Bug report for Tomcat 9 [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |47467|New|Enh|2009-07-02|Deployment of the war file by URL when contextpath| |48672|New|Enh|2010-02-03|Tomcat Virtual Host Manager (/host-manager) needs | |57505|New|Enh|2015-01-27|Add integration tests for JspC| |57661|New|Enh|2015-03-04|Delay sending of 100 continue response until appli| |57767|Opn|Enh|2015-03-27|Websocket client proprietary configuration| |58242|New|Enh|2015-08-13|Scanning jars in classpath to get annotations in p| |58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI | |58548|New|Enh|2015-10-26|support certifcate transparency | |58590|New|Enh|2015-11-05|org.apache.catalina.realm.MemoryRealm can use back| |58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T| |59179|New|Enh|2016-03-14|HTTP Public Key Pinning (HPKP) for Tomcat | |59203|New|Enh|2016-03-21|Try to call Thread.interrupt before calling Thread| |59344|Ver|Enh|2016-04-18|PEM file support for JSSE | |59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means | |59901|New|Enh|2016-07-26|Reduce I/O associated with JSP compilation| |60523|Opn|Enh|2016-12-27|Reduce number of network packets that server sends| |60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an| |61171|New|Enh|2017-06-09|Add port offset attribute (portOffset?) to Server | |61189|New|Enh|2017-06-15|CGIServlet should be able to set specific environm| |61223|New|Enh|2017-06-26|Enhance the documentation for mbeans-descriptors.x| |61280|New|Enh|2017-07-11|Support characters sets other than ISO 8859-1 in H| |61393|New|Min|2017-08-08|org.apache.tomcat.jni.TestSocketServer timeout fai| |61394|New|Min|2017-08-08|NIO/NIO2 + OpenSSL renegotiation doesn't send list| +-+---+---+--+--+ | Total 23 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Modules [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen| |51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho| |51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods | |52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o| |53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe| |54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int| |54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang| |55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ| |55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di| |56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p| |56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio| |56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr| |56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =| |56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue| |56779|New|Nor|2014-07-28|Allow multiple connection initialization statement| |56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti| |56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i| |56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f| |56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl| |56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic| |56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat| |56974|New|Nor|2014-09-12|jdbc-pool validation query defaultAutoCommit statu| |57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem| |57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e| |58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti| |59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source | |59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect | |59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec| |60195|New|Nor|2016-10-02|No javadoc in Maven Central | |60522|New|Nor|2016-12-27|An option for setting if the transaction should be| |60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68 | |60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe | |61032|New|Nor|2017-04-24|min pool size is not being respected | |61103|New|Nor|2017-05-18|StatementCache potentially returning incorrect sta| |61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy| |61303|New|Enh|2017-07-15|Refactoring of ConnectionPool | |61312|New|Nor|2017-07-17|NullPointerException in StatementCache.isCached | |61425|New|Nor|2017-08-16|all idle connections become ' in transaction| +-+---+---+--+--+ | Total 38 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Taglibs [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field | |38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)| |42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements | |46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l| |48333|New|Enh|2009-12-02|TLD generator | |57434|New|Nor|2015-01-11|Race condition in EL1.0 validation| |57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta| |57684|New|Min|2015-03-10|Version info should be taken from project version | |59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be| |59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in| +-+---+---+--+--+ | Total 10 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Native [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |48655|Inf|Nor|2010-02-02|Active multipart downloads prevent tomcat shutdown| |49038|Inf|Nor|2010-04-02|Crash in tcnative | |53940|New|Enh|2012-09-27|Added support for new CRL loading after expiration| |55087|New|Cri|2013-06-10|tomcat crashes in tcnative-1.dll with OCSP when OC| |55797|Inf|Nor|2013-11-19|Tomcat 7.0.47 crashes using server jvm.dll and APR| |56378|New|Nor|2014-04-09|Cert load fails if cert is located in path with no| |56415|New|Maj|2014-04-16|EXCEPTION_ACCESS_VIOLATION (0xc005) in tcnativ| |57140|New|Cri|2014-10-24|tcnative-1.dll 1.1.31 indicated in fatal error| |57521|New|Cri|2015-02-02|Tomcat randomly crashes with [libtcnative-1.so.0.1| |57815|New|Enh|2015-04-15|Improve error message when OpenSSL does not suppor| |58194|New|Maj|2015-07-30|Tomcat crash EXCEPTION_ACCESS_VIOLATION in tcnativ| |58244|New|Nor|2015-08-14|two way SSL loses client certificate after a few r| |58263|New|Nor|2015-08-19|Crash during TLS handshake| |58434|New|Nor|2015-09-21|Make Fails Against LibreSSL | |59286|New|Nor|2016-04-07|Socket binding failures when using APR| |59811|New|Nor|2016-07-06|TLS Session ID not available if session tickets ar| |60290|New|Nor|2016-10-21|rules.mk defeats CC for configure | |60301|New|Nor|2016-10-24|Cannot exchange libtool bundled with apr with a ne| |61415|New|Nor|2017-08-15|SSL protocol error with Chrome, client certificate| |61422|New|Nor|2017-08-16|Feature requests for tc-native based on forked net| +-+---+---+--+--+ | Total 20 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Connectors [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |35959|Opn|Enh|2005-08-01|mod_jk not independant of UseCanonicalName| |43303|New|Enh|2007-09-04|Versioning under Windows not reported by many conn| |45313|New|Nor|2008-06-30|mod_jk 1.2.26 & apache 2.2.9 static compiled on so| |46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca| |47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A| |47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j| |47795|New|Maj|2009-09-07|service sticky_session not being set correctly wit| |48513|New|Enh|2010-01-09|IIS Quick setup instructions | |48564|New|Enh|2010-01-18|Allow to turn off retries for LB worker | |48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv| |49063|New|Enh|2010-04-07|Please add JkStripSession status in jk-status work| |49822|New|Enh|2010-08-25|Add hash lb worker method | |49903|New|Enh|2010-09-09|Make workers file reloadable | |52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus| |53883|New|Maj|2012-09-17|isapi_redirect v 1.2.37 crashes w3wp.exe on the p| |53977|New|Maj|2012-10-07|32bits isapi connector cannot work in wow64 mode | |54027|New|Cri|2012-10-18|isapi send request to outside address instead of i| |54117|New|Maj|2012-11-08|access violation exception in isapi_redirect.dll | |54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks | |56489|New|Enh|2014-05-05|Include a directory for configuration files | |56576|New|Enh|2014-05-29|Websocket support | |57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce| |57403|New|Enh|2014-12-30|Persist configuration changes made via status work| |57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook| |57790|New|Enh|2015-04-03|Check worker names for typos | |57946|New|Nor|2015-05-23|Configuration example for mod_jk should be updated| |58287|New|Nor|2015-08-26|Questionable use of "Global" objects on Windows | |59897|New|Nor|2016-07-25|Buffer Overflow in FD_SET in nb_connect (jk_connec| |60240|New|Min|2016-10-11|Duplicate initialization log entry in mod_jk.log | |60745|New|Nor|2017-02-18|False positive: Somebody try to hack into the site| +-+---+---+--+--+ | Total 30 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 7 [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |41007|Opn|Enh|2006-11-20|Can't define customized 503 error page| |43866|New|Enh|2007-11-14|add support for session attribute propagation with| |47242|New|Enh|2009-05-22|request for AJP command line client | |49395|New|Enh|2010-06-06|manager.findLeaks : display the date when the leak| |49821|New|Enh|2010-08-25|Tomcat CLI [PATCH/Contribution] | |50019|New|Enh|2010-09-28|Adding JNDI "lookup-name" support In XML and Resou| |50175|New|Enh|2010-10-28|Enhance memory leak detection by selectively apply| |50234|New|Enh|2010-11-08|JspC use servlet 3.0 features | |50670|New|Enh|2011-01-27|Tribes | RpcChannel | Add option to specify extern| |50944|Ver|Blk|2011-03-18|JSF: java.lang.NullPointerException at com.sun.fac| |51195|New|Enh|2011-05-13|"Find leaks" reports a false positive memory/class| |51423|Inf|Enh|2011-06-23|[Patch] to add a path and a version parameters to | |51496|New|Enh|2011-07-11|NSIS - Warn that duplicate service name will resul| |51587|New|Enh|2011-07-29|Implement status and uptime commands | |51953|New|Enh|2011-10-04|Proposal: netmask filtering valve and filter [PATC| |52381|New|Enh|2011-12-22|Please add OSGi metadata | |52448|New|Enh|2012-01-11|Cache jar indexes in WebappClassLoader to speed up| |52489|New|Enh|2012-01-19|Enhancement request for code signing of war files | |52688|New|Enh|2012-02-16|Add ability to remove old access log files [PATCHE| |52952|New|Enh|2012-03-20|Improve ExtensionValidator handling for embedded s| |53085|New|Enh|2012-04-16|[perf] [concurrency] DefaultInstanceManager.annota| |53387|New|Enh|2012-06-08|SSI: Allow to use $1 to get result of regular expr| |53411|Opn|Enh|2012-06-13|NullPointerException in org.apache.tomcat.util.buf| |53492|New|Enh|2012-07-01|Make JspC shell multithreaded | |53553|New|Enh|2012-07-16|[PATCH] Deploy uploaded WAR with context.xml from | |53620|New|Enh|2012-07-30|[juli] delay opening a file until something gets l| |54499|New|Enh|2013-01-29|Implementation of Extensible EL Interpreter | |54802|New|Enh|2013-04-04|Provide location information for exceptions thrown| |55104|New|Enh|2013-06-16|Allow passing arguments with spaces to Commons Dae| |55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star| |55477|New|Enh|2013-08-23|Add a solution to map an realm name to a security | |56148|New|Enh|2014-02-17|support (multiple) ocsp stapling | |56181|New|Enh|2014-02-23|RemoteIpValve & RemoteIpFilter: HttpServletRequest| |56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation| |56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co| |56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta| |56787|New|Enh|2014-07-29|Simplified jndi name parsing | |57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the| |57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta| |57870|New|Enh|2015-04-29|backport GzipOutputFilter #doWrite to Tomcat 7 to | |57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due| |57892|New|Enh|2015-05-05|Log once a warning if a symbolic link is ignored (| |58338|New|Nor|2015-09-07|BasicDataSourceFactory uses wrong attribute name | |59716|New|Enh|2016-06-17|Allow JNDI configuration of CorsFilter| |60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli| |60944|Inf|Nor|2017-03-30|Tomcat Production Issue connections in CLOSE_WAIT | |61367|Inf|Nor|2017-08-01|NPE exception in org.apache.catalina.connector.Coy| +-+---+---+--+--+ | Total 47 bugs | +---+ - To unsubscribe
Bug report for Tomcat 8 [2017/08/20]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |43925|Opn|Enh|2007-11-21|org.apache.jasper.runtime.BodyContentImpl causing | |51497|New|Enh|2011-07-11|Use canonical IPv6 text representation in logs| |53737|Opn|Enh|2012-08-18|Use ServletContext.getJspConfigDescriptor() in Jas| |53930|New|Enh|2012-09-24|allow capture of catalina stdout/stderr to a comma| |54700|New|Enh|2013-03-15|Improvement: Add support for system property to sp| |54741|New|Enh|2013-03-22|Add org.apache.catalina.startup.Tomcat#addWebapp(S| |55243|New|Enh|2013-07-11|Add special search string for nested roles| |55252|New|Enh|2013-07-12|Separate Ant and command-line wrappers for JspC | |55383|New|Enh|2013-08-07|Improve markup and design of Tomcat's HTML pages | |9|New|Enh|2013-09-14|UserDatabaseRealm enhacement: may use local JNDI | |55675|New|Enh|2013-10-18|Checking and handling invalid configuration option| |55770|New|Enh|2013-11-12|Allow the crlFile to be reloaded | |55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp| |55969|New|Enh|2014-01-07|Security-related enhancements to the Windows Insta| |56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia| |56361|New|Enh|2014-04-08|org.apache.tomcat.websocket.WsWebSocketContainer#b| |56398|New|Enh|2014-04-11|Support Arquillian-based unit testing | |56399|New|Enh|2014-04-11|Re-factor request/response recycling so Coyote and| |56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components| |56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S| |56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi| |56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.| |56676|New|Enh|2014-06-26|Normalize access to native library| |56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap| |56724|New|Enh|2014-07-15|Restart Container background thread if it died une| |56890|Inf|Maj|2014-08-26|getRealPath returns null | |56966|New|Enh|2014-09-11|AccessLogValve's elapsed time has 15ms precision o| |57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or | |57287|New|Enh|2014-11-29|Sort files listed by DefaultServlet | |57345|New|Enh|2014-12-12|APR/Native HTTPS Connector Should Support All Open| |57421|New|Enh|2015-01-07|Farming default directories | |57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances| |57665|New|Enh|2015-03-05|support x-forwarded-host | |57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio| |57830|New|Enh|2015-04-18|Add support for ProxyProtocol | |58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir| |58072|New|Enh|2015-06-23|ECDH curve selection | |58433|New|Enh|2015-09-21|RemoteIpValve not activated on redirect from mappi| |58577|New|Enh|2015-11-03|JMX Proxy Servlet can't handle overloaded methods | |58837|New|Enh|2016-01-12|support "X-Content-Security-Policy" a.k.a as "CSP"| |58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context | |59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI| |59423|New|Enh|2016-05-03|amend "No LoginModules configured for ..." with hi| |59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo| |60276|New|Enh|2016-10-19|upgrade HTTP/2 can't use gzip compress. | |60281|Ver|Nor|2016-10-20|Pathname of uploaded WAR file should not be contai| |60511|Inf|Maj|2016-12-22|org.apache.coyote.ajp.AjpNio2Protocol sends wrong | |60560|New|Enh|2017-01-07|Support systemd/inetd style socket activation | |60721|Ver|Nor|2017-02-10|Unable to find key spec if more applications use b| |60762|New|Enh|2017-02-21|Enhancement: Add support for runtime SNI changes i| |60781|New|Nor|2017-02-27|Access Log Valve does not escape the same as mod_l| |60849|
Re: svn commit: r1805529 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java SSLHostConfig.java openssl/OpenSSLContext.java
On 19/08/17 22:35, rj...@apache.org wrote:
> Author: rjung
> Date: Sat Aug 19 21:35:50 2017
> New Revision: 1805529
>
> URL: http://svn.apache.org/viewvc?rev=1805529&view=rev
> Log:
> Update enabledProtocols and enabledCiphers
> in SSLHostConfig after OpenSSLConf has been
> applied.
>
> This is needed, because the Manager webapp
> feature of listing the current enabled ciphers
> relies on SSLHostConfig.
>
> Unfortunately the setters in SSLHostConfig
> are not public and OpenSSLContext which needs
> to call it is in a sub package.
>
> For now I made the two setters public, any
> better suggestions welcome.
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
> tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
>
> +}
> +if ((opts & SSL.SSL_OP_NO_SSLv2) == 0) {
> +enabled.add(Constants.SSL_PROTO_SSLv2);
> +}
Does this mean it is now possible to enable SSLv2? That has been (well,
should have been) deliberately blocked everywhere else.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805543 - in /tomcat/site/trunk: ./ docs/ xdocs/
Author: violetagg Date: Sun Aug 20 09:51:57 2017 New Revision: 1805543 URL: http://svn.apache.org/viewvc?rev=1805543&view=rev Log: Updates (excluding docs) for 8.0.46 release Modified: tomcat/site/trunk/build.properties.default tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-80.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-8.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-80.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-8.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1805543&r1=1805542&r2=1805543&view=diff == --- tomcat/site/trunk/build.properties.default (original) +++ tomcat/site/trunk/build.properties.default Sun Aug 20 09:51:57 2017 @@ -38,7 +38,7 @@ tomcat.loc=http://www.apache.org/dist/to # - Tomcat versions - tomcat60=6.0.53 tomcat70=7.0.81 -tomcat80=8.0.45 +tomcat80=8.0.46 tomcat85=8.5.20 tomcat90=9.0.0.M26 Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1805543&r1=1805542&r2=1805543&view=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Sun Aug 20 09:51:57 2017 @@ -67,8 +67,8 @@ Latest Stable 8.0.x Release -2017-07-01 -8.0.45 +2017-08-18 +8.0.46 Modified: tomcat/site/trunk/docs/download-80.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-80.html?rev=1805543&r1=1805542&r2=1805543&view=diff == --- tomcat/site/trunk/docs/download-80.html (original) +++ tomcat/site/trunk/docs/download-80.html Sun Aug 20 09:51:57 2017 @@ -222,7 +222,7 @@ [define v]8.5.20[end] -[define w]8.0.45[end] +[define w]8.0.46[end] https://www.apache.org/dist/tomcat/tomcat-8/KEYS";>KEYS | [v] | [w] | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1805543&r1=1805542&r2=1805543&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Sun Aug 20 09:51:57 2017 @@ -236,6 +236,48 @@ project logo are trademarks of the Apach + +2017-08-18 Tomcat 8.0.46 Released + + + +The Apache Tomcat Project is proud to announce the release of version 8.0.46 +of Apache Tomcat. Apache Tomcat 8.0.46 includes fixes for issues identified in +8.0.45 as well as other enhancements and changes. The notable changes +compared to 8.0.45 include: + + + +Add the ability to set the defaults used by the Windows installer from a +configuration file. Patch provided by Sandra Madden. + +Add support to the WebSocket client for following redirects when attempting +to establish a WebSocket connection. Patch provided by J Fernandez. + + + + + +Full details of these changes, and all the other changes, are available in the +Tomcat 8 +changelog. + + + + +Note: End of life date for Apache Tomcat 8.0.x is announced. +Read more... + + + + + + +Download + + + + 2017-08-16 Tomcat 7.0.81 Released @@ -370,49 +412,6 @@ changelog. - - -2017-07-01 Tomcat 8.0.45 Released - - - -The Apache Tomcat Project is proud to announce the release of version 8.0.45 -of Apache Tomcat. Apache Tomcat 8.0.45 includes fixes for issues identified in -8.0.44 as well as other enhancements and changes. The notable changes -compared to 8.0.44 include: - - - -Add a new JULI FileHandler configuration for specifying the maximum number -of days to keep the log files. By default the log files will be kept -indefinitely. - -Improvements to enable the Manager and HostManager to work in the default -configuration when working under a security manager. - - - - - -Full details of these changes, and all the other changes, are available in the -Tomcat 8 -changelog. - - - - -Note: End of life date for Apache Tomcat 8.0.x is announced. -Read more... - - - - - - -Download - - - 2017-02-21 Tomcat Native 1.2.12 Released Modified: tomcat/site/trunk/docs/migration-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-8.html?rev=1805543&r1=1805542&r2=1805543&view=diff == --- tomcat/site/trunk/docs/migration-8.html (original) +++ tomcat/site/trunk/docs/migration-8.html Sun Aug 20 09:51:57 2017 @@ -801,7 +8
svn commit: r1805544 - in /tomcat/site/trunk/docs/tomcat-8.0-doc: ./ api/ api/org/apache/catalina/ api/org/apache/catalina/ant/ api/org/apache/catalina/ant/jmx/ api/org/apache/catalina/authenticator/
Author: violetagg Date: Sun Aug 20 10:08:20 2017 New Revision: 1805544 URL: http://svn.apache.org/viewvc?rev=1805544&view=rev Log: Update docs for Apache Tomcat 8.0.46 release. [This commit notification would consist of 62 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r21233 - /release/tomcat/tomcat-8/v8.0.45/
Author: violetagg Date: Sun Aug 20 10:10:44 2017 New Revision: 21233 Log: Remove 8.0.45 Removed: release/tomcat/tomcat-8/v8.0.45/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.0.46 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.0.46. Please note that Tomcat 8.x users should normally be using 8.5.x releases in preference to 8.0.x releases. The Apache Tomcat team announced that support for Apache Tomcat 8.0.x will end on 30 June 2018. Apache Tomcat 8.0 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language and Java WebSocket technologies. Apache Tomcat 8.0.46 includes fixes for issues identified in 8.0.45 as well as other enhancements and changes. The notable changes since 8.0.45 include: - Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. - Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x: http://tomcat.apache.org/migration.html Enjoy The Apache Tomcat team
Re: svn commit: r1805529 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java SSLHostConfig.java openssl/OpenSSLContext.java
Am 20.08.2017 um 11:15 schrieb Mark Thomas:
On 19/08/17 22:35, rj...@apache.org wrote:
Author: rjung
Date: Sat Aug 19 21:35:50 2017
New Revision: 1805529
URL: http://svn.apache.org/viewvc?rev=1805529&view=rev
Log:
Update enabledProtocols and enabledCiphers
in SSLHostConfig after OpenSSLConf has been
applied.
This is needed, because the Manager webapp
feature of listing the current enabled ciphers
relies on SSLHostConfig.
Unfortunately the setters in SSLHostConfig
are not public and OpenSSLContext which needs
to call it is in a sub package.
For now I made the two setters public, any
better suggestions welcome.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+}
+if ((opts & SSL.SSL_OP_NO_SSLv2) == 0) {
+enabled.add(Constants.SSL_PROTO_SSLv2);
+}
Does this mean it is now possible to enable SSLv2? That has been (well,
should have been) deliberately blocked everywhere else.
No, it should not mean this.
That code is used to reverse the observed real SSL options after
applying all our configuration back to their meaning in the config
world. The code was copied from OpenSSLEngine.getEnabledProtocols() and
I think it is fine.
Our mechanism to block SSLv2 is (and I am not aware of having changed it):
- When using the OpenSSL implementation, the mechanism is based only on
a block in tcnative itself: r1681982 in tcnative should prevent the
SSL_CTX from ever allow SSLv2, even if the caller explicitly demands
it.
It was added on 2015-05-27 and is part of every 1.2.x release of
tcnative. The 1.1.x releases do not contain this block!
The above code change only affects the OpenSSL case, but as written
above not on the way from the config to the SSL_CTX but instead when
trying to read the resulting situation back into config language.
Of course there's the other fallback mechanism, that OpenSSL starting
with 1.0.2g disables SSLv2, but one could work around that with build
flags.
- When using JSSE, the only block I found is in JSSEUtil, which
filters SSLv2 out of the list of implemented protocols. That list in
turn is used to filter the list of enabled protocols in order to
only try to enable implemented ones.
Regards and thanks for looking at the commits!
Rainer
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805550 - in /tomcat/trunk/java/org/apache: catalina/storeconfig/SSLHostConfigSF.java catalina/storeconfig/server-registry.xml tomcat/util/net/openssl/OpenSSLConf.java
Author: rjung
Date: Sun Aug 20 12:26:46 2017
New Revision: 1805550
URL: http://svn.apache.org/viewvc?rev=1805550&view=rev
Log:
Add support for OpenSSLConf to storeconfig.
Modified:
tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java
Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java?rev=1805550&r1=1805549&r2=1805550&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java Sun
Aug 20 12:26:46 2017
@@ -21,6 +21,7 @@ import java.io.PrintWriter;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
+import org.apache.tomcat.util.net.openssl.OpenSSLConf;
/**
* Store SSLHostConfig
@@ -39,7 +40,10 @@ public class SSLHostConfigSF extends Sto
// Store nested elements
SSLHostConfigCertificate[] hostConfigsCertificates =
sslHostConfig.getCertificates().toArray(new SSLHostConfigCertificate[0]);
storeElementArray(aWriter, indent, hostConfigsCertificates);
+// Store nested element
+OpenSSLConf openSslConf = sslHostConfig.getOpenSslConf();
+storeElement(aWriter, indent, openSslConf);
}
}
-}
\ No newline at end of file
+}
Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml?rev=1805550&r1=1805549&r2=1805550&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml Sun
Aug 20 12:26:46 2017
@@ -119,6 +119,7 @@
children="true"
storeFactoryClass="org.apache.catalina.storeconfig.SSLHostConfigSF">
openSslContext
+openSslConfContext
+
+
+
+
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java?rev=1805550&r1=1805549&r2=1805550&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java Sun
Aug 20 12:26:46 2017
@@ -35,6 +35,10 @@ public class OpenSSLConf {
commands.add(cmd);
}
+public List getCommands() {
+return commands;
+}
+
public boolean check(long cctx) throws Exception {
boolean result = true;
OpenSSLConfCmd cmd;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805554 - in /tomcat/native/trunk: CMakeLists.txt native/NMAKEmakefile native/libtcnative.dsp native/tcnative.dsp
Author: rjung Date: Sun Aug 20 13:04:02 2017 New Revision: 1805554 URL: http://svn.apache.org/viewvc?rev=1805554&view=rev Log: Add new file src/sslconf.c to build files for some platforms. Modified: tomcat/native/trunk/CMakeLists.txt tomcat/native/trunk/native/NMAKEmakefile tomcat/native/trunk/native/libtcnative.dsp tomcat/native/trunk/native/tcnative.dsp Modified: tomcat/native/trunk/CMakeLists.txt URL: http://svn.apache.org/viewvc/tomcat/native/trunk/CMakeLists.txt?rev=1805554&r1=1805553&r2=1805554&view=diff == --- tomcat/native/trunk/CMakeLists.txt (original) +++ tomcat/native/trunk/CMakeLists.txt Sun Aug 20 13:04:02 2017 @@ -827,6 +827,7 @@ native/src/dir.c native/src/shm.c native/src/multicast.c native/src/sslcontext.c +native/src/sslconf.c native/src/user.c native/src/pool.c native/src/bb.c Modified: tomcat/native/trunk/native/NMAKEmakefile URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/NMAKEmakefile?rev=1805554&r1=1805553&r2=1805554&view=diff == --- tomcat/native/trunk/native/NMAKEmakefile (original) +++ tomcat/native/trunk/native/NMAKEmakefile Sun Aug 20 13:04:02 2017 @@ -102,6 +102,7 @@ OBJECTS = \ $(WORKDIR)\shm.obj \ $(WORKDIR)\ssl.obj \ $(WORKDIR)\sslcontext.obj \ + $(WORKDIR)\sslconf.obj \ $(WORKDIR)\sslinfo.obj \ $(WORKDIR)\sslnetwork.obj \ $(WORKDIR)\sslutils.obj \ Modified: tomcat/native/trunk/native/libtcnative.dsp URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/libtcnative.dsp?rev=1805554&r1=1805553&r2=1805554&view=diff == --- tomcat/native/trunk/native/libtcnative.dsp (original) +++ tomcat/native/trunk/native/libtcnative.dsp Sun Aug 20 13:04:02 2017 @@ -168,6 +168,10 @@ SOURCE=.\src\sslcontext.c # End Source File # Begin Source File +SOURCE=.\src\sslconf.c +# End Source File +# Begin Source File + SOURCE=.\src\sslinfo.c # End Source File # Begin Source File Modified: tomcat/native/trunk/native/tcnative.dsp URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/tcnative.dsp?rev=1805554&r1=1805553&r2=1805554&view=diff == --- tomcat/native/trunk/native/tcnative.dsp (original) +++ tomcat/native/trunk/native/tcnative.dsp Sun Aug 20 13:04:02 2017 @@ -168,6 +168,10 @@ SOURCE=.\src\sslcontext.c # End Source File # Begin Source File +SOURCE=.\src\sslconf.c +# End Source File +# Begin Source File + SOURCE=.\src\sslinfo.c # End Source File # Begin Source File - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1805529 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java SSLHostConfig.java openssl/OpenSSLContext.java
On 20/08/17 12:38, Rainer Jung wrote:
> Am 20.08.2017 um 11:15 schrieb Mark Thomas:
>> On 19/08/17 22:35, rj...@apache.org wrote:
>>> Author: rjung
>>> Date: Sat Aug 19 21:35:50 2017
>>> New Revision: 1805529
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1805529&view=rev
>>> Log:
>>> Update enabledProtocols and enabledCiphers
>>> in SSLHostConfig after OpenSSLConf has been
>>> applied.
>>>
>>> This is needed, because the Manager webapp
>>> feature of listing the current enabled ciphers
>>> relies on SSLHostConfig.
>>>
>>> Unfortunately the setters in SSLHostConfig
>>> are not public and OpenSSLContext which needs
>>> to call it is in a sub package.
>>>
>>> For now I made the two setters public, any
>>> better suggestions welcome.
>>>
>>> Modified:
>>> tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>>> tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
>>>
>>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
>>>
>>
>>
>>> +}
>>> +if ((opts & SSL.SSL_OP_NO_SSLv2) == 0) {
>>> +enabled.add(Constants.SSL_PROTO_SSLv2);
>>> +}
>>
>> Does this mean it is now possible to enable SSLv2? That has been (well,
>> should have been) deliberately blocked everywhere else.
>
> No, it should not mean this.
>
> That code is used to reverse the observed real SSL options after
> applying all our configuration back to their meaning in the config
> world. The code was copied from OpenSSLEngine.getEnabledProtocols() and
> I think it is fine.
Thanks for confirming.
Mark
>
> Our mechanism to block SSLv2 is (and I am not aware of having changed it):
>
> - When using the OpenSSL implementation, the mechanism is based only on
> a block in tcnative itself: r1681982 in tcnative should prevent the
> SSL_CTX from ever allow SSLv2, even if the caller explicitly demands
> it.
> It was added on 2015-05-27 and is part of every 1.2.x release of
> tcnative. The 1.1.x releases do not contain this block!
> The above code change only affects the OpenSSL case, but as written
> above not on the way from the config to the SSL_CTX but instead when
> trying to read the resulting situation back into config language.
> Of course there's the other fallback mechanism, that OpenSSL starting
> with 1.0.2g disables SSLv2, but one could work around that with build
> flags.
>
> - When using JSSE, the only block I found is in JSSEUtil, which
> filters SSLv2 out of the list of implemented protocols. That list in
> turn is used to filter the list of enabled protocols in order to
> only try to enable implemented ones.
>
> Regards and thanks for looking at the commits!
>
> Rainer
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat Native release
All, Rainer's work on SSL_CONF_cmd and adding raw CA certs both require a new Tomcat Native release. I'm happy to act as the release manager. I plan to start the usual checks (testing, docs, library versions etc.) tomorrow (Monday) with a view to tagging late Monday / early Tuesday. If you need me to delay the tag for any reason, please respond on this thread. Thanks, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Regarding Semaphore Valve and concurrency
Hi everyone, Thanks for developing tomcat, and kudos for having comprehensive JMX instrumentation for the server. I think its the best out of the box instrumentation one could ask for, for doing performance modeling and application monitoring. I was a bit surprised when I tried out the Semaphore Valve and would like to get feedback on what others think. I noticed that the valve limits requests per second, based on the 'concurrency' configuration for the valve. However, I am not sure if this implementation is ideal, and the meaning of concurrency for Tomcat needs to be considered differently. My assertion is based on my prior work on performance modeling of Tomcat with Dr. Neil Gunther ( http://www.perfdynamics.com/Bio/njg.html). In queuing theory, Little’s Law expresses the relation between the average queue length, residence time and arrival rate. The average queue length can also be considered as the load in the system or the concurrency. In case of Tomcat, Little’s Law can be observed for the threads in service stage, requests per second and response time as: N = X * R, where N is concurrency or the threads in service stage, X is requests per second and R is the response time. The concurrency of tomcat then, is the number of threads which are actively serving requests. With the Semaphore Valve enabled (at the host level), however, I saw the requests per second being constant at the concurrency setting of the valve and number of service threads changing with a consistent jagged pattern of peaks. For eg, on a test host with the valve’s concurrency setting of 50 rps, the threads in service state went up to 700 and this formed a jagged pattern of peaks at 700 threads at regular intervals, unlike normal operation of Tomcat, where the number of service threads usually has a smoother pattern. What do you guys think ? Here’s a post I authored on Dr. Gunther’s blog on modeling Tomcat’s performance * http://perfdynamics.blogspot.de/2016/08/pdq-as-performance- periscope_3.html Note - the conclusion in the post needs revision, but the relations between key metrics discussed are valid. Thanks, Mohit
[Bug 61289] NullPointerException in Response.generateCookieString()
https://bz.apache.org/bugzilla/show_bug.cgi?id=61289 --- Comment #5 from matthias.kel...@ergon.ch --- For anyone stumbiling upon this issue later on, set the following system property to make the cause much more visible. This led me to the correct suspect immediately: org.apache.catalina.connector.RECYCLE_FACADES=true -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
