[Bug 63875] Tomcat 8.5.46, APR/libtcnative crashes
https://bz.apache.org/bugzilla/show_bug.cgi?id=63875 sachin.pip...@globallogic.com changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #13 from sachin.pip...@globallogic.com --- (In reply to Remy Maucherat from comment #12) > Ok, so this is clearly embedded (don't see why it would make a difference > yet) and it crashes on shutdown. > > Can you also test NIO (the default connector) with Tomcat 9 ? > Also can you give details about your use (we need to be able to reproduce > the crash) ? Same error encountered with tomcat 9 +NIO. We are using embedded tomcat and deploying multiple restful services over HTTP2 protcol.Tomcat crashes randomly within 10 -12 minutes while stopping/starting the one of the multiple deployed rest web application and getting Libtcnative crashes error in log. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63894] SLHostConfig certificateVerification="optionalNoCA" certificateVerificationDepth="6" doesn't work
https://bz.apache.org/bugzilla/show_bug.cgi?id=63894 --- Comment #1 from Remy Maucherat --- Created attachment 36866 --> https://bz.apache.org/bugzilla/attachment.cgi?id=36866&action=edit Test patch The OpenSSL style doesn't work well with the JSSE style configuration on engine creation. Also optionalNoCA doesn't mean much since JSSE always has a truststore. So trying to pass the two parameters and see how it works, I didn't test it though. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63867] Add option for reason phrase
https://bz.apache.org/bugzilla/show_bug.cgi?id=63867 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #16 from Mark Thomas --- I've just done a simple test with the Spring Boot getting started guide (https://spring.io/guides/gs/spring-boot/) and I have overridden the Tomcat version used to specify 8.5.47 and that still works. On that basis the option recommended to the OP is to stick to Tomcat 8.5.x where the reason phrase is still supported (and will remain supported for the lifetime of 8.5.x). I appreciate that the Spring Boot getting started guide is a very simple web application. If issues are found with more complex applications / configurations not working with 8.5.x then please open a separate bug along with an example project we can use to reproduce the issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Correct description of default value of server attribute
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 6626089 Correct description of default value of server attribute 6626089 is described below commit 662608929b9af3ce241428e12ae4eae606363119 Author: Mark Thomas AuthorDate: Thu Oct 31 21:18:42 2019 +0100 Correct description of default value of server attribute --- webapps/docs/changelog.xml | 8 webapps/docs/security-howto.xml | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index a2dadbe..6562e55 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -111,6 +111,14 @@ + + + +Correct the description of the default value for the server attribute in +the security How-To. (markt) + + + diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index bbd6fa9..8b3d14d 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -286,8 +286,9 @@ The server attribute controls the value of the Server HTTP header. The default value of this header for Tomcat 4.1.x to - .x is Apache-Coyote/1.1. This header can provide - limited information to both legitimate clients and attackers. + 8.0.x is Apache-Coyote/1.1. From 8.5.x onwards this header is not set by + default. This header can provide limited information to both legitimate + clients and attackers. The SSLEnabled, scheme and secure attributes may all be independently set. These are - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Correct description of default value of server attribute
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 88f097b Correct description of default value of server attribute 88f097b is described below commit 88f097b6a8601cf38eff99e453a98d9338b0bfe9 Author: Mark Thomas AuthorDate: Thu Oct 31 21:18:42 2019 +0100 Correct description of default value of server attribute --- webapps/docs/changelog.xml | 8 webapps/docs/security-howto.xml | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 76b6c18..ee822dc 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -95,6 +95,14 @@ + + + +Correct the description of the default value for the server attribute in +the security How-To. (markt) + + + diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index ad38953..bd6ba71 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -286,8 +286,9 @@ The server attribute controls the value of the Server HTTP header. The default value of this header for Tomcat 4.1.x to - .x is Apache-Coyote/1.1. This header can provide - limited information to both legitimate clients and attackers. + 8.0.x is Apache-Coyote/1.1. From 8.5.x onwards this header is not set by + default. This header can provide limited information to both legitimate + clients and attackers. The SSLEnabled, scheme and secure attributes may all be independently set. These are - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Correct description of default value of server attribute
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 9729afc Correct description of default value of server attribute 9729afc is described below commit 9729afc32f64af2b9b60a3721d14b6aa5169d02a Author: Mark Thomas AuthorDate: Thu Oct 31 21:18:42 2019 +0100 Correct description of default value of server attribute --- webapps/docs/changelog.xml | 8 webapps/docs/security-howto.xml | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index f150d08..4340fbd 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -109,6 +109,14 @@ + + + +Correct the description of the default value for the server attribute in +the security How-To. (markt) + + + diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index dccc584..7bccf0c 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -285,8 +285,9 @@ The server attribute controls the value of the Server HTTP header. The default value of this header for Tomcat 4.1.x to - .x is Apache-Coyote/1.1. This header can provide - limited information to both legitimate clients and attackers. + 8.0.x is Apache-Coyote/1.1. From 8.5.x onwards this header is not set by + default. This header can provide limited information to both legitimate + clients and attackers. The SSLEnabled, scheme and secure attributes may all be independently set. These are - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63852] ServerInfo.java discloses server-version ignoring settings from server.xml
https://bz.apache.org/bugzilla/show_bug.cgi?id=63852 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #17 from Mark Thomas --- I've fixed the docs (thanks Konstantin) and, based on the +1's, I am resolving this as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63897] New: Jasper doesn't reload a JSP if it was modified while being compiled
https://bz.apache.org/bugzilla/show_bug.cgi?id=63897 Bug ID: 63897 Summary: Jasper doesn't reload a JSP if it was modified while being compiled Product: Tomcat 9 Version: 9.0.27 Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: Jasper Assignee: dev@tomcat.apache.org Reporter: k...@xk72.com Target Milestone: - Created attachment 36867 --> https://bz.apache.org/bugzilla/attachment.cgi?id=36867&action=edit Compiler patch In our development workflow we often save a JSP and reload it in the browser, again and again. If we happen to save a JSP while Jasper is compiling it, Jasper will assign the timestamp of the modified JSP to the generated java and class files even though they were in fact generated from the previous version of the JSP, as Jasper reads the JSP's modification time _after_ compiling. Jasper will then not detect that the change was made and will not recompile the JSP again until the next time it is modified. The fix is to simply move the line of code in org.apache.jasper.compiler.Compiler in the compile(boolean, boolean) method that reads the jspLastModified from after the compile to before it. This change will mean no missed JSP updates. A simple patch is attached. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63898] New: JSP EL generation is wrong when using newer version of Java 1.8 & tag class uses method overloading and isELIgnored="false
https://bz.apache.org/bugzilla/show_bug.cgi?id=63898
Bug ID: 63898
Summary: JSP EL generation is wrong when using newer version of
Java 1.8 & tag class uses method overloading and
isELIgnored="false
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
OS: All
Status: NEW
Severity: regression
Priority: P2
Component: EL
Assignee: dev@tomcat.apache.org
Reporter: jeffrey.lobe...@cerner.com
Target Milestone: -
JSP EL generation is wrong when using newer version of Java 1.8 & tag class
uses method overloading and isELIgnored="false. Our tag class has an overloaded
method, setValue(String) & setValue(Object). The TLD file defines the tag
attribute as java.lang.Object.
value
true
true
java.lang.Object
All versions of tomcat using newer versions of Java 1.8 generate calls to
setValue(String) instead of setValue(Object).
// /tagUnitTests/sui/formatDate/ testCaliHDateTime1.jsp(20,0) name =
value type = java.lang.Object reqTime = true required = true fragment =
false deferredValue = false expectedTypeName = null deferredMethod =
false methodSignature = null
_jspx_th_sui_005fformatDate_005f0.setValue((java.lang.String)
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate("${chdt}",
java.lang.String.class,
(javax.servlet.jsp.PageContext)_jspx_page_context, null));
Here's an example JSP:
<%@ page language="java" contentType="text/html" isELIgnored="false" %>
<%@ page import="java.util.Date" %>
<%@ taglib uri="/WEB-INF/tld/suitags.tld" prefix="sui" %>
<%
Date chdt = new Date();
request.setAttribute("chdt", chdt);
%>
Here's an example tag class
public void setValue(final String value) {
}
public void setValue(final Object value) {
}
If we delete the setValue(String) setter then tomcat generates the correct
setter call. The issue appears when using >= 1.8.0.222.
Adopt jdk standard (1.8.0.222) issue
Oracle jdk shiny new (1.8.0.231) issue
Oracle jdk 4.3.100 style (1.8.0.201) no issue
Adopt jdk older (1.8.0.202) NO ISSUE.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63875] Tomcat 8.5.46, APR/libtcnative crashes
https://bz.apache.org/bugzilla/show_bug.cgi?id=63875 --- Comment #14 from sachin.pip...@globallogic.com --- (In reply to sachin.pipal1 from comment #13) > (In reply to Remy Maucherat from comment #12) > > Ok, so this is clearly embedded (don't see why it would make a difference > > yet) and it crashes on shutdown. > > > > Can you also test NIO (the default connector) with Tomcat 9 ? > > Also can you give details about your use (we need to be able to reproduce > > the crash) ? > > > Same error encountered with tomcat 9 +NIO. > > We are using embedded tomcat and deploying multiple restful services over > HTTP2 protcol.Tomcat crashes randomly within 10 -12 minutes while > stopping the one of the multiple deployed rest web application and > getting Libtcnative crashes error in log. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
