Bug report for Tomcat Modules [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|56974|New|Nor|2014-09-12|jdbc-pool validation query defaultAutoCommit statu|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially returning incorrect sta|
+-+---+---+--+--+
| Total   34 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat Connectors [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|35959|Opn|Enh|2005-08-01|mod_jk not independant of UseCanonicalName|
|43303|New|Enh|2007-09-04|Versioning under Windows not reported by many conn|
|45313|New|Nor|2008-06-30|mod_jk 1.2.26 & apache 2.2.9 static compiled on so|
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|47795|New|Maj|2009-09-07|service sticky_session not being set correctly wit|
|48513|New|Enh|2010-01-09|IIS Quick setup instructions  |
|48564|New|Enh|2010-01-18|Allow to turn off retries for LB worker   |
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49063|New|Enh|2010-04-07|Please add JkStripSession status in jk-status work|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|53883|New|Maj|2012-09-17|isapi_redirect v 1.2.37 crashes w3wp.exe  on the p|
|53977|New|Maj|2012-10-07|32bits isapi connector cannot work in wow64 mode  |
|54027|New|Cri|2012-10-18|isapi send request to outside address instead of i|
|54117|New|Maj|2012-11-08|access violation exception in isapi_redirect.dll  |
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|57946|New|Nor|2015-05-23|Configuration example for mod_jk should be updated|
|58287|New|Nor|2015-08-26|Questionable use of "Global" objects on Windows   |
|59897|New|Nor|2016-07-25|Buffer Overflow in FD_SET in nb_connect (jk_connec|
|60240|New|Min|2016-10-11|Duplicate initialization log entry in mod_jk.log  |
|60745|New|Nor|2017-02-18|False positive: Somebody try to hack into the site|
+-+---+---+--+--+
| Total   30 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Taglibs [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57434|New|Nor|2015-01-11|Race condition in EL1.0 validation|
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
+-+---+---+--+--+
| Total   10 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat Native [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|48655|Inf|Nor|2010-02-02|Active multipart downloads prevent tomcat shutdown|
|49038|Inf|Nor|2010-04-02|Crash in tcnative |
|53940|New|Enh|2012-09-27|Added support for new CRL loading after expiration|
|55087|New|Cri|2013-06-10|tomcat crashes in tcnative-1.dll with OCSP when OC|
|55797|Inf|Nor|2013-11-19|Tomcat 7.0.47 crashes using server jvm.dll and APR|
|56378|New|Nor|2014-04-09|Cert load fails if cert is located in path with no|
|56415|New|Maj|2014-04-16|EXCEPTION_ACCESS_VIOLATION (0xc005) in tcnativ|
|57140|New|Cri|2014-10-24|tcnative-1.dll 1.1.31 indicated in fatal error|
|57521|New|Cri|2015-02-02|Tomcat randomly crashes with [libtcnative-1.so.0.1|
|57815|New|Enh|2015-04-15|Improve error message when OpenSSL does not suppor|
|58194|New|Maj|2015-07-30|Tomcat crash EXCEPTION_ACCESS_VIOLATION in tcnativ|
|58244|New|Nor|2015-08-14|two way SSL loses client certificate after a few r|
|58263|New|Nor|2015-08-19|Crash during TLS handshake|
|58434|New|Nor|2015-09-21|Make Fails Against LibreSSL   |
|59286|New|Nor|2016-04-07|Socket binding failures when using APR|
|59811|New|Nor|2016-07-06|TLS Session ID not available if session tickets ar|
|60290|New|Nor|2016-10-21|rules.mk defeats CC for configure |
|60301|New|Nor|2016-10-24|Cannot exchange libtool bundled with apr with a ne|
+-+---+---+--+--+
| Total   18 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat 7 [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|41007|Opn|Enh|2006-11-20|Can't define customized 503 error page|
|43866|New|Enh|2007-11-14|add support for session attribute propagation with|
|47242|New|Enh|2009-05-22|request for AJP command line client   |
|49395|New|Enh|2010-06-06|manager.findLeaks : display the date when the leak|
|49821|New|Enh|2010-08-25|Tomcat CLI [PATCH/Contribution]   |
|50019|New|Enh|2010-09-28|Adding JNDI "lookup-name" support In XML and Resou|
|50175|New|Enh|2010-10-28|Enhance memory leak detection by selectively apply|
|50234|New|Enh|2010-11-08|JspC use servlet 3.0 features |
|50670|New|Enh|2011-01-27|Tribes | RpcChannel | Add option to specify extern|
|50944|Ver|Blk|2011-03-18|JSF: java.lang.NullPointerException at com.sun.fac|
|51195|New|Enh|2011-05-13|"Find leaks" reports a false positive memory/class|
|51423|Inf|Enh|2011-06-23|[Patch] to add a path and a version parameters to |
|51463|New|Enh|2011-07-01|Tomcat.setBaseDir  (package org.apache.catalina.st|
|51496|New|Enh|2011-07-11|NSIS - Warn that duplicate service name will resul|
|51587|New|Enh|2011-07-29|Implement status and uptime commands  |
|51953|New|Enh|2011-10-04|Proposal: netmask filtering valve and filter [PATC|
|52381|New|Enh|2011-12-22|Please add OSGi metadata  |
|52448|New|Enh|2012-01-11|Cache jar indexes in WebappClassLoader to speed up|
|52489|New|Enh|2012-01-19|Enhancement request for code signing of war files |
|52688|New|Enh|2012-02-16|Add ability to remove old access log files [PATCHE|
|52952|New|Enh|2012-03-20|Improve ExtensionValidator handling for embedded s|
|53085|New|Enh|2012-04-16|[perf] [concurrency] DefaultInstanceManager.annota|
|53387|New|Enh|2012-06-08|SSI: Allow to use $1 to get result of regular expr|
|53411|Opn|Enh|2012-06-13|NullPointerException in org.apache.tomcat.util.buf|
|53492|New|Enh|2012-07-01|Make JspC shell multithreaded |
|53553|New|Enh|2012-07-16|[PATCH] Deploy uploaded WAR with context.xml from |
|53620|New|Enh|2012-07-30|[juli] delay opening a file until something gets l|
|54499|New|Enh|2013-01-29|Implementation of Extensible EL Interpreter   |
|54802|New|Enh|2013-04-04|Provide location information for exceptions thrown|
|55104|New|Enh|2013-06-16|Allow passing arguments with spaces to Commons Dae|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map an realm name to a security |
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56181|New|Enh|2014-02-23|RemoteIpValve & RemoteIpFilter: HttpServletRequest|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57870|New|Enh|2015-04-29|backport GzipOutputFilter #doWrite to Tomcat 7 to |
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|57892|New|Enh|2015-05-05|Log once a warning if a symbolic link is ignored (|
|58338|New|Nor|2015-09-07|BasicDataSourceFactory uses wrong attribute name  |
|59716|New|Enh|2016-06-17|Allow JNDI configuration of CorsFilter|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|60944|Inf|Nor|2017-03-30|Tomcat Production Issue connections in CLOSE_WAIT |
+-+---+---+--+--+
| Total   47 bugs   |
+---+

-
To unsubscribe

Bug report for Tomcat 9 [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|47467|New|Enh|2009-07-02|Deployment of the war file by URL when contextpath|
|48672|New|Enh|2010-02-03|Tomcat Virtual Host Manager (/host-manager) needs |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|57661|New|Enh|2015-03-04|Delay sending of 100 continue response until appli|
|57767|New|Enh|2015-03-27|Websocket client proprietary configuration|
|58242|New|Enh|2015-08-13|Scanning jars in classpath to get annotations in p|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|New|Enh|2015-10-26|support certifcate transparency   |
|58588|Opn|Enh|2015-11-05|Remove extras/juli from Tomcat 9 build and deliver|
|58590|New|Enh|2015-11-05|org.apache.catalina.realm.MemoryRealm can use back|
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59179|New|Enh|2016-03-14|HTTP Public Key Pinning (HPKP) for Tomcat |
|59203|New|Enh|2016-03-21|Try to call Thread.interrupt before calling Thread|
|59344|Ver|Enh|2016-04-18|PEM file support for JSSE |
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|59901|New|Enh|2016-07-26|Reduce I/O associated with JSP compilation|
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61105|New|Enh|2017-05-18|Roll log files by default |
|61127|New|Enh|2017-05-26|Allow cluster channelSendOptions to be specified w|
|61128|New|Enh|2017-05-26|Allow cluster manager mapSendOptions to be specifi|
+-+---+---+--+--+
| Total   20 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat 8 [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|43925|Opn|Enh|2007-11-21|org.apache.jasper.runtime.BodyContentImpl causing |
|51497|New|Enh|2011-07-11|Use canonical IPv6 text representation in logs|
|53737|Opn|Enh|2012-08-18|Use ServletContext.getJspConfigDescriptor() in Jas|
|53930|New|Enh|2012-09-24|allow capture of catalina stdout/stderr to a comma|
|54700|New|Enh|2013-03-15|Improvement: Add support for system property to sp|
|54741|New|Enh|2013-03-22|Add org.apache.catalina.startup.Tomcat#addWebapp(S|
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55252|New|Enh|2013-07-12|Separate Ant and command-line wrappers for JspC   |
|55383|New|Enh|2013-08-07|Improve markup and design of Tomcat's HTML pages  |
|9|New|Enh|2013-09-14|UserDatabaseRealm enhacement: may use local JNDI  |
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55770|New|Enh|2013-11-12|Allow the crlFile to be reloaded  |
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|55969|New|Enh|2014-01-07|Security-related enhancements to the Windows Insta|
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56361|New|Enh|2014-04-08|org.apache.tomcat.websocket.WsWebSocketContainer#b|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56399|New|Enh|2014-04-11|Re-factor request/response recycling so Coyote and|
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56676|New|Enh|2014-06-26|Normalize access to native library|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56724|New|Enh|2014-07-15|Restart Container background thread if it died une|
|56890|Inf|Maj|2014-08-26|getRealPath returns null  |
|56966|New|Enh|2014-09-11|AccessLogValve's elapsed time has 15ms precision o|
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57287|New|Enh|2014-11-29|Sort files listed by DefaultServlet   |
|57345|New|Enh|2014-12-12|APR/Native HTTPS Connector Should Support All Open|
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57665|New|Enh|2015-03-05|support x-forwarded-host  |
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58433|New|Enh|2015-09-21|RemoteIpValve not activated on redirect from mappi|
|58577|New|Enh|2015-11-03|JMX Proxy Servlet can't handle overloaded methods |
|58837|New|Enh|2016-01-12|support "X-Content-Security-Policy" a.k.a as "CSP"|
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59423|New|Enh|2016-05-03|amend "No LoginModules configured for ..." with hi|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60276|New|Enh|2016-10-19|upgrade HTTP/2 can't use gzip compress.   |
|60281|Ver|Nor|2016-10-20|Pathname of uploaded WAR file should not be contai|
|60461|New|Reg|2016-12-09|SIGSEGV in SSLSocket.getInfos |
|60511|Inf|Maj|2016-12-22|org.apache.coyote.ajp.AjpNio2Protocol sends wrong |
|60560|New|Enh|2017-01-07|Support systemd/inetd style socket activation |
|60721|Ver|Nor|2017-02-10|Unable to find key spec if more applications use b|
|60762|New|Enh|2017-02-21|Enhancement: Add support for runtime SNI changes i|
|60781|

Bug report for Tomcat 6 [2017/06/04]

2017-06-04 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|45931|Opn|Enh|2008-10-01|trimSpaces incorrectly modifies output|
|49176|Opn|Enh|2010-04-23|Jasper in Dev Mode Is Memory Inefficient  |
|49464|New|Enh|2010-06-18|DefaultServlet and CharacterEncoding  |
|49531|New|Enh|2010-06-30|singlesignon failover not working on DeltaManager/|
|51513|New|Enh|2011-07-15|GzipInterceptor: Do not compress small packages   |
|52791|New|Enh|2012-02-28|[PATCH] read windows installer default values from|
|52924|New|Enh|2012-03-15|Add support for per-application JSP compile config|
|53031|New|Enh|2012-04-03|Ant Jasper task should support Fork option|
+-+---+---+--+--+
| Total8 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61154] New: The manager applications don't start when using the Security Manager

2017-06-04 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=61154

Bug ID: 61154
   Summary: The manager applications don't start when using the
Security Manager
   Product: Tomcat 8
   Version: 8.0.x-trunk
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Manager
  Assignee: dev@tomcat.apache.org
  Reporter: csuth...@redhat.com
  Target Milestone: 

With a vanilla install the admin applications fail to deploy if you start using
the Security Manager. To resolve the issue you can move the context.xml from
the webapps into the conf/[Engine]/[Host] directory renaming them to match the
webapp. Is there some reason we don't inherently trust the manager webapps? Is
this behavior on purpose?

To reproduce:

1) Download, unzip, and start Tomcat

$ wget
http://apache.mesi.com.ar/tomcat/tomcat-8/v8.5.15/bin/apache-tomcat-8.5.15.tar.gz
$ tar xvf apache-tomcat-8.5.15.tar.gz
$ pushd apache-tomcat-8.5.15
$ bin/catalina.sh start -security

2) Check the log for the following exception (stacks shortened for brevity and
excludes host-manager exception):

~~~
04-Jun-2017 10:15:30.344 SEVERE [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDirectory The web application with
context path [/manager] was not deployed because it contained a deployment
descriptor [/apache-tomcat-8.5.15/webapps/manager/META-INF/context.xml] which
may include configuration necessary for the secure deployment of the
application but processing of deployment descriptors is prevented by the
deployXML setting of this host. An appropriate descriptor should be created at
[/apache-tomcat-8.5.15/conf/Catalina/localhost/manager.xml] to deploy this
application.
04-Jun-2017 10:15:30.376 SEVERE [localhost-startStop-1]
org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild:
start: 
 org.apache.catalina.LifecycleException: Failed to start component [/manager]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)

Caused by: org.apache.catalina.LifecycleException: Failed to process either the
global, per-host or context-specific context.xml file therefore the [/manager]
Context cannot be started.
at
org.apache.catalina.startup.FailedContext.startInternal(FailedContext.java:199)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 14 more

04-Jun-2017 10:15:30.377 SEVERE [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web
application directory [/apache-tomcat-8.5.15/webapps/manager]
 java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [/manager]
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:756)

~~~

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61154] The manager applications don't start when using the Security Manager

2017-06-04 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=61154

Coty Sutherland  changed:

   What|Removed |Added

Version|8.0.x-trunk |8.5.x-trunk

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Manager applications and the Security Manager

2017-06-04 Thread Coty Sutherland 
I went ahead and submitted
https://bz.apache.org/bugzilla/show_bug.cgi?id=61154 so I didn't
forget :)

On Fri, Jun 2, 2017 at 6:41 PM, Coty Sutherland  wrote:
> On Fri, Jun 2, 2017 at 4:41 PM, Mark Thomas  wrote:
>> On 02/06/2017 21:29, Christopher Schultz wrote:
>>> Coty,
>>>
>>> On 6/2/17 2:15 PM, Coty Sutherland wrote:
 Hi,
>>>
 I'm sure this has been brought up before, but I can't find it so I
 figured I'd ask...
>>>
 A vanilla installation of tomcat fails to start the admin webapps
 with the Security Manager enabled. This is because the manager and
 host-manager webapps ship with a context.xml.
>>>
>>> Why is that a problem?
>>>
>>> (I'm honestly asking... I've never looked much into the details of how
>>> Tomcat + SM works.)
>>
>> If a SecurityManager is enabled, any META-INF/context.xml is ignored
>> since that file can be used by bypass some of the constraints imposed by
>> the SecurityManager.
>>
>>
 The behavior isn't documented anywhere that I see, so I'm curious
 if it's intentional or has been flying under the radar.
>>
>> It is known and it hasn't been changed so I guess that makes it intentional.
>>
 Are there
 reasons why we would not trust an application that we ship when
 running under the Security Manager?
>>
>> No. But the 'don't use META-INF/context.xml' rule is a general one, not
>> a per application one.
>>
 Is there a reason we can't
 move the context.xml for each app into the appropriate
 conf/[Engine]/[Host] directory to fix this?
>>>
>>> We probably can, but that makes the app(s) a little less
>>> trivially-relocatable.
>>
>> It would be better if they were self-contained. It is easier for folks
>> to remove them.
>
> I was going to suggest copying them into conf or using a symlink, but
> copying them breaks tomcat when they are removed from webapps and a
> symlink causes an NPE in o.a.c.startup.HostConfig.deployDescriptor().
> I guess we should leave it up to the user to decide and maybe document
> it somewhere a bit more clearly?
>
>> A better solution would be to switch to the corresponding filter.
>>
 If you guys think this is a bug I can file a BZ and fix it :D Or,
 mark it as "Beginner" since it's trivial.
>>
>> Enhancement request to switch to the filter works for me. The fix is
>> still fairly trivial in with that solution.
>
> Filter? Did I miss something? This email and the BZ that I filed about
> the filter attribute are two separate things.
>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Manager applications and the Security Manager

2017-06-04 Thread Mark Thomas 
On 2 June 2017 23:41:00 BST, Coty Sutherland  wrote:
>On Fri, Jun 2, 2017 at 4:41 PM, Mark Thomas  wrote:
>> On 02/06/2017 21:29, Christopher Schultz wrote:
>>> Coty,
>>>
>>> On 6/2/17 2:15 PM, Coty Sutherland wrote:
 Hi,
>>>
 I'm sure this has been brought up before, but I can't find it so I
 figured I'd ask...
>>>
 A vanilla installation of tomcat fails to start the admin webapps
 with the Security Manager enabled. This is because the manager and
 host-manager webapps ship with a context.xml.
>>>
>>> Why is that a problem?
>>>
>>> (I'm honestly asking... I've never looked much into the details of
>how
>>> Tomcat + SM works.)
>>
>> If a SecurityManager is enabled, any META-INF/context.xml is ignored
>> since that file can be used by bypass some of the constraints imposed
>by
>> the SecurityManager.
>>
>>
 The behavior isn't documented anywhere that I see, so I'm curious
 if it's intentional or has been flying under the radar.
>>
>> It is known and it hasn't been changed so I guess that makes it
>intentional.
>>
 Are there
 reasons why we would not trust an application that we ship when
 running under the Security Manager?
>>
>> No. But the 'don't use META-INF/context.xml' rule is a general one,
>not
>> a per application one.
>>
 Is there a reason we can't
 move the context.xml for each app into the appropriate
 conf/[Engine]/[Host] directory to fix this?
>>>
>>> We probably can, but that makes the app(s) a little less
>>> trivially-relocatable.
>>
>> It would be better if they were self-contained. It is easier for
>folks
>> to remove them.
>
>I was going to suggest copying them into conf or using a symlink, but
>copying them breaks tomcat when they are removed from webapps and a
>symlink causes an NPE in o.a.c.startup.HostConfig.deployDescriptor().
>I guess we should leave it up to the user to decide and maybe document
>it somewhere a bit more clearly?
>
>> A better solution would be to switch to the corresponding filter.
>>
 If you guys think this is a bug I can file a BZ and fix it :D Or,
 mark it as "Beginner" since it's trivial.
>>
>> Enhancement request to switch to the filter works for me. The fix is
>> still fairly trivial in with that solution.
>
>Filter? Did I miss something? This email and the BZ that I filed about
>the filter attribute are two separate things.

Use the equivalent filter rather than the Valve.

Mark


>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Things that we can do to increase contributor involvement?

2017-06-04 Thread Martin Grigorov 
Hi,

On Thu, Jun 1, 2017 at 3:34 PM, Romain Manni-Bucau 
wrote:

> Hi guys,
>
> a quick feedback on that topic:
>
> - github seems to be the preferred way to submit code these days (what we
> saw in tomee, batchee etc), it implies almost the same amount of work for
> dev (just need to comment if applied or not on github itself for tracking)
> so it is a good way probably
> - tomcat build not being "standard" can be a stopper for newcomers, I know
> migrating to a real maven structure was rejected multiple times but I think
> it can help. It would enable to import the project smoothly in any IDE, run
> it almost directly from the command line (it is not rare now to not have
> ant), and make it easier to browse the structure/package/module
>

I totally agree with Romain here!
I have said it before as well: http://markmail.org/message/aomihwix7bvxpttd

@Konstantin: re. "PR === patch"
For me PR is much more convenient than a .patch file because I can comment
on any line! And even have a whole discussion thread on it!

Me and some other ASF committers have asked at
us...@infrastructure.apache.org why ASF Git doesn't provide more advanced
features, like PRs. Even Atlassian offered hosted BitBucket for free but it
has been rejected :-/

Now there is https://gitbox.apache.org/ but it is still in early evaluation
stage. I hope it will make it simpler for my other Apache projects (Wicket
and Isis) some day!

Martin


>
>
>
> Romain Manni-Bucau
> @rmannibucau  |  Blog
>  | Old Blog
>  | Github  rmannibucau> |
> LinkedIn  | JavaEE Factory
> 
>
> 2017-06-01 15:29 GMT+02:00 Mark Thomas :
>
> > On 1 June 2017 13:05:18 BST, Coty Sutherland 
> wrote:
> >
> > >Hm, using Git was mentioned at the TomcatCon but I can't recall if the
> > >git repository on github is bi-directional or just a clone of svn. Can
> > >anyone answer that?
> >
> > The ASF hosts a read-only git clone of svn. GitHub has a read-only mirror
> > of the ASF repo.
> >
> > I.e. only ASF svn is read/write.
> >
> > > Have we made a decision about the best way to
> > >submit patches? BZ attachment, github PR, email, other?
> >
> > BZ or PR are generally best since they are less likely to be forgotten.
> >
> > > How often do
> > >we check the github projects for contributions?
> >
> > Notifications of PRs get sent to the dev list.
> >
> > >  We also talked about
> > >going over the tomcat 6 and older version BZs to clean them up, maybe
> > >we should do the same for github PRs?
> >
> > 5.5.x and earlier was cleaned up as they went EOL. There are currently 15
> > or so 6.0.x BZ entries left to clean up.
> >
> > >> Anyway, there are PRs there from a few months ago, all the way to a
> > >couple
> > >> of years ago.  The really old ones should be closed IMO, and suggest
> > >to the
> > >> contributors to submit again if the issue(s) are still valid.
> >
> > There is generally a large difference in responsiveness between bugs and
> > enhancement requests. Most of the open PRs have been reviewed and are
> > waiting for feedback. The others are enhancement requests which typically
> > remain open until there is sufficient interest in implementing them.
> >
> > Yes it would be great to move faster on these. That needs more people
> > looking at them. Things are slowly improving - the total open issues is
> > trending downwards over time.
> >
> > Mark
> >
> >
> >  > The
> > >newer
> > >> ones should be evaluated and feedback should be given to the
> > >contributors
> > >> You already "found" new contributors -- better spend some time
> > >"cultivating"
> > >> them than look for new ones who might end up stuck in that same
> > >situation.
> > >>
> > >> The most recent PR ATM -- https://github.com/apache/tomcat/pull/56 --
> > >is
> > >> from me, and it's only been a few days, so normally I wouldn't have
> > >said
> > >> anything at this point because it hasn't been "long enough" since I
> > >> submitted it.  But then I saw this email and it made perfect sense
> > >for me to
> > >> chime in.
> > >>
> > >> It was very important for me to keep my PR as small and simple as
> > >possible,
> > >> so that it's easy to review and accept or reject.  But there is no
> > >feedback
> > >
> > >Just for future reference, when you submit a PR it's easiest to review
> > >if you squash all of the commits into one rather than multiple
> > >commits.
> > >
> > >> whatsoever.  I usually have more time to contribute on the weekends,
> > >so if
> > >> I'll get some feedback soon, I will hopefully be able to implement
> > >whatever
> > >> changes necessary on the weekend.  If not, then another week goes by.
> > >>
> > >> Anyway, I really am not complaining here.  Just providing a
> > >perspective from
> > >> "the other side".
> > >>
> > >> All the best, and keep up the good work!
> > >