[tomcat] branch 8.5.x updated: Fix backport for Java 7
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 0940c56 Fix backport for Java 7
0940c56 is described below
commit 0940c561d39f094a166366dc9a5a69decb607cc2
Author: Mark Thomas
AuthorDate: Mon Mar 28 10:46:28 2022 +0100
Fix backport for Java 7
---
java/org/apache/tomcat/buildutil/RepeatableArchive.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/buildutil/RepeatableArchive.java
b/java/org/apache/tomcat/buildutil/RepeatableArchive.java
index 1348ee6..cff4ea6 100644
--- a/java/org/apache/tomcat/buildutil/RepeatableArchive.java
+++ b/java/org/apache/tomcat/buildutil/RepeatableArchive.java
@@ -107,7 +107,7 @@ public class RepeatableArchive extends Task {
ZipEntry oldEntry = oldEntries.nextElement();
ZipEntry entry = new ZipEntry(oldEntry.getName());
-entry.setLastModifiedTime(lastModified);
+entry.setTime(lastModified.toMillis());
zipOut.putNextEntry(entry);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65979] Connection is closed when keep-alive is specified
https://bz.apache.org/bugzilla/show_bug.cgi?id=65979 --- Comment #2 from Patrick --- Thank you for quick reply! Yes, familiar with RFC and just spent a few days tracking this down. I understand where you guys are coming from. Suggestions for improvement because I would hate someone else to have to track this down as I did. - Add logging statement at warn level indicating modification to request - Add configurable attribute that would allow user to immediately fail request with 400 - Document this behavior somewhere -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
JDK 18 General Availability, and oracle-actions/setup-java
Greetings! JDK 18 has been released (General Availability) on March 22nd as planned, the release cadence is working like clockwork! As a small token of gratitude, some of you have been specifically acknowledged in the "The Arrival of Java 18" announcement [1]. On behalf of the entire team, let me extend our thanks to all of you. With JDK 18 released, the focus should now be on making sure your project(s) compile and work on JDK 19. As always, if you face any issue with early-access builds of JDK 19 please let us know. To help you in this task, we have just released a GitHub action to install the OpenJDK Early-Access builds. For more information, please check the heads-up below. I'll conclude with a short teaser, i.e. JavaOne is Back! [2] Stay tuned for more details. [1] https://inside.java/2022/03/22/the-arrival-of-java18/ [2] https://www.oracle.com/cloudworld/javaone/ ## Heads-Up: oracle-actions/setup-java To help you test your project(s), we have released a GitHub Action [3] to download and install various JDK builds produced by Oracle. In addition to the latest OpenJDK GA builds (GPL v2 W/CPE) and the Oracle JDK builds (NFTC license), this action can also download and install OpenJDK early-access builds, and early-access builds of OpenJDK projects (ex. Project Loom, Project Valhalla, etc.). When doing tests using EA builds, it is key to always use the upstream EA builds from jdk.java.net as issues should be logged against those upstream builds, and ideally against a specific build version. This GitHub action is actively following the OpenJDK EA builds releases. Please make sure to check the announcement [4] for more details, and short FAQ. To help you isolate regression between different EA builds, we are working to add support for archived builds. If you have feedback, please either issue the Issue tracker [5] or just send me a mail. [3] https://github.com/marketplace/actions/setup-java-development-kits-built-by-oracle [4] https://inside.java/2022/03/11/setup-java/ [5] https://github.com/oracle-actions/setup-java/issues ## General Availability of Java 18 / JDK 18 JDK 18 is now Generally Available [6]. The OpenJDK builds which are provided under the GNU General Public License v2, with the Classpath Exception are available [7], the JDK 18 Release Notes are also available [8]. [6] https://mail.openjdk.java.net/pipermail/jdk-dev/2022-March/006458.html [7] https://jdk.java.net/18/ [8] https://jdk.java.net/18/release-notes Along with hundreds of smaller enhancements and over a thousand bug fixes, JDK 18 includes following JEPs: - JEP 400: UTF-8 by Default - JEP 408: Simple Web Server - JEP 413: Code Snippets in Java API Documentation - JEP 416: Reimplement Core Reflection with Method Handles - JEP 417: Vector API (Third Incubator) - JEP 418: Internet-Address Resolution SPI - JEP 419: Foreign Function & Memory API (Second Incubator) - JEP 420: Pattern Matching for switch (Second Preview) - JEP 421: Deprecate Finalization for Removal Thanks to everyone who contributed to JDK 18, whether by designing and implementing features or enhancements, by fixing bugs, or by downloading and testing the early-access builds. ## JDK 19 Early-Access builds JDK 19 Early-Access builds 15 are now available [9], and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are also available [10]. [9] https://jdk.java.net/19/ [10] https://jdk.java.net/19/release-notes ### JEPs targeted to JDK 19, so far: - JEP 422: Linux/RISC-V Port https://openjdk.java.net/jeps/422 ### Recent changes that maybe of interest: - JDK-8283415: Update java.lang.ref to use sealed classes - JDK-8280494: (D)TLS signature schemes - JDK-8282081: java.time.DateTimeFormatter: wrong definition of symbol F - JDK-8281181: Do not use CPU Shares to compute active processor count - JDK-7192189: Support endpoint identification algorithm in RFC 6125 - JDK-8277474: jarsigner does not check if algorithm parameters are disabled - JDK-8280357: If the users home directory is invalid, system property user.home is set to $HOME - JDK-8277204: Implement PAC-RET branch protection on Linux/AArch64 - JDK-8282411: Add useful predicates to ElementKind - JDK-8282131: java.time.ZoneId should be a sealed abstract class - JDK-8281375: Accelerate bitCount operation for AVX2 and AVX512 target ## Topics of Interest: - “Java 18 is Here!” - Inside Java Podcast https://inside.java/2022/03/22/podcast-023/ - “The Simple Web Server” - Inside Java Podcast https://inside.java/2022/03/04/podcast-022/ - “Finalization Deprecation” - Inside Java Podcast https://inside.java/2022/01/12/podcast-021/ - All About JDK 18 - Inside Java Newscast https://inside.java/2022/03/10/insidejava-newscast-021/ - JDK 18 - Security Enhancements https://seanjmullan.org/blog/2022/03/23/jdk18 - JDK 18 - Programmer's Guide to Snippets https://docs.oracle.com/en/java/javase/18/code-snippet/index.html - JDK
EOL dates for Tomcat 5.0 and 4.1?
All, Did the Apache Tomcat project ever officially announce an EOL date for Tomcat 5.0 and 4.x? Or for 3.x for that matter? I was looking at the Wikipedia page for Tomcat and they didn't have EOL dates for anything before 6.0, so I filled-in the date for 5.5 but I can't find older EOL announcements. This page https://tomcat.apache.org/whichversion.html contains links to the EOL announcements for 5.5, 6.0, 7.0, and 8.0. I wonder if the project ever made any "official" EOL announcements for those versions, and whether or not anyone cares enough to make those announcements at this point, just for "posterity"? Not to fix the Wikipedia page, but more to have something official to point to to say "this version is officially unsupported by the vendor" just in case some dummy somewhere wants to say "we run the latest available version of Tomcat 4.1 from the vendor" and their product is therefore full of holes. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #13 from Christopher Schultz --- Wireshark -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Potential mention on the website
David, On 3/26/22 14:13, David Blevins wrote: I've never had the bravery to ask Why the heck not? but would there be some willingness to consider adding a mention of TomEE on the Tomcat website? I'm up for it. I can't imagine anyone on the Tomcat PMC would have any problem with this. Anyone? Any sign of pushback and I'll happily drop -- it's far more important to maintain good will, respect boundaries and keep things friendly. If there was some warmness to the idea, perhaps something very subtle at the bottom of the Tomcat description on the front page, "For distributions of Tomcat that contain Jakarta REST, Jakarta CDI, Jakarta Enterprise Beans (EJB) and similar specifications see Apache TomEE." I guess the question would be "where is the best place to put this?" Does TomEE have versions that track Tomcat versions in any way? Or do you just use whatever version is "best at the time of packaging" or whatever? For example, relegating TomEE to the "download" page(s) would mean that someone would have to know they want to download a specific Tomcat version, then decide at the last second that they instead want TomEE. If you don't release new versions every month (ish, like we do), then we could easily get out of sync. I'm thinking that maybe what we should do it put TomEE on the "Which version?" page (https://tomcat.apache.org/whichversion.html). Below the grid of spec versions and associated Tomcat versions, we could put a heading which says something along the lines of "Jakarta Foo + Bar are packaged with TomEE" and just throw the user over to whatever page at TomEE makes the most sense. My only concern would be to properly inform users what is happening. I'm an Eclipse user and any time I have to download a new version from their web site I have to re-learn the differences between "Eclipse IDE for Java Developers" and "Eclipse IDE for Java and DSL Developers" and "Eclipse IDE for Enterprise Java and Web Developers" and I guess whatever the hell Thelia is, now. I wouldn't want anyone to inadvertently install TomEE if all they really want is Tomcat or "only" install Tomcat when they need the additional features and APIs that TomEE provides. Perhaps just a reference to here would be sufficient: https://tomee.apache.org/comparison.html -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: EOL dates for Tomcat 5.0 and 4.1?
пн, 28 мар. 2022 г. в 19:36, Christopher Schultz : > > All, > > Did the Apache Tomcat project ever officially announce an EOL date for > Tomcat 5.0 and 4.x? Or for 3.x for that matter? > > I was looking at the Wikipedia page for Tomcat and they didn't have EOL > dates for anything before 6.0, so I filled-in the date for 5.5 but I > can't find older EOL announcements. > > This page https://tomcat.apache.org/whichversion.html contains links to > the EOL announcements for 5.5, 6.0, 7.0, and 8.0. > > I wonder if the project ever made any "official" EOL announcements for > those versions, and whether or not anyone cares enough to make those > announcements at this point, just for "posterity"? Not to fix the > Wikipedia page, but more to have something official to point to to say > "this version is officially unsupported by the vendor" just in case some > dummy somewhere wants to say "we run the latest available version of > Tomcat 4.1 from the vendor" and their product is therefore full of holes. announce@ list was created in June 2009, so all those announcements were on users@ https://lists.apache.org/thread/z6ljrkdqtjgnmxfctnk6f1v4dp42ptnw [ANN] Apache Tomcat 5.0.x no longer supported 2007-10-23 https://lists.apache.org/thread/nw4vpbwgrn480gsvn06f4qj4yhoo89v7 [ANN] Tomcat support status 2008-03-13 - It involved site cleanup, immediate EOL for 3.3, and EOL for 4.1 announced to be June 2009. BTW, if anyone is interested, announcements for the last releases of 4.0 and 3.3: https://lists.apache.org/thread/v1ccn429s9lh32ypvwwhxo26zhh1965c [ANN] Apache Tomcat 4.1.40 stable is now available 2009-06-26 "Apache Tomcat 4.1.40 is very likely to be the last release of the 4.1.x series." https://lists.apache.org/thread/q0bb1756s8zxg949ocodmm2j2o9ntpfq [ANN] Release of Tomcat 3.3.2 2004-03-09. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: EOL dates for Tomcat 5.0 and 4.1?
If nobody else does, I dub thee "The Librarian"!!! Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Konstantin Kolinko > Sent: Monday, March 28, 2022 3:10 PM > To: Tomcat Developers List > Subject: Re: EOL dates for Tomcat 5.0 and 4.1? > > пн, 28 мар. 2022 г. в 19:36, Christopher Schultz > : > > > > All, > > > > Did the Apache Tomcat project ever officially announce an EOL date for > > Tomcat 5.0 and 4.x? Or for 3.x for that matter? > > > > I was looking at the Wikipedia page for Tomcat and they didn't have > > EOL dates for anything before 6.0, so I filled-in the date for 5.5 but > > I can't find older EOL announcements. > > > > This page > > > https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.html > __;!!F9svGWnIaVPGSwU!4-uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > TYFUYkf3eJ0sPNo0qeZD3uJMMiN0hd0o$ contains links to the EOL > announcements for 5.5, 6.0, 7.0, and 8.0. > > > > I wonder if the project ever made any "official" EOL announcements for > > those versions, and whether or not anyone cares enough to make those > > announcements at this point, just for "posterity"? Not to fix the > > Wikipedia page, but more to have something official to point to to say > > "this version is officially unsupported by the vendor" just in case > > some dummy somewhere wants to say "we run the latest available version > > of Tomcat 4.1 from the vendor" and their product is therefore full of holes. > > announce@ list was created in June 2009, so all those announcements were > on users@ > > https://urldefense.com/v3/__https://lists.apache.org/thread/z6ljrkdqtjgnm > xfctnk6f1v4dp42ptnw__;!!F9svGWnIaVPGSwU!4- > uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > TYFUYkf3eJ0sPNo0qeZD3uJMMVZP8zeA$ > [ANN] Apache Tomcat 5.0.x no longer supported > 2007-10-23 > > https://urldefense.com/v3/__https://lists.apache.org/thread/nw4vpbwgrn4 > 80gsvn06f4qj4yhoo89v7__;!!F9svGWnIaVPGSwU!4- > uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > TYFUYkf3eJ0sPNo0qeZD3uJMMhMlY8qA$ > [ANN] Tomcat support status > 2008-03-13 > - It involved site cleanup, immediate EOL for 3.3, and EOL for 4.1 announced > to be June 2009. > > > BTW, if anyone is interested, announcements for the last releases of > 4.0 and 3.3: > > https://urldefense.com/v3/__https://lists.apache.org/thread/v1ccn429s9lh3 > 2ypvwwhxo26zhh1965c__;!!F9svGWnIaVPGSwU!4- > uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > TYFUYkf3eJ0sPNo0qeZD3uJMMLnhTHRU$ > [ANN] Apache Tomcat 4.1.40 stable is now available > 2009-06-26 > "Apache Tomcat 4.1.40 is very likely to be the last release of the > 4.1.x series." > > https://urldefense.com/v3/__https://lists.apache.org/thread/q0bb1756s8zx > g949ocodmm2j2o9ntpfq__;!!F9svGWnIaVPGSwU!4- > uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > TYFUYkf3eJ0sPNo0qeZD3uJMM-UQ43E4$ > [ANN] Release of Tomcat 3.3.2 > 2004-03-09. > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #14 from Martin Stangl --- Created attachment 38233 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38233&action=edit Wireshark capture of authentication with Let's Encrypt OSCP certificate -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #15 from Martin Stangl --- Created attachment 38234 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38234&action=edit Wireshark capture of authentication with Active Directory issued certificate -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #16 from Martin Stangl --- Created attachment 38235 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38235&action=edit Wireshark capture of authentication with Self Signed certificate -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #17 from Martin Stangl --- Hi Christopher, I captured the traffic from when the client certificate is submitted to the server until the authentication completed. So basically the full 60 seconds of delay. Wireshark could not capture anything while my machine was offline, which is understandable. So the 3 attached captures are from when I connected to the hotel's wireless I am currently staying at and show all outgoing traffic from my machine. I used the source mac address for filtering and made one capture for each certificate I used for testing. Here the IPs of my machine: ifIndex IPAddress PrefixLength PrefixOrigin SuffixOrigin AddressState PolicyStore --- - --- 37 fe80::145e:ea51:ed90:b7f1%37 64 WellKnown Link PreferredActiveStore 37 2a02:1205:5078:1db0:2582:b03f:b764:cd74 128 RouterAdv... Random PreferredActiveStore 37 2a02:1205:5078:1db0:145e:ea51:ed90:b7f1 64 RouterAdv... Link PreferredActiveStore 37 192.168.1.67 24 Dhcp Dhcp PreferredActiveStore Let me know if we also need to capture the communication between the browser and tomcat as this requires for me to setup Wireshark for Loopback capturing. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65979] Connection is closed when keep-alive is specified
https://bz.apache.org/bugzilla/show_bug.cgi?id=65979 --- Comment #3 from Christopher Schultz --- (In reply to Patrick from comment #2) > Thank you for quick reply! Yes, familiar with RFC and just spent a few days > tracking this down. I understand where you guys are coming from. Suggestions > for improvement because I would hate someone else to have to track this down > as I did. > > - Add logging statement at warn level indicating modification to request -1 DOS to log file > - Add configurable attribute that would allow user to immediately fail > request with 400 +1 patches are welcome > - Document this behavior somewhere How far should this go? We don't document every (any?) case of HTTP status codes for other things. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JDK 18 General Availability, and oracle-actions/setup-java
David, On 3/28/22 08:13, David Delabassee wrote: JDK 18 has been released (General Availability) on March 22nd as > > [...] > - JEP 408: Simple Web Server Let's hope it no longer has that crippling memory leak from the "good old" (aka not-good) com.sun.net.httpserver simple web server. /snark :) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: EOL dates for Tomcat 5.0 and 4.1?
Jon, On 3/28/22 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote: If nobody else does, I dub thee "The Librarian"!!! Stack Overflow rewards this kind of work with a badge called "Necromancer". -chris -Original Message- From: Konstantin Kolinko Sent: Monday, March 28, 2022 3:10 PM To: Tomcat Developers List Subject: Re: EOL dates for Tomcat 5.0 and 4.1? пн, 28 мар. 2022 г. в 19:36, Christopher Schultz : All, Did the Apache Tomcat project ever officially announce an EOL date for Tomcat 5.0 and 4.x? Or for 3.x for that matter? I was looking at the Wikipedia page for Tomcat and they didn't have EOL dates for anything before 6.0, so I filled-in the date for 5.5 but I can't find older EOL announcements. This page https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.html __;!!F9svGWnIaVPGSwU!4-uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- TYFUYkf3eJ0sPNo0qeZD3uJMMiN0hd0o$ contains links to the EOL announcements for 5.5, 6.0, 7.0, and 8.0. I wonder if the project ever made any "official" EOL announcements for those versions, and whether or not anyone cares enough to make those announcements at this point, just for "posterity"? Not to fix the Wikipedia page, but more to have something official to point to to say "this version is officially unsupported by the vendor" just in case some dummy somewhere wants to say "we run the latest available version of Tomcat 4.1 from the vendor" and their product is therefore full of holes. announce@ list was created in June 2009, so all those announcements were on users@ https://urldefense.com/v3/__https://lists.apache.org/thread/z6ljrkdqtjgnm xfctnk6f1v4dp42ptnw__;!!F9svGWnIaVPGSwU!4- uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- TYFUYkf3eJ0sPNo0qeZD3uJMMVZP8zeA$ [ANN] Apache Tomcat 5.0.x no longer supported 2007-10-23 https://urldefense.com/v3/__https://lists.apache.org/thread/nw4vpbwgrn4 80gsvn06f4qj4yhoo89v7__;!!F9svGWnIaVPGSwU!4- uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- TYFUYkf3eJ0sPNo0qeZD3uJMMhMlY8qA$ [ANN] Tomcat support status 2008-03-13 - It involved site cleanup, immediate EOL for 3.3, and EOL for 4.1 announced to be June 2009. BTW, if anyone is interested, announcements for the last releases of 4.0 and 3.3: https://urldefense.com/v3/__https://lists.apache.org/thread/v1ccn429s9lh3 2ypvwwhxo26zhh1965c__;!!F9svGWnIaVPGSwU!4- uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- TYFUYkf3eJ0sPNo0qeZD3uJMMLnhTHRU$ [ANN] Apache Tomcat 4.1.40 stable is now available 2009-06-26 "Apache Tomcat 4.1.40 is very likely to be the last release of the 4.1.x series." https://urldefense.com/v3/__https://lists.apache.org/thread/q0bb1756s8zx g949ocodmm2j2o9ntpfq__;!!F9svGWnIaVPGSwU!4- uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- TYFUYkf3eJ0sPNo0qeZD3uJMM-UQ43E4$ [ANN] Release of Tomcat 3.3.2 2004-03-09. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #18 from Christopher Schultz --- (In reply to Martin Stangl from comment #17) > I captured the traffic from when the client certificate is submitted to the > server until the authentication completed. So basically the full 60 seconds > of delay. > > Wireshark could not capture anything while my machine was offline, which is > understandable. I think you misunderstood what I was suggesting: using Wireshark to monitor *outbound* traffic during your testing. We want to catch whatever process is making an outgoing connection and timing out. Wireshark should definitely be able to tell you *something* is happening. DNS lookup, or connection-attempt to some remote service which fails after 60 seconds when you are connected and fails *immediately* when you are not connected. > Let me know if we also need to capture the communication between the browser > and tomcat as this requires for me to setup Wireshark for Loopback capturing. No need to capture anything between the browser and the server. I'm only interested in seeing what the server is trying to do when you authenticate. I suspect if you look for new connection attempts (on any protocol, to any host/port) as you authenticate, and you ignore the connection from the browser -> Tomcat, you'll find the answer pretty quickly. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: EOL dates for Tomcat 5.0 and 4.1?
Chris, Yeah, but, this is Tomcat, not Stack Overflow. :-) Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Christopher Schultz > Sent: Monday, March 28, 2022 4:47 PM > To: dev@tomcat.apache.org > Subject: Re: EOL dates for Tomcat 5.0 and 4.1? > > Jon, > > On 3/28/22 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote: > > If nobody else does, I dub thee > > > > "The Librarian"!!! > > Stack Overflow rewards this kind of work with a badge called "Necromancer". > > -chris > > >> -Original Message- > >> From: Konstantin Kolinko > >> Sent: Monday, March 28, 2022 3:10 PM > >> To: Tomcat Developers List > >> Subject: Re: EOL dates for Tomcat 5.0 and 4.1? > >> > >> пн, 28 мар. 2022 г. в 19:36, Christopher Schultz > >> : > >>> > >>> All, > >>> > >>> Did the Apache Tomcat project ever officially announce an EOL date > >>> for Tomcat 5.0 and 4.x? Or for 3.x for that matter? > >>> > >>> I was looking at the Wikipedia page for Tomcat and they didn't have > >>> EOL dates for anything before 6.0, so I filled-in the date for 5.5 > >>> but I can't find older EOL announcements. > >>> > >>> This page > >>> > >> > https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.ht > >> ml > >> __;!!F9svGWnIaVPGSwU!4-uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > >> TYFUYkf3eJ0sPNo0qeZD3uJMMiN0hd0o$ contains links to the EOL > >> announcements for 5.5, 6.0, 7.0, and 8.0. > >>> > >>> I wonder if the project ever made any "official" EOL announcements > >>> for those versions, and whether or not anyone cares enough to make > >>> those announcements at this point, just for "posterity"? Not to fix > >>> the Wikipedia page, but more to have something official to point to > >>> to say "this version is officially unsupported by the vendor" just > >>> in case some dummy somewhere wants to say "we run the latest > >>> available version of Tomcat 4.1 from the vendor" and their product is > therefore full of holes. > >> > >> announce@ list was created in June 2009, so all those announcements > >> were on users@ > >> > >> https://urldefense.com/v3/__https://lists.apache.org/thread/z6ljrkdqt > >> jgnm > >> xfctnk6f1v4dp42ptnw__;!!F9svGWnIaVPGSwU!4- > >> uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > >> TYFUYkf3eJ0sPNo0qeZD3uJMMVZP8zeA$ > >> [ANN] Apache Tomcat 5.0.x no longer supported > >> 2007-10-23 > >> > >> > https://urldefense.com/v3/__https://lists.apache.org/thread/nw4vpbwgr > >> n4 > >> 80gsvn06f4qj4yhoo89v7__;!!F9svGWnIaVPGSwU!4- > >> uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > >> TYFUYkf3eJ0sPNo0qeZD3uJMMhMlY8qA$ > >> [ANN] Tomcat support status > >> 2008-03-13 > >> - It involved site cleanup, immediate EOL for 3.3, and EOL for 4.1 > >> announced to be June 2009. > >> > >> > >> BTW, if anyone is interested, announcements for the last releases of > >> 4.0 and 3.3: > >> > >> https://urldefense.com/v3/__https://lists.apache.org/thread/v1ccn429s > >> 9lh3 > >> 2ypvwwhxo26zhh1965c__;!!F9svGWnIaVPGSwU!4- > >> uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > >> TYFUYkf3eJ0sPNo0qeZD3uJMMLnhTHRU$ > >> [ANN] Apache Tomcat 4.1.40 stable is now available > >> 2009-06-26 > >> "Apache Tomcat 4.1.40 is very likely to be the last release of the > >> 4.1.x series." > >> > >> https://urldefense.com/v3/__https://lists.apache.org/thread/q0bb1756s > >> 8zx > >> g949ocodmm2j2o9ntpfq__;!!F9svGWnIaVPGSwU!4- > >> uXfWX21aLQ75RonP7ikKOuxTyuxhzpEAg1A3- > >> TYFUYkf3eJ0sPNo0qeZD3uJMM-UQ43E4$ > >> [ANN] Release of Tomcat 3.3.2 > >> 2004-03-09. > >> > >> Best regards, > >> Konstantin Kolinko > >> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For > >> additional commands, e-mail: dev-h...@tomcat.apache.org > > > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For > > additional commands, e-mail: dev-h...@tomcat.apache.org > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional > commands, e-mail: dev-h...@tomcat.apache.org
Re: EOL dates for Tomcat 5.0 and 4.1?
вт, 29 мар. 2022 г. в 00:47, Christopher Schultz : > > Jon, > > On 3/28/22 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote: > > If nobody else does, I dub thee > > > > "The Librarian"!!! > > Stack Overflow rewards this kind of work with a badge called "Necromancer". I happen to have 3 of those, though it looks that the official cause for them is a bit different. https://stackoverflow.com/users/4116988/konstantin-kolinko?tab=badges What astonished me while looking through the archives is that I was one of the people who tested and voted for the 4.1.40 release. Time flies fast. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #19 from Martin Stangl --- (In reply to Christopher Schultz from comment #18) > I think you misunderstood what I was suggesting: using Wireshark to monitor > *outbound* traffic during your testing. This is exactly what I captured. Every packet leaving the machine during the authentication process. > making an outgoing connection and timing out. Wireshark should definitely be > able to tell you *something* is happening. DNS lookup, or connection-attempt > to some remote service which fails after 60 seconds when you are connected > and fails *immediately* when you are not connected. Wireshark does not get anything if no interface is connected. And this makes sense to me, because to which of the not connected interface should the traffic go? It does not make it so far, therefore Wireshark will not get anything to capture. And as I mentioned before: Wait time is still 60 seconds, even with immediate network communication failures due to having no network connection. So the delay might still be related to communication, but is most likely not originating from the network code. The relevant request should be in the first 2 to 3 seconds of each capture, but there is nothing in there which is common to the three captures. The only SYNs without ACKs I see are related to some devices on the WLAN (a Huawai Honor 7, I could not identify the other device). Also they start a little too late and the retries end way before 60 seconds. So as far as I can tell, nothing goes out which relates to the issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65975] CLIENT-CERT authentication does not request cert from client and always denies access (401)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975 --- Comment #20 from Martin Stangl --- I verified that the 6 milliseconds delay are the timeout configured by the connectionTimeout parameter of the connector. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
