.jsp Product: Tomcat 6 Version: 6.0.29 Platform: PC OS/Version: Windows XP Status: NEW Severity: minor Priority: P2 Component: Manager application AssignedTo: dev@tomcat.apache.org ReportedBy: knst.koli...@gmail.com Created an attachment (id=26331) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26331) sessionDetail.jpg - screenshot To reproduce 1. Start Tomcat 2. Create a session 3. Stop Tomcat. Wait for more than TTL (default: 30 minutes). Start Tomcat. 4. Go to the Manager web application and look at the Session Details page for the session. I had some instance of 6.0.29 lying on my drive for several months. The TTL value was printed as "0-2982:0-20:0-59" instead of "-2982:20:59". I am attaching the screenshot. I wonder why the session was still alive, but that is a different question. The bug is in JspHelper.secondsToTimeString(), as it does not deal with negative values. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037778 - in /tomcat/trunk: java/org/apache/catalina/manager/JspHelper.java webapps/docs/changelog.xml webapps/manager/WEB-INF/jsp/sessionDetail.jsp webapps/manager/WEB-INF/jsp/sessionsLi
Author: markt
Date: Mon Nov 22 17:19:07 2010
New Revision: 1037778
URL: http://svn.apache.org/viewvc?rev=1037778&view=rev
Log:
Fix CVE-2010-4172. Multiple XSS in Manager web application
Modified:
tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp
Modified: tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java?rev=1037778&r1=103&r2=1037778&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java Mon Nov 22
17:19:07 2010
@@ -54,7 +54,7 @@ public class JspHelper {
}
private static String localeToString(Locale locale) {
if (locale != null) {
-return locale.toString();//locale.getDisplayName();
+return escapeXml(locale.toString());//locale.getDisplayName();
} else {
return "";
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1037778&r1=103&r2=1037778&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 22 17:19:07 2010
@@ -295,6 +295,9 @@
50310: Fix display of Servlet information in Manager
application. (markt)
+
+CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)
+
Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp?rev=1037778&r1=103&r2=1037778&view=diff
==
--- tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp Mon Nov 22
17:19:07 2010
@@ -33,10 +33,10 @@
ContextName cn = new ContextName(path, version);
Session currentSession = (Session)request.getAttribute("currentSession");
HttpSession currentHttpSession = currentSession.getSession();
- String currentSessionId = currentSession.getId();
- String submitUrl = response.encodeURL(((HttpServletRequest)
- pageContext.getRequest()).getRequestURI() + "?path=" + path +
- "&version=" + version);
+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ "?path=" + path + "&version=" + version));
%>
@@ -50,7 +50,7 @@
Sessions Administration: details for <%= currentSessionId %>
-Details for Session <%= JspHelper.escapeXml(currentSessionId) %>
+Details for Session <%= currentSessionId %>
@@ -142,7 +142,7 @@
-
+
<%
if
("Primary".equals(request.getParameter("sessionType"))) {
%>
@@ -165,7 +165,6 @@
-
Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp?rev=1037778&r1=103&r2=1037778&view=diff
==
--- tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp Mon Nov 22
17:19:07 2010
@@ -31,9 +31,9 @@
<% String path = (String) request.getAttribute("path");
String version = (String) request.getAttribute("version");
ContextName cn = new ContextName(path, version);
- String submitUrl = response.encodeURL(((HttpServletRequest)
- pageContext.getRequest()).getRequestURI() + "?path=" + path +
- "&version=" + version);
+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ "?path=" + path + "&version=" + version));
Collection activeSessions = (Collection)
request.getAttribute("activeSessions");
%>
@@ -45,10 +45,10 @@
-Sessions Administration for <%= cn.getDisplayName() %>
+Sessions Administration for <%=
JspHelper.escapeXml(cn.getDisplayName()) %>
-Sessions Administration for <%= cn.getDisplayName() %>
+Sessions Administration for <%= JspHelper.escapeXml(cn.getDisplayName())
%>
Tips:
@@ -62,13 +62,13 @@
svn commit: r1037779 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/manager/JspHelper.java webapps/docs/changelog.xml webapps/manager/WEB-INF/jsp/sessionDetail.jsp webapps/manager/WEB-INF/jsp/se
Author: markt
Date: Mon Nov 22 17:20:10 2010
New Revision: 1037779
URL: http://svn.apache.org/viewvc?rev=1037779&view=rev
Log:
Fix CVE-2010-4172. Multiple XSS in Manager web application
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/JspHelper.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/JspHelper.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/JspHelper.java?rev=1037779&r1=1037778&r2=1037779&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/JspHelper.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/JspHelper.java Mon
Nov 22 17:20:10 2010
@@ -58,7 +58,7 @@ public class JspHelper {
}
private static String localeToString(Locale locale) {
if (locale != null) {
-return locale.toString();//locale.getDisplayName();
+return escapeXml(locale.toString());//locale.getDisplayName();
} else {
return "";
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1037779&r1=1037778&r2=1037779&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Nov 22 17:20:10 2010
@@ -312,6 +312,9 @@
50303: Update JNDI how-to to reflect new JavaMail and JAF
download locations and that JAF is now included in Java SE 6. (markt)
+
+CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)
+
Modified: tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp?rev=1037779&r1=1037778&r2=1037779&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
(original)
+++ tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp Mon Nov
22 17:20:10 2010
@@ -30,9 +30,10 @@
<% String path = (String) request.getAttribute("path");
Session currentSession = (Session)request.getAttribute("currentSession");
HttpSession currentHttpSession = currentSession.getSession();
- String currentSessionId = currentSession.getId();
- String submitUrl = response.encodeURL(((HttpServletRequest)
- pageContext.getRequest()).getRequestURL().toString());
+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ "?path=" + path));
%>
@@ -46,7 +47,7 @@
Sessions Administration: details for <%= currentSessionId %>
-Details for Session <%= JspHelper.escapeXml(currentSessionId) %>
+Details for Session <%= currentSessionId %>
@@ -89,7 +90,6 @@
-
@@ -131,10 +131,9 @@
-
-
+
@@ -148,7 +147,6 @@
-
Modified: tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp?rev=1037779&r1=1037778&r2=1037779&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp (original)
+++ tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/sessionsList.jsp Mon Nov
22 17:20:10 2010
@@ -26,8 +26,9 @@
http://www.w3.org/1999/xhtml"; xml:lang="en">
<% String path = (String) request.getAttribute("path");
- String submitUrl = response.encodeURL(((HttpServletRequest)
- pageContext.getRequest()).getRequestURI() + "?path=" + path);
+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ "?path=" + path));
Collection activeSessions = (Collection)
request.getAttribute("activeSessions");
%>
@@ -39,10 +40,10 @@
- Sessions Administration for <%= path %>
+ Sessions Administration for <%= JspHelper.escapeXml(path)
%>
-Sessions Administration for <%= path %>
+Sessions Administration for <%= JspHelper.escapeXml(path) %>
Tips:
@@ -56,13 +57,
svn commit: r1037784 - in /tomcat/site/trunk: docs/security-6.html docs/security-7.html xdocs/security-6.xml xdocs/security-7.xml
Author: markt Date: Mon Nov 22 17:29:35 2010 New Revision: 1037784 URL: http://svn.apache.org/viewvc?rev=1037784&view=rev Log: Updates for CVE-2010-4172 Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/xdocs/security-6.xml tomcat/site/trunk/xdocs/security-7.xml Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1037784&r1=1037783&r2=1037784&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Mon Nov 22 17:29:35 2010 @@ -201,6 +201,9 @@ Apache Tomcat 6.x vulnerabilities +Fixed in SVN for Apache Tomcat 6.0.30 (not yet released) + + Fixed in Apache Tomcat 6.0.28 @@ -290,6 +293,50 @@ + + + + +Fixed in SVN for Apache Tomcat 6.0.30 (not yet released) + + + + + + + + + + +moderate: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172";> + CVE-2010-4172 + + +The Manager application used the user provided parameters sort and + orderBy directly without filtering thereby permitting cross-site + scripting. + +This was fixed in + http://svn.apache.org/viewvc?rev=1037779&view=rev";> + revision 1037779. + +Affects: 6.0.12-6.0.29 + + + + + + + + + + + + + + + Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1037784&r1=1037783&r2=1037784&view=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Mon Nov 22 17:29:35 2010 @@ -201,6 +201,9 @@ Apache Tomcat 7.x vulnerabilities +Fixed in SVN for Apache Tomcat 7.0.5 (not yet released) + + Fixed in Apache Tomcat 7.0.2 @@ -258,6 +261,51 @@ + + + + +Fixed in SVN for Apache Tomcat 7.0.5 (not yet released) + + + + + + + + + + +low: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172";> + CVE-2010-4172 + + +The Manager application used the user provided parameters sort and + orderBy directly without filtering thereby permitting cross-site + scripting. The CSRF protection, which is enabled by default, prevents an + attacker from exploiting this. + +This was fixed in + http://svn.apache.org/viewvc?rev=1037778&view=rev";> + revision 1037778. + +Affects: 7.0.0-7.0.4 + + + + + + + + + + + + + + + Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1037784&r1=1037783&r2=1037784&view=diff == --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Mon Nov 22 17:29:35 2010 @@ -30,6 +30,24 @@ + + + moderate: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172";> + CVE-2010-4172 + +The Manager application used the user provided parameters sort and + orderBy directly without filtering thereby permitting cross-site + scripting. + +This was fixed in + http://svn.apache.org/viewvc?rev=1037779&view=rev";> + revision 1037779. + +Affects: 6.0.12-6.0.29 + + + Important: Remote Denial Of Service and Information Disclosure Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1037784&r1=1037783&r2=1037784&view=diff == --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Mon Nov 22 17:29:35 2010 @@ -25,6 +25,25 @@ mailto:secur...@tomcat.apache.org";>Tomcat Security Team. + + + low: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172";> + CVE-2010-4172 + +The Manager application used the user provided parameters sort and + orderBy directly without filtering thereby permitting cross-site + scripting. The CSRF protection, which is enabled by default, prevents an + attacker from exploiting this. + +This was fixed in + http://svn.apache.org/viewvc?rev=1037778&view=rev";> + revision 1037778. + +Affects: 7.0.0-7.0.4 + + + Note: The issue below was fixed in Apache Tomcat 7.0.1 but the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037794 - in /tomcat/trunk/java/org/apache/jasper/runtime: BodyContentImpl.java PageContextImpl.java
Author: kkolinko
Date: Mon Nov 22 17:40:09 2010
New Revision: 1037794
URL: http://svn.apache.org/viewvc?rev=1037794&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50228
Improve recycling of BodyContentImpl.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java
tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
Modified: tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java?rev=1037794&r1=1037793&r2=1037794&view=diff
==
--- tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java Mon Nov 22
17:40:09 2010
@@ -605,7 +605,27 @@ public class BodyContentImpl extends Bod
clearBody();
}
}
-
+
+/**
+ * This method shall "reset" the internal state of a BodyContentImpl,
+ * releasing all internal references, and preparing it for potential
+ * reuse by a later invocation of {...@link
PageContextImpl#pushBody(Writer)}.
+ *
+ * Note, that BodyContentImpl instances are usually owned by a
+ * PageContextImpl instance, and PageContextImpl instances are recycled
+ * and reused.
+ *
+ * @see PageContextImpl#release()
+ */
+protected void recycle() {
+this.writer = null;
+try {
+this.clear();
+} catch (IOException ex) {
+// ignore
+}
+}
+
private void ensureOpen() throws IOException {
if (closed) throw new IOException("Stream closed");
}
Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1037794&r1=1037793&r2=1037794&view=diff
==
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Mon Nov 22
17:40:09 2010
@@ -204,6 +204,9 @@ public class PageContextImpl extends Pag
baseOut.recycle();
session = null;
attributes.clear();
+for (BodyContentImpl body: outs) {
+body.recycle();
+}
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037797 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 22 17:42:56 2010 New Revision: 1037797 URL: http://svn.apache.org/viewvc?rev=1037797&view=rev Log: proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037797&r1=1037796&r2=1037797&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 17:42:56 2010 @@ -242,4 +242,9 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/viewvc?rev=1037715&view=rev +1: markt, kkolinko -1: - \ No newline at end of file + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50228 + Improve recycling of BodyContentImpl. + http://svn.apache.org/viewvc?rev=1037794&view=rev + +1: kkolinko + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50228] PermGen leak when calling JspFragment.invoke() with a custom Writer
https://issues.apache.org/bugzilla/show_bug.cgi?id=50228 --- Comment #4 from Konstantin Kolinko 2010-11-22 12:45:17 EST --- Fixed in trunk with r1037794 (will be in 7.0.5), proposed for 6.0.x. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037808 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 22 18:07:50 2010 New Revision: 1037808 URL: http://svn.apache.org/viewvc?rev=1037808&view=rev Log: proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037808&r1=1037807&r2=1037808&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 18:07:50 2010 @@ -248,3 +248,8 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/viewvc?rev=1037794&view=rev +1: kkolinko -1: + +* Configure manager and host-manager webapps to use HttpOnly for session cookies + http://people.apache.org/~kkolinko/patches/2010-11-22_tc6_httpOnly.patch + +1: kkolinko + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
- Affected if CSRF protection is disabled
- Additional XSS issues if web applications are untrusted
- - Tomcat 6.0.12 to 6.0.29
- Affected in default configuration
- Additional XSS issues if web applications are untrusted
- - Tomcat 5.5.x
- Not affected
Description:
The session list screen (provided by sessionList.jsp) in affected
versions uses the orderBy and sort request parameters without applying
filtering and therefore is vulnerable to a cross-site scripting attack.
Users should be aware that Tomcat 6 does not use httpOnly for session
cookies by default so this vulnerability could expose session cookies
from the manager application to an attacker.
A review of the Manager application by the Apache Tomcat security team
identified additional XSS vulnerabilities if the web applications
deployed were not trusted.
Example:
GET
/manager/html/sessions?path=/&sort=">alert('xss')order=ASC&action=injectSessions&refresh=Refresh+Sessions+list
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Tomcat 7.0.0 to 7.0.4
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Ensure the CSRF protection is enabled
- Apply the patch 7.0.4 patch (see below)
- Update to 7.0.5 when released
- - Tomcat 6.0.12 to 6.0.29
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Apply the patch for 6.0.29 (see below)
- Update to 6.0.30 when released
No release date has been set for the next Tomcat 7.0.x and Tomcat 6.0.x
releases.
Credit:
The original issue was discovered by Adam Muntner of Gotham Digital Science.
Additional issues were identified by the Tomcat security team as a
result of reviewing the original issue.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
Note: The patches The Apache Tomcat Security Team
Patch for 6.0.29
Index: webapps/manager/WEB-INF/jsp/sessionDetail.jsp
===
- --- webapps/manager/WEB-INF/jsp/sessionDetail.jsp (revision 1037769)
+++ webapps/manager/WEB-INF/jsp/sessionDetail.jsp (working copy)
@@ -30,8 +30,10 @@
<% String path = (String) request.getAttribute("path");
Session currentSession =
(Session)request.getAttribute("currentSession");
HttpSession currentHttpSession = currentSession.getSession();
- - String currentSessionId = currentSession.getId();
- - String submitUrl =
((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();
+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String submitUrl = JspHelper.escapeXml(
+ ((HttpServletRequest)
pageContext.getRequest()).getRequestURI() +
+ "?path=" + path);
%>
@@ -45,7 +47,7 @@
Sessions Administration: details for <%= currentSessionId
%>
- -Details for Session <%= JspHelper.escapeXml(currentSessionId) %>
+Details for Session <%= currentSessionId %>
@@ -54,7 +56,7 @@
Guessed Locale
- -<%= JspHelper.guessDisplayLocaleFromSession(currentSession)
%>
+<%=
JspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession))
%>
Guessed User
@@ -120,7 +122,7 @@
String attributeName = (String)
attributeNamesEnumeration.nextElement();
%>
- -
+
<%= JspHelper.escapeXml(attributeName) %>
<% Object attributeValue =
currentHttpSession.getAttribute(attributeName); %>"><%= JspHelper.escapeXml(attributeValue) %>
Index: webapps/manager/WEB-INF/jsp/sessionsList.jsp
===
- --- webapps/manager/WEB-INF/jsp/sessionsList.jsp (revision 1037769)
+++ webapps/manager/WEB-INF/jsp/sessionsList.jsp(working copy)
@@ -26,7 +26,9 @@
http://www.w3.org/1999/xhtml"; xml:lang="en">
<% String path = (String) request.getAttribute("path");
- - String submitUrl =
((HttpServletRequest)pageContext.getRequest()).getRequestURI() +
"?path=" + path;
+ String submitUrl = JspHelper.escapeXml(
+ ((HttpServletRequest)
pageContext.getRequest()).getRequestURI() +
+ "?path=" + path);
Collection activeSessions = (Collection)
request.getAttribute("activeSessions");
%>
@@ -38,10 +40,10 @@
- - Sessions Administration for <%= path %>
+ Sessions Administration for <%= JspHelper.escapeXml(path)
%>
- -Sessions Administration for <%= path %>
+Sessions Administration
[ANN] New Tomcat committer: Christopher Schultz (schultz)
On behalf of the Tomcat committers I am pleased to announce that Christopher Schultz (schultz) has been voted in as a new Tomcat committer. Please join me in welcoming him. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50306] Detect stuck threads
https://issues.apache.org/bugzilla/show_bug.cgi?id=50306 --- Comment #6 from Sylvain Laurent 2010-11-22 14:22:05 EST --- My initial idea was : if a request takes too long, log a WARNING with the stack trace of the thread processing the request. I think that it is important to have this in log file (push information) than to just allow access by JMX (pull information) because it allows to discover problems pro-actively, for instance a network call that is stuck waiting for data from an unhealthy server and no socket timeout has been set for the call. As for the actual implementation, it could indeed be a LifeCycleListener, but it will probably need some changes elsewhere to provide instrumentation. I'll try to propose a patch in a couple of days. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037846 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 22 19:26:57 2010 New Revision: 1037846 URL: http://svn.apache.org/viewvc?rev=1037846&view=rev Log: proposal Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1037846&r1=1037845&r2=1037846&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Nov 22 19:26:57 2010 @@ -78,3 +78,8 @@ PATCHES PROPOSED TO BACKPORT: ) +1: kkolinko -1: + +* Configure manager, host-manager and admin webapps to use HttpOnly for session cookies + http://people.apache.org/~kkolinko/patches/2010-11-22_tc55_httpOnly.patch + +1: kkolinko + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
2010/11/22 Mark Thomas : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability > (...) FYI: The patches included in the announcement are hardly readable, because the mailing software replaced '-' with '- -' and the start of lines, and wrapped long lines as well. [1] http://mail-archives.apache.org/mod_mbox/tomcat-announce/201011.mbox/%3c4ceac06f.6030...@apache.org%3e [2] http://markmail.org/message/kem4h34suvkqyv4h Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037887 - in /tomcat/trunk: java/org/apache/catalina/manager/JspHelper.java java/org/apache/catalina/manager/StatusTransformer.java webapps/docs/changelog.xml
Author: kkolinko
Date: Mon Nov 22 20:59:20 2010
New Revision: 1037887
URL: http://svn.apache.org/viewvc?rev=1037887&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50316
Fix display of negative values
Modified:
tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java?rev=1037887&r1=1037886&r2=1037887&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java Mon Nov 22
20:59:20 2010
@@ -135,6 +135,10 @@ public class JspHelper {
public static String secondsToTimeString(long in_seconds) {
StringBuilder buff = new StringBuilder(9);
+if (in_seconds < 0) {
+buff.append('-');
+in_seconds = -in_seconds;
+}
long rest = in_seconds;
long hour = rest / 3600;
rest = rest % 3600;
Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1037887&r1=1037886&r2=1037887&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Mon
Nov 22 20:59:20 2010
@@ -871,10 +871,20 @@ public class StatusTransformer {
}
if (mb) {
+StringBuilder buff = new StringBuilder();
+if (bytes < 0) {
+buff.append('-');
+bytes = -bytes;
+}
long mbytes = bytes / (1024 * 1024);
long rest =
((bytes - (mbytes * (1024 * 1024))) * 100) / (1024 * 1024);
-return (mbytes + "." + ((rest < 10) ? "0" : "") + rest + " MB");
+buff.append(mbytes).append('.');
+if (rest < 10) {
+buff.append('0');
+}
+buff.append(rest).append(" MB");
+return buff.toString();
} else {
return ((bytes / 1024) + " KB");
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1037887&r1=1037886&r2=1037887&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 22 20:59:20 2010
@@ -298,6 +298,10 @@
CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)
+
+50316: Fix display of negative values in Manager
application.
+(kkolinko)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037888 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 22 21:02:47 2010 New Revision: 1037888 URL: http://svn.apache.org/viewvc?rev=1037888&view=rev Log: proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037888&r1=1037887&r2=1037888&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 21:02:47 2010 @@ -253,3 +253,9 @@ PATCHES PROPOSED TO BACKPORT: http://people.apache.org/~kkolinko/patches/2010-11-22_tc6_httpOnly.patch +1: kkolinko -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50316 + Fix minor glitch with display of negative values in Manager webapp + http://svn.apache.org/viewvc?rev=1037887&view=rev + +1: kkolinko + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50316] Minor glitch with display of negative TTL on sessionDetail.jsp
https://issues.apache.org/bugzilla/show_bug.cgi?id=50316 --- Comment #1 from Konstantin Kolinko 2010-11-22 16:04:47 EST --- Fixed in trunk in r1037887 (will be in 7.0.5), proposed for 6.0 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diag nostics" by PidSter
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by PidSter. http://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=5&rev2=6 -- * Capturing a thread dump * Capturing a heap dump * Examining a Stacktrace - * Using JMX clients + * [[#usingjmxclients|Using JMX clients]] == Tools == @@ -19, +19 @@ === Profilers === * VisualVM * MAT (Eclipse) - * YourKit + * YourKit Profiler * JProbe + [#usingjmxclients|Using JMX clients] + + When running a JMX client (JConsole, VisualVM) on the same machine as the target JVM process it is possible to connect without pre-configuring a JMX port, using the local connector stub. This method relies on being able to create a protected temporary file, accessible only to a user with administrator privileges. Java processes which are accessible via the local connector will automatically appear in the client. + + NB On Windows, this means that the temporary directory must be located on an NTFS formatted disk. See the following link for more details. + + [[http://download.oracle.com/javase/1.5.0/docs/guide/management/faq.html| JConsole and Remote Management FAQ]] + + From Java 6 a process needn't have the management agent enabled when it starts, as the Attach API permits the management agent to be activated on demand. + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diag nostics" by PidSter
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by PidSter. http://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=6&rev2=7 -- * YourKit Profiler * JProbe - [#usingjmxclients|Using JMX clients] + <> + + == Using JMX Clients == When running a JMX client (JConsole, VisualVM) on the same machine as the target JVM process it is possible to connect without pre-configuring a JMX port, using the local connector stub. This method relies on being able to create a protected temporary file, accessible only to a user with administrator privileges. Java processes which are accessible via the local connector will automatically appear in the client. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50318] New: NPE when opening Session Details page for an expired session
https://issues.apache.org/bugzilla/show_bug.cgi?id=50318
Summary: NPE when opening Session Details page for an expired
session
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: minor
Priority: P2
Component: Manager
AssignedTo: dev@tomcat.apache.org
ReportedBy: knst.koli...@gmail.com
Running current trunk at r1037887
1. In default web.xml set to some small value, e.g. 1 minute
2. Create a session, e.g. in the examples webapp.
3. Go to the manager webapp and display the list of sessions.
4. Do not close the page. Wait for several minutes, so that session expires.
5. Click on the session id, to open the Session Details page for the session.
6. Actual result: The page does not open, but the default page (the list of
webapps) is shown, with a message about an NPE.
Expected result: I would be nice to display a blank Session Details page with a
message and with the "Return to session list" button.
org.apache.jasper.JasperException: An exception occurred processing JSP page
/WEB-INF/jsp/sessionDetail.jsp at line 35
32:String version = (String) request.getAttribute("version");
33:ContextName cn = new ContextName(path, version);
34:Session currentSession =
(Session)request.getAttribute("currentSession");
35:HttpSession currentHttpSession = currentSession.getSession();
36:String currentSessionId = JspHelper.escapeXml(currentSession.getId());
37:String submitUrl = JspHelper.escapeXml(response.encodeURL(
38:((HttpServletRequest) pageContext.getRequest()).getRequestURI()
+
Line 35 is "currentSession.getSession()"
>From logs:
Caused by: java.lang.NullPointerException
at
org.apache.jsp.WEB_002dINF.jsp.sessionDetail_jsp._jspService(sessionDetail_jsp.java:74)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:416)
... 33 more
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diag nostics" by PidSter
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by PidSter. http://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=7&rev2=8 -- Page stub for Troubleshooting and Diagnostics techniques. - == Techniques == + == Techniques & Reference == * Capturing a thread dump * Capturing a heap dump * Examining a Stacktrace + * [[http://java.sun.com/developer/technicalArticles/J2SE/monitoring/| Sun Technical Article: Monitoring and Managing Java SE 6 Platform Applications]] - * [[#usingjmxclients|Using JMX clients]] + * [[#usingjmxclients|Notes on using JMX clients]] == Tools == - === JDK tools === - * JConsole (JMX) - * VisualVM (JMX) - * jmap - * jstack + === JMX Clients === + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jconsole.html| JConsole Docs]] + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jvisualvm.html| VisualVM Docs]] [[http://visualvm.dev.java.net| Project]] + + === JDK tools (Experimental) === + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jinfo.html| jinfo - Prints JVM process info]] + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jstack.html| jstack - Prints thread stack traces]] + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jmap.html| jmap - Dumps heap and shows heap status]] + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jhat.html| jhat - Heap Analyzer Tool]] === Profilers === - * VisualVM * MAT (Eclipse) * YourKit Profiler * JProbe + * [[http://download.oracle.com/javase/6/docs/technotes/tools/share/jvisualvm.html| VisualVM Docs]] <> - == Using JMX Clients == + == Notes on using JMX clients == When running a JMX client (JConsole, VisualVM) on the same machine as the target JVM process it is possible to connect without pre-configuring a JMX port, using the local connector stub. This method relies on being able to create a protected temporary file, accessible only to a user with administrator privileges. Java processes which are accessible via the local connector will automatically appear in the client. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037924 - in /tomcat/trunk: java/org/apache/coyote/ java/org/apache/coyote/http11/filters/ test/org/apache/coyote/http11/filters/ webapps/docs/ webapps/docs/config/
Author: kkolinko
Date: Mon Nov 22 22:43:51 2010
New Revision: 1037924
URL: http://svn.apache.org/viewvc?rev=1037924&view=rev
Log:
Impose a limit on the total length of the trailing headers.
Otherwise the ByteChunk buffer in the ChunkedInputFilter might grow unlimitedly.
Implemented as a system property. It might be better to implement it as an
attribute of a connector (like maxPostSize and maxSavePostSize attributes are),
but I am not sure that it is worth the effort.
Modified:
tomcat/trunk/java/org/apache/coyote/Constants.java
tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/org/apache/coyote/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/Constants.java?rev=1037924&r1=1037923&r2=1037924&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/Constants.java (original)
+++ tomcat/trunk/java/org/apache/coyote/Constants.java Mon Nov 22 22:43:51 2010
@@ -69,4 +69,12 @@ public final class Constants {
"org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER",
"false")).booleanValue();
+/**
+ * Limit on the total length of the trailer headers in
+ * a chunked HTTP request.
+ */
+public static final int MAX_TRAILER_SIZE =
+Integer.parseInt(System.getProperty(
+"org.apache.coyote.MAX_TRAILER_SIZE",
+"8192"));
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1037924&r1=1037923&r2=1037924&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Mon Nov 22 22:43:51 2010
@@ -102,7 +102,14 @@ public class ChunkedInputFilter implemen
/**
* Byte chunk used to store trailing headers.
*/
-protected ByteChunk trailingHeaders = new ByteChunk();
+protected ByteChunk trailingHeaders;
+
+{
+trailingHeaders = new ByteChunk();
+if (org.apache.coyote.Constants.MAX_TRAILER_SIZE > 0) {
+
trailingHeaders.setLimit(org.apache.coyote.Constants.MAX_TRAILER_SIZE);
+}
+}
/**
Modified:
tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java?rev=1037924&r1=1037923&r2=1037924&view=diff
==
---
tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
(original)
+++
tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
Mon Nov 22 22:43:51 2010
@@ -70,7 +70,52 @@ public class TestChunkedInputFilter exte
client.processRequest();
assertEquals("null7TestTestTest0123456789abcdefghijABCDEFGHIJopqrstuvwxyz",
client.getResponseBody());
}
-
+
+public void testTrailingHeadersSizeLimit() throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// Must have a real docBase - just use temp
+Context ctx =
+tomcat.addContext("", System.getProperty("java.io.tmpdir"));
+
+Tomcat.addServlet(ctx, "servlet", new EchoHeaderServlet());
+ctx.addServletMapping("/", "servlet");
+
+tomcat.start();
+
+StringBuilder longText = new StringBuilder("Test1234567890");
+while (longText.length() <= 8192) {
+longText.append(longText.toString());
+}
+
+String[] request = new String[]{
+"POST /echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
+"Host: any" + SimpleHttpClient.CRLF +
+"Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
+"Content-Type: application/x-www-form-urlencoded" +
+SimpleHttpClient.CRLF +
+"Connection: close" + SimpleHttpClient.CRLF +
+SimpleHttpClient.CRLF +
+"3" + SimpleHttpClient.CRLF +
+"a=0" + SimpleHttpClient.CRLF +
+"4" + SimpleHttpClient.CRLF +
+"&b=1" + SimpleHttpClient.CRLF +
+"0" + SimpleHttpClient.CRLF +
+"x-trailer: Test" + longText + SimpleHttpClient.CRLF +
+SimpleHttpClient.CRLF };
+
+TrailerClient client = new TrailerClient();
+client.setPort(getPort());
+client.setRequest(request);
+
+client.connect();
+client.processRequest();
svn commit: r1037927 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 22 22:49:54 2010 New Revision: 1037927 URL: http://svn.apache.org/viewvc?rev=1037927&view=rev Log: proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037927&r1=1037926&r2=1037927&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 22:49:54 2010 @@ -95,15 +95,19 @@ PATCHES PROPOSED TO BACKPORT: Note: Don't change return type for parseEndChunk(), just return true. +1: markt, kkolinko -1: + kkolinko: Only if accompanied by a patch that sets limit on the maximum + size of ChunkedInputFilter.trailingHeaders buffer. I am proposing such a + patch below. Otherwise it would be vulnerable to a DOS. kkolinko: Additional patch: http://svn.apache.org/viewvc?rev=1033842&view=rev +1: kkolinko, markt -1: - kkolinko: Maybe we can/should add a system property to allow to impose - a limit on the trailers length? Via ByteChunk.setLimit(). - + kkolinko: Patch to impose limit on the trailers length: + http://svn.apache.org/viewvc?rev=1037924&view=rev + +1: kkolinko + -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 Force DefaultServlet to serve all resources relative to context root - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1037929 - in /tomcat/trunk/webapps/ROOT: border-radius.htc index.jsp
Author: kkolinko
Date: Mon Nov 22 22:54:51 2010
New Revision: 1037929
URL: http://svn.apache.org/viewvc?rev=1037929&view=rev
Log:
Remove border-radius.htc until issue with this file is clarified.
Removed:
tomcat/trunk/webapps/ROOT/border-radius.htc
Modified:
tomcat/trunk/webapps/ROOT/index.jsp
Modified: tomcat/trunk/webapps/ROOT/index.jsp
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/ROOT/index.jsp?rev=1037929&r1=1037928&r2=1037929&view=diff
==
--- tomcat/trunk/webapps/ROOT/index.jsp (original)
+++ tomcat/trunk/webapps/ROOT/index.jsp Mon Nov 22 22:54:51 2010
@@ -28,10 +28,6 @@ request.setAttribute("tomcat7DocUrl", "/
-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: License of border-radius.htc in TC7 ROOT webapp
2010/11/22 Konstantin Kolinko : > Hi, all! > > The file /webapps/ROOT/border-radius.htc > in the current trunk does not have the ASL header, nor any other > explicit license. > I removed the file and a reference to it in r1037929 I do not want this to be a hindrance for 7.0.5. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure of tomcat-trunk on ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/841 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: Build Source Stamp: [branch tomcat/trunk] 1037929 Blamelist: kkolinko BUILD FAILED: failed failed slave lost sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
