[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

2017-06-08 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

--- Comment #24 from Lulseged Zerfu  ---
Hi

 A reverse proxy is not an option and I would like to make a case where we
allow double quotes in request URLs as '{', '}' and '|' are allowed today by
configuring:

tomcat.util.http.parser.HttpParser.requestTargetAllow="

How can I make this a case?

BR
Lulseged Zerfu

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

2017-06-08 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

--- Comment #25 from Mark Thomas  ---
I'm neutral on adding '<' and '>' as allowed options.

I think '"' is in the same category. i.e. there is the risk that unexpected
reverse proxy behaviour will trigger a CVE-2016-6816 like issue, no parsing
issues and likelihood of breakage if the URL is used in HTML or similar without
escaping.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread KeiichiFujino 
Github user KeiichiFujino commented on the issue:

https://github.com/apache/tomcat/pull/56
  
Sorry for the late reply.

I do not think it work as expected.
Even if updating the type of channelStartOptions from int to String in 
mbeans-descriptor, 
it will display int format values.
Because the channelSendOptions is always set to int format.
if you set channelSendOptions = "asynchronous", 8 will be displayed  via 
JMX.

For example, 
The channelSendOptions in the String format specified by the argument must 
be saved under a different name(e.g. channelSendOptionsName) and published to 
JMX.
Then add the following definition to mbeans-descriptor.

`

`



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1798038 - in /tomcat/site/trunk/xdocs: oldnews-2016.xml security-7.xml security-8.xml security-9.xml

2017-06-08 Thread ebourg 
Author: ebourg
Date: Thu Jun  8 09:53:45 2017
New Revision: 1798038

URL: http://svn.apache.org/viewvc?rev=1798038&view=rev
Log:
Fixed some typos

Modified:
tomcat/site/trunk/xdocs/oldnews-2016.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/xdocs/oldnews-2016.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/oldnews-2016.xml?rev=1798038&r1=1798037&r2=1798038&view=diff
==
--- tomcat/site/trunk/xdocs/oldnews-2016.xml (original)
+++ tomcat/site/trunk/xdocs/oldnews-2016.xml Thu Jun  8 09:53:45 2017
@@ -620,7 +620,7 @@ Tomcat 9.0.x so that they may provide fe
 9.0.0.M4 include:
 
 Add direct HTTP/2 connection support
-Update the implementation of the the proposed Servlet 4.0 API to provide
+Update the implementation of the proposed Servlet 4.0 API to provide
 mapping type information for the current request to reflect discussions
 within the EG.
 Update the packaged version of the Tomcat Native Library to 1.2.7 to pick 
up

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1798038&r1=1798037&r2=1798038&view=diff
==
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Thu Jun  8 09:53:45 2017
@@ -70,8 +70,8 @@
 
 Notes for other user provided error pages:
 
-  Unless explicitly coded otherwise, JSPs ignore the the HTTP method.
-  JSPs used as error pages must must ensure that they handle any error
+  Unless explicitly coded otherwise, JSPs ignore the HTTP method.
+  JSPs used as error pages must ensure that they handle any error
   dispatch as a GET request, regardless of the actual method.
   By default, the response generated by a Servlet does depend on the
   HTTP method. Custom Servlets used as error pages must ensure that

Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1798038&r1=1798037&r2=1798038&view=diff
==
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Thu Jun  8 09:53:45 2017
@@ -70,8 +70,8 @@
 
 Notes for other user provided error pages:
 
-  Unless explicitly coded otherwise, JSPs ignore the the HTTP method.
-  JSPs used as error pages must must ensure that they handle any error
+  Unless explicitly coded otherwise, JSPs ignore the HTTP method.
+  JSPs used as error pages must ensure that they handle any error
   dispatch as a GET request, regardless of the actual method.
   By default, the response generated by a Servlet does depend on the
   HTTP method. Custom Servlets used as error pages must ensure that
@@ -113,8 +113,8 @@
 
 Notes for other user provided error pages:
 
-  Unless explicitly coded otherwise, JSPs ignore the the HTTP method.
-  JSPs used as error pages must must ensure that they handle any error
+  Unless explicitly coded otherwise, JSPs ignore the HTTP method.
+  JSPs used as error pages must ensure that they handle any error
   dispatch as a GET request, regardless of the actual method.
   By default, the response generated by a Servlet does depend on the
   HTTP method. Custom Servlets used as error pages must ensure that

Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1798038&r1=1798037&r2=1798038&view=diff
==
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Thu Jun  8 09:53:45 2017
@@ -70,8 +70,8 @@
 
 Notes for other user provided error pages:
 
-  Unless explicitly coded otherwise, JSPs ignore the the HTTP method.
-  JSPs used as error pages must must ensure that they handle any error
+  Unless explicitly coded otherwise, JSPs ignore the HTTP method.
+  JSPs used as error pages must ensure that they handle any error
   dispatch as a GET request, regardless of the actual method.
   By default, the response generated by a Servlet does depend on the
   HTTP method. Custom Servlets used as error pages must ensure that



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

2017-06-08 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

--- Comment #26 from Lulseged Zerfu  ---
Hi

 We don't see anyway out when millions of terminals are not working and that
tomcat restricted '"' from being a part of request URL.

 Terminals will not comply overnight but are starting to comply slowly.
Therefore we need to allow '"' under some transitional period before totally
disallow the '"' char in a request URL.

 Staying on tomcat version 8.0.36 still risky because CVE-2016-6816 can be
triggered.

BR
Lulseged Zerfu

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread ChristopherSchultz 
Github user ChristopherSchultz commented on the issue:

https://github.com/apache/tomcat/pull/56
  
@KeiichiFujino Okay, so we'd have a synthetic mbean attribute that we can 
re-construct from the int value we store internally? Or, do you think we should 
save the string that was used in configuration?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread isapir 
Github user isapir commented on the issue:

https://github.com/apache/tomcat/pull/56
  
>Even if updating the type of channelStartOptions from int to String in 
mbeans-descriptor,
it will display int format values.
Because the channelSendOptions is always set to int format.
if you set channelSendOptions = "asynchronous", 8 will be displayed via JMX.

Right, because we are not changing the way that the value is stored, we are 
only adding a way to make it easier to set it.  You will still be able to 
change the value (not sure if that's even permitted at runtime) via JMX with 
either `String` or `int` value, but it will be displayed in its `int` form.

This is the way that it is already implemented for `channelStartOptions`



Which is also an `int`, but specified as `String` in the mbeans-descriptor, 
and TBH, it will be inconsistent if other similar values will be displayed as 
`int` and this one will be displayed as `String`.

I can write a method to translate back from `int` to `String`, but IMO this 
is really unnecessary, as it is an advanced option which you don't normally 
change at runtime, and if you need to troubleshoot an issue then you know what 
value you expect to see.

Again, setting the value via JMX should work now with either `String` or 
`int` input.  It's only the way that it is displayed that remains an `int`.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread isapir 
Github user isapir commented on the issue:

https://github.com/apache/tomcat/pull/56
  
@KeiichiFujino @ChristopherSchultz I added:

* a method to translate the int value to a string list:

https://github.com/apache/tomcat/pull/56/files#diff-5c721c838c78fa7c31f9eb62c27863ceR439

* `public String getChannelSendOptionsName()`

https://github.com/apache/tomcat/pull/56/files#diff-8e81c1ebb6efdca13082a2798a305251R403

* a read-only `channelSendOptionsName` in mbeans-descriptor

https://github.com/apache/tomcat/pull/56/files#diff-9dca3596f50abfe90c0ed9b54d4e2092R32

* a test-case that checks the string representation

https://github.com/apache/tomcat/pull/56/files#diff-a638e8120005efa2cccdf63066b7fde5R53

I believe that this addresses all of the issues with this PR.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1798121 - /tomcat/trunk/webapps/manager/WEB-INF/web.xml

2017-06-08 Thread markt 
Author: markt
Date: Thu Jun  8 20:18:21 2017
New Revision: 1798121

URL: http://svn.apache.org/viewvc?rev=1798121&view=rev
Log:
No need for SetCharacterEncodingFilter in this case with Java EE 8

Modified:
tomcat/trunk/webapps/manager/WEB-INF/web.xml

Modified: tomcat/trunk/webapps/manager/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/web.xml?rev=1798121&r1=1798120&r2=1798121&view=diff
==
--- tomcat/trunk/webapps/manager/WEB-INF/web.xml (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/web.xml Thu Jun  8 20:18:21 2017
@@ -28,6 +28,8 @@
 Manager lets you view, load/unload/etc particular web applications.
   
 
+  UTF-8
+
   
 Manager
 org.apache.catalina.manager.ManagerServlet
@@ -90,20 +92,6 @@
   
 
   
-SetCharacterEncoding
-
org.apache.catalina.filters.SetCharacterEncodingFilter
-
-  encoding
-  UTF-8
-
-  
-
-  
-SetCharacterEncoding
-/*
-  
-
-  
 CSRF
 
org.apache.catalina.filters.CsrfPreventionFilter
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61154] The manager applications don't start when using the Security Manager

2017-06-08 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=61154

--- Comment #1 from Mark Thomas  ---
The RemoteAddrVale we can replace with the equivalent filter. The privileged
attribute is trickier. Still thinking about that.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread ChristopherSchultz 
Github user ChristopherSchultz commented on the issue:

https://github.com/apache/tomcat/pull/56
  
@isapir FYI `1 << bit` is the same as `(int)Math.pow(2, bit)` and probably 
slightly more efficient. Better yet, it's less code to read. No particular 
reason to change the patch. I'm already happy with what we've got.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread isapir 
Github user isapir commented on the issue:

https://github.com/apache/tomcat/pull/56
  
I'll change it.  Please wait.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread ChristopherSchultz 
Github user ChristopherSchultz commented on the issue:

https://github.com/apache/tomcat/pull/56
  
I'm waiting on a final review from @KeiichiFujino before I commit.

In the meantime there are 2 `@return` javadoc annotations with no value. 
Could you complete those?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread ChristopherSchultz 
Github user ChristopherSchultz commented on the issue:

https://github.com/apache/tomcat/pull/56
  
Thanks @Igal for your patience with this PR review. I know we've been a bit 
of a pain. But this work will make the contribution that much more useful.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread isapir 
Github user isapir commented on the issue:

https://github.com/apache/tomcat/pull/56
  
@ChristopherSchultz I updated the patch according to your feedback: 
https://github.com/apache/tomcat/pull/56/commits/f0c3968570f70823d30cf18144e82591a7ee0cee

I was actually trying at first to get it to work with a bit shift but when 
it didn't work I resorted to  `Math.pow(2, bit)` -- bit shift is definitely 
better, though it's possible that `Math.pow(2, x)` utilizes shift in the JRE 
anyway.

In any event, great feedback, thanks!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1798125 - in /tomcat/trunk/webapps: examples/WEB-INF/web.xml host-manager/WEB-INF/web.xml

2017-06-08 Thread markt 
Author: markt
Date: Thu Jun  8 21:33:26 2017
New Revision: 1798125

URL: http://svn.apache.org/viewvc?rev=1798125&view=rev
Log:
No need for SetCharacterEncodingFilter in these cases with Java EE 8

Modified:
tomcat/trunk/webapps/examples/WEB-INF/web.xml
tomcat/trunk/webapps/host-manager/WEB-INF/web.xml

Modified: tomcat/trunk/webapps/examples/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/web.xml?rev=1798125&r1=1798124&r2=1798125&view=diff
==
--- tomcat/trunk/webapps/examples/WEB-INF/web.xml (original)
+++ tomcat/trunk/webapps/examples/WEB-INF/web.xml Thu Jun  8 21:33:26 2017
@@ -27,6 +27,8 @@
 
 Servlet and JSP Examples
 
+UTF-8
+
 
 
 Timing Filter
@@ -42,21 +44,6 @@
 
org.apache.catalina.filters.RequestDumperFilter
 
 
-
-
-Set Character Encoding
-
org.apache.catalina.filters.SetCharacterEncodingFilter
-true
-
-encoding
-UTF-8
-
-
-ignore
-false
-
-
-
 
 Compression Filter
 compressionFilters.CompressionFilter
@@ -86,13 +73,6 @@
 
 -->
 
-
-
-Set Character Encoding
-/*
-
-

svn commit: r1798126 - /tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java

2017-06-08 Thread markt 
Author: markt
Date: Thu Jun  8 21:36:10 2017
New Revision: 1798126

URL: http://svn.apache.org/viewvc?rev=1798126&view=rev
Log:
Remove / deprecate unnecessary code

Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java?rev=1798126&r1=1798125&r2=1798126&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java Thu Jun  8 
21:36:10 2017
@@ -1072,9 +1072,9 @@ public class StandardWrapper extends Con
 processServletSecurityAnnotation(servlet.getClass());
 
 // Special handling for ContainerServlet instances
-if ((servlet instanceof ContainerServlet) &&
-(isContainerProvidedServlet(servletClass) ||
-((Context) getParent()).getPrivileged() )) {
+// Note: The InstanceManager checks if the application is permitted
+//   to load ContainerServlets
+if (servlet instanceof ContainerServlet) {
 ((ContainerServlet) servlet).setWrapper(this);
 }
 
@@ -1548,7 +1548,10 @@ public class StandardWrapper extends Con
  * server class loader.
  *
  * @param classname Name of the class to be checked
+ *
+ * @deprecated Unused. Will be removed in Tomcat 9
  */
+@Deprecated
 protected boolean isContainerProvidedServlet(String classname) {
 
 if (classname.startsWith("org.apache.catalina.")) {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1798127 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/core/StandardWrapper.java

2017-06-08 Thread markt 
Author: markt
Date: Thu Jun  8 21:36:43 2017
New Revision: 1798127

URL: http://svn.apache.org/viewvc?rev=1798127&view=rev
Log:
Remove / deprecate unnecessary code

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardWrapper.java

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun  8 21:36:43 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 
8,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763786,1763798-1763799,1763810

svn commit: r1798128 - /tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java

2017-06-08 Thread markt 
Author: markt
Date: Thu Jun  8 21:37:19 2017
New Revision: 1798128

URL: http://svn.apache.org/viewvc?rev=1798128&view=rev
Log:
Remove deprecated code

Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java?rev=1798128&r1=1798127&r2=1798128&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java Thu Jun  8 
21:37:19 2017
@@ -1542,33 +1542,6 @@ public class StandardWrapper extends Con
 //  protected 
Methods
 
 
-/**
- * @return true if the specified class name represents a
- * container provided servlet class that should be loaded by the
- * server class loader.
- *
- * @param classname Name of the class to be checked
- *
- * @deprecated Unused. Will be removed in Tomcat 9
- */
-@Deprecated
-protected boolean isContainerProvidedServlet(String classname) {
-
-if (classname.startsWith("org.apache.catalina.")) {
-return true;
-}
-try {
-Class clazz =
-this.getClass().getClassLoader().loadClass(classname);
-return ContainerServlet.class.isAssignableFrom(clazz);
-} catch (Throwable t) {
-ExceptionUtils.handleThrowable(t);
-return false;
-}
-
-}
-
-
 protected Method[] getAllDeclaredMethods(Class c) {
 
 if (c.equals(javax.servlet.http.HttpServlet.class)) {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

package trailers does not exist

2017-06-08 Thread Igal @ Lucee.org 
When I set the `test` directory as a Test root dir in IntelliJ IDEA, I 
get errors like:


E:\Workspace\git\tomcat\test\org\apache\coyote\http2\TestStream.java
Error:(33, 16) java: package trailers does not exist
Error:(90, 49) java: cannot find symbol
  symbol:   class ResponseTrailers
  location: class org.apache.coyote.http2.TestStream

https://github.com/apache/tomcat/blob/trunk/test/org/apache/coyote/http2/TestStream.java#L33

Can anyone tell me where `trailers` is coming from?

Thanks,

Igal Sapir
Lucee Core Developer
Lucee.org

[Bug 61154] The manager applications don't start when using the Security Manager

2017-06-08 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=61154

--- Comment #2 from Konstantin Kolinko  ---
Two ideas:

A. Move manager and host-manager out of webapps,
and deploy them via a context file?

- It was like that in Tomcat 5.5

- I use this configuration when running with separate CATALINA_BASE and
CATALINA_HOME, and documented the recipe in RUNNING.txt

https://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/RUNNING.txt?revision=1735559&view=markup#l293


B. Implement some permission that whitelists the use of context.xml in manager,
host-manager?

The default catalina.policy already has special permissions for manager,
thus this web application already has special configuration there.

https://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/conf/catalina.policy?revision=1763403&view=markup#l199

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 61105] Roll log files by default

2017-06-08 Thread Huxing Zhang 
Hi,

> There was no concern expressed about the log files that are currently not
> rolled (generally, I suspect, because well written apps won;t trigger content
> to those files).

We do have concerns about rotate the output to stdout/stderr.
In most of our cases, this is due to logging framework conflict between log4j 
and logback in a web application.
The default behavior is that all the logging content are eventually gone to 
catalina.out.
Most of the users even won't be aware of it, until being alerted by running out 
of the disk space (The web application may run for months).

To avoid this, we actually have implemented a feature in Tomcat to rotate 
catalina.out on a daily basis.
Under the hood we use a customized PrintStream to replace 
System.out/System.err, capture the content, and output to JULI.
Since it is rotated by day, it make us easier to keep the latest N files.

I know the best solution will be solving the conflict, but according to our 
experience, most of the user don't know there is a conflict.

In there any interest in adding this feature to Tomcat? 

--
From:bugzilla 
Time:2017 Jun 6 (Tue) 03:45
To:dev 
Subject:[Bug 61105] Roll log files by default


https://bz.apache.org/bugzilla/show_bug.cgi?id=61105

--- Comment #2 from Mark Thomas  ---
The conversation at TomcatCon was around putting a (relatively large) limit on
the number of files that are kept by default. Picking a number of of thin air,
how does 90 days sound?

There was no concern expressed about the log files that are currently not
rolled (generally, I suspect, because well written apps won;t trigger content
to those files).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61105] Roll log files by default

2017-06-08 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=61105

--- Comment #6 from Huxing Zhang  ---
Hi,

> There was no concern expressed about the log files that are currently not
> rolled (generally, I suspect, because well written apps won;t trigger content
> to those files).

We do have concerns about rotate the output to stdout/stderr.
In most of our cases, this is due to logging framework conflict between log4j
and logback in a web application.
The default behavior is that all the logging content are eventually gone to
catalina.out.
Most of the users even won't be aware of it, until being alerted by running out
of the disk space (The web application may run for months).

To avoid this, we actually have implemented a feature in Tomcat to rotate
catalina.out on a daily basis.
Under the hood we use a customized PrintStream to replace
System.out/System.err, capture the content, and output to JULI.
Since it is rotated by day, it make us easier to keep the latest N files.

I know the best solution will be solving the conflict, but according to our
experience, most of the user don't know there is a conflict.

In there any interest in adding this feature to Tomcat?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread KeiichiFujino 
Github user KeiichiFujino commented on the issue:

https://github.com/apache/tomcat/pull/56
  
There are two comments.

you need to add BackupManager mbean definitions.
```

```
in org/apache/catalina/ha/session/mbeans-descriptors.xml

There is a typo in 
```

```
"channelStartOptions name."  -> "channelSendOptions name." 



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread isapir 
Github user isapir commented on the issue:

https://github.com/apache/tomcat/pull/56
  
@KeiichiFujino Thank you for your prompt review.

>you need to add BackupManager mbean definitions ... in 
org/apache/catalina/ha/session/mbeans-descriptors.xml

Thank you for providing the path.  I was looking for that and didn't find 
it easily.

>There is a typo in ... "channelStartOptions name." -> "channelSendOptions 
name."

Corrected.  I actually copied and pasted it from your comment above --
 https://github.com/apache/tomcat/pull/56#issuecomment-307055014 -- and 
simply added new line characters, but I should have caught that ;)

Can you please confirm that as far as you're concerned this can now be 
merged?  @ChristopherSchultz is awaiting your approval.

Thank you :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread isapir 
Github user isapir commented on the issue:

https://github.com/apache/tomcat/pull/56
  
@KeiichiFujino p.s. This is the last commit that addresses the issues 
above: 
https://github.com/apache/tomcat/pull/56/commits/192d2eb13e9ec9448e183dcc3b166f7d3577c250



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat issue #56: Convert Cluster Manager human-readable channelSendOptions ...

2017-06-08 Thread KeiichiFujino 
Github user KeiichiFujino commented on the issue:

https://github.com/apache/tomcat/pull/56
  
I confirmed. there is no problem.
Thanks.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org