[tomcat] branch 9.0.x updated: Update timestamp
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new eff7b48 Update timestamp eff7b48 is described below commit eff7b489d4e804878e0ec15c74cb3a698c2d363c Author: remm AuthorDate: Wed Mar 30 09:44:24 2022 +0200 Update timestamp --- build.properties.default | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index 5dfc45b..b3bc617 100644 --- a/build.properties.default +++ b/build.properties.default @@ -38,8 +38,8 @@ version.suffix=-dev # - Reproducible builds - # Uncomment and set to current time for reproducible builds # Note: The value is in seconds (unlike milliseconds used by System.currentTimeMillis()). -#2022-02-21T12:00:00Z -#ant.tstamp.now=1645444800 +#2022-03-30T00:00:00Z +#ant.tstamp.now=1648598400 # - Source control flags - git.branch=9.0.x - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] tag 9.0.61 created (now 6c6432a)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to tag 9.0.61 in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 6c6432a (commit) This tag includes the following new commits: new 6c6432a Tag 9.0.61 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: Tag 9.0.61
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to tag 9.0.61 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6c6432ac1416ed369f892b9ce76e10c7eb10b91c Author: remm AuthorDate: Wed Mar 30 09:49:33 2022 +0200 Tag 9.0.61 --- build.properties.default | 2 +- webapps/docs/changelog.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index b3bc617..1b5f710 100644 --- a/build.properties.default +++ b/build.properties.default @@ -33,7 +33,7 @@ version.major=9 version.minor=0 version.build=61 version.patch=0 -version.suffix=-dev +version.suffix= # - Reproducible builds - # Uncomment and set to current time for reproducible builds diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 442f4ad..556b77b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,7 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Next is 9.0.62
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 7307ee5 Next is 9.0.62 7307ee5 is described below commit 7307ee5b0e4e88eb00ba3ce86a05e356725949c0 Author: remm AuthorDate: Wed Mar 30 09:51:13 2022 +0200 Next is 9.0.62 --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index b3bc617..a8db96f 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=9 version.minor=0 -version.build=61 +version.build=62 version.patch=0 version.suffix=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index e47aef4..dd320d2 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=9.0.61 +maven.asf.release.deploy.version=9.0.62 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 442f4ad..6bdf4b6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Use better location for Tomcat pid file in example
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 0c35e93 Use better location for Tomcat pid file in example 0c35e93 is described below commit 0c35e93139d66c4e86f0685db384f9f7ed395ad4 Author: Mark Thomas AuthorDate: Wed Mar 30 09:09:31 2022 +0100 Use better location for Tomcat pid file in example --- RUNNING.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RUNNING.txt b/RUNNING.txt index 7ae9cad..f26a8b0 100644 --- a/RUNNING.txt +++ b/RUNNING.txt @@ -163,7 +163,7 @@ On Windows, %CATALINA_BASE%\bin\setenv.bat: On *nix, $CATALINA_BASE/bin/setenv.sh: JRE_HOME=/usr/java/latest - CATALINA_PID="$CATALINA_BASE/tomcat.pid" + CATALINA_PID="/run/tomcat.pid" The CATALINA_HOME and CATALINA_BASE variables cannot be configured in the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Use better location for Tomcat pid file in example
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new 8eef1c2 Use better location for Tomcat pid file in example 8eef1c2 is described below commit 8eef1c2d4b55025156c1680a9e3f69a643d65e5b Author: Mark Thomas AuthorDate: Wed Mar 30 09:09:31 2022 +0100 Use better location for Tomcat pid file in example --- RUNNING.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RUNNING.txt b/RUNNING.txt index a4b2d76..a0fe5ab 100644 --- a/RUNNING.txt +++ b/RUNNING.txt @@ -163,7 +163,7 @@ On Windows, %CATALINA_BASE%\bin\setenv.bat: On *nix, $CATALINA_BASE/bin/setenv.sh: JRE_HOME=/usr/java/latest - CATALINA_PID="$CATALINA_BASE/tomcat.pid" + CATALINA_PID="/run/tomcat.pid" The CATALINA_HOME and CATALINA_BASE variables cannot be configured in the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r53450 - in /dev/tomcat/tomcat-9/v9.0.61: ./ bin/ bin/embed/ src/
Author: remm Date: Wed Mar 30 08:13:45 2022 New Revision: 53450 Log: Upload 9.0.61 for voting Added: dev/tomcat/tomcat-9/v9.0.61/ dev/tomcat/tomcat-9/v9.0.61/KEYS dev/tomcat/tomcat-9/v9.0.61/README.html dev/tomcat/tomcat-9/v9.0.61/RELEASE-NOTES dev/tomcat/tomcat-9/v9.0.61/bin/ dev/tomcat/tomcat-9/v9.0.61/bin/README.html dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-deployer.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-deployer.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-deployer.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-deployer.zip (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-deployer.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-deployer.zip.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-fulldocs.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-fulldocs.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-windows-x64.zip (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-windows-x64.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-windows-x64.zip.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-windows-x86.zip (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-windows-x86.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61-windows-x86.zip.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.exe (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.exe.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.exe.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.zip (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/apache-tomcat-9.0.61.zip.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/embed/ dev/tomcat/tomcat-9/v9.0.61/bin/embed/apache-tomcat-9.0.61-embed.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.61/bin/embed/apache-tomcat-9.0.61-embed.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/embed/apache-tomcat-9.0.61-embed.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.61/bin/embed/apache-tomcat-9.0.61-embed.zip (with props) dev/tomcat/tomcat-9/v9.0.61/bin/embed/apache-tomcat-9.0.61-embed.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.61/bin/embed/apache-tomcat-9.0.61-embed.zip.sha512 dev/tomcat/tomcat-9/v9.0.61/src/ dev/tomcat/tomcat-9/v9.0.61/src/apache-tomcat-9.0.61-src.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.61/src/apache-tomcat-9.0.61-src.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.61/src/apache-tomcat-9.0.61-src.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.61/src/apache-tomcat-9.0.61-src.zip (with props) dev/tomcat/tomcat-9/v9.0.61/src/apache-tomcat-9.0.61-src.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.61/src/apache-tomcat-9.0.61-src.zip.sha512 Added: dev/tomcat/tomcat-9/v9.0.61/KEYS == --- dev/tomcat/tomcat-9/v9.0.61/KEYS (added) +++ dev/tomcat/tomcat-9/v9.0.61/KEYS Wed Mar 30 08:13:45 2022 @@ -0,0 +1,237 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 1024D/33C60243 2004-09-12 + Key fingerprint = DCFD 35E0 BF8C A734 4752 DE8B 6FB2 1E89 33C6 0243 +uid Mark E D Thomas +uid Mark E D Thomas +uid Mark E D Thomas +sub 2048g/0BECE548 2004-09-12 + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Version: GnuPG v1.4.9 (MingW32) + +mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL +rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw +4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u +k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9TpNHkKSSUR2evRlWPYA0YtxBSbsgON +tT0cYipAp5IcYt6Zq5QzHiZreyQXLAjItDS2oGCIXfNbTYJ3kxxJTCU/3wlefV
[tomcat] branch 8.5.x updated: Use better location for Tomcat pid file in example
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 80da170 Use better location for Tomcat pid file in example 80da170 is described below commit 80da1708d80eeac4c1fbb3a372c4be2a4663b5e1 Author: Mark Thomas AuthorDate: Wed Mar 30 09:09:31 2022 +0100 Use better location for Tomcat pid file in example --- RUNNING.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RUNNING.txt b/RUNNING.txt index 4ed846f..ba36d53 100644 --- a/RUNNING.txt +++ b/RUNNING.txt @@ -163,7 +163,7 @@ On Windows, %CATALINA_BASE%\bin\setenv.bat: On *nix, $CATALINA_BASE/bin/setenv.sh: JRE_HOME=/usr/java/latest - CATALINA_PID="$CATALINA_BASE/tomcat.pid" + CATALINA_PID="/run/tomcat.pid" The CATALINA_HOME and CATALINA_BASE variables cannot be configured in the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65970] Tomcat cannot startup due to Stale PID
https://bz.apache.org/bugzilla/show_bug.cgi?id=65970 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #6 from Mark Thomas --- There was only one mention of a specific location for CATALINA_PID in the docs in RUNNING.txt and I have updated that to use /run As per previous comments, I'm resolving this as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Use better location for Tomcat pid file in example
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new d26dd5c Use better location for Tomcat pid file in example d26dd5c is described below commit d26dd5cfe415f8048b502f6fe0285b58998750a3 Author: Mark Thomas AuthorDate: Wed Mar 30 09:09:31 2022 +0100 Use better location for Tomcat pid file in example --- RUNNING.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RUNNING.txt b/RUNNING.txt index a4b2d76..a0fe5ab 100644 --- a/RUNNING.txt +++ b/RUNNING.txt @@ -163,7 +163,7 @@ On Windows, %CATALINA_BASE%\bin\setenv.bat: On *nix, $CATALINA_BASE/bin/setenv.sh: JRE_HOME=/usr/java/latest - CATALINA_PID="$CATALINA_BASE/tomcat.pid" + CATALINA_PID="/run/tomcat.pid" The CATALINA_HOME and CATALINA_BASE variables cannot be configured in the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 9.0.61
The proposed Apache Tomcat 9.0.61 release is now available for voting. The notable changes compared to 9.0.60 are: - Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received. - Fix a regression introduced with 65757 bugfix which better identified non request threads but which introduced a similar problem when user code was doing sequential operations in a single thread. - When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call. Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.61/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1366 The tag is: https://github.com/apache/tomcat/tree/9.0.61 6c6432ac1416ed369f892b9ce76e10c7eb10b91c The proposed 9.0.61 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 9.0.61 (stable) Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.0-M13
[ X ] Alpha - go ahead and release as 10.1.0-M13 (alpha) Simple unzip & run on Linux seems to work fine! Ray On Tue, Mar 29, 2022 at 7:06 PM Mark Thomas wrote: > The proposed Apache Tomcat 10.1.0-M13 release is now available for > voting. > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > The notable changes compared to 10.1.0-M12 are: > > - Update the packaged version of the Tomcat Native Library to 1.2.32 to >pick up Windows binaries built with OpenSSL 1.1.1n. > > - Improve logging of unknown HTTP/2 settings frames. Pull request by >Thomas Hoffmann. > > - Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was >renamed for Jakarta EE 10) > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M13/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1364 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.0-M13 > faa2582152d9dcbcb444700df340e10a85fc375f > > > The proposed 10.1.0-M13 release is: > [ ] Broken - do not release > [ ] Alpha - go ahead and release as 10.1.0-M13 (alpha) > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- *Raymond Augé* (@rotty3000) Senior Software Architect *Liferay, Inc.* (@Liferay) OSGi Fellow, Java Champion
Re: [VOTE] Release Apache Tomcat 10.0.19
[ X ] Stable - go ahead and release as 10.0.19 (stable) Simple unzip & run on Linux seems to work fine! On Tue, Mar 29, 2022 at 7:49 PM Mark Thomas wrote: > The proposed Apache Tomcat 10.0.19 release is now available for > voting. > > Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary > package for all the specification APIs has changed from javax.* to > jakarta.* > > Applications that run on Tomcat 9 will not run on Tomcat 10 without > changes. Java EE applications designed for Tomcat 9 and earlier may be > placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will > automatically convert them to Jakarta EE and copy them to the webapps > directory > > The notable changes compared to 10.0.18 are: > > - Update the packaged version of the Tomcat Native Library to 1.2.32 to >pick up Windows binaries built with OpenSSL 1.1.1n. > > - Improve logging of unknown HTTP/2 settings frames. Pull request by >Thomas Hoffmann. > > - Add additional warnings if incompatible TLS configurations are used >such as HTTP/2 with CLIENT-CERT authentication > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.19/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1365 > > The tag is: > https://github.com/apache/tomcat/tree/10.0.19 > 0b4fe866e5a4e06481e5019be9468e10790647ba > > The proposed 10.0.19 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 10.0.19 (stable) > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- *Raymond Augé* (@rotty3000) Senior Software Architect *Liferay, Inc.* (@Liferay) OSGi Fellow, Java Champion
Re: [VOTE] Release Apache Tomcat 9.0.61
[ X ] Stable - go ahead and release as 9.0.61 (stable) Unzip and run worked fine on Linux. On Wed, Mar 30, 2022 at 4:22 AM Rémy Maucherat wrote: > The proposed Apache Tomcat 9.0.61 release is now available for voting. > > The notable changes compared to 9.0.60 are: > > - Fix a potential thread-safety issue that could cause HTTP/1.1 request >processing to pause, and potentially timeout, waiting for additional >data when the full request has been received. > > - Fix a regression introduced with 65757 bugfix which better identified >non request threads but which introduced a similar problem when user >code was doing sequential operations in a single thread. > > - When resolving methods in EL expressions that use beans and/or static >fields, ensure that any custom type conversion is considered when >identifying the method to call. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.61/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1366 > The tag is: > https://github.com/apache/tomcat/tree/9.0.61 > 6c6432ac1416ed369f892b9ce76e10c7eb10b91c > > The proposed 9.0.61 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 9.0.61 (stable) > > Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- *Raymond Augé* (@rotty3000) Senior Software Architect *Liferay, Inc.* (@Liferay) OSGi Fellow, Java Champion
[tomcat] 02/02: Fix BZ 65736 replace forceString with a String setter lookup
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3ab593bfaa372422b6071c4be29c97a14f5f8f01
Author: Mark Thomas
AuthorDate: Wed Mar 30 12:37:26 2022 +0100
Fix BZ 65736 replace forceString with a String setter lookup
---
java/org/apache/naming/factory/BeanFactory.java| 77 --
.../apache/naming/factory/LocalStrings.properties | 1 +
.../org/apache/naming/factory/TestBeanFactory.java | 67
test/org/apache/naming/factory/TesterBean.java | 41
webapps/docs/changelog.xml | 10 ++
webapps/docs/jndi-resources-howto.xml | 112 +++--
6 files changed, 155 insertions(+), 153 deletions(-)
diff --git a/java/org/apache/naming/factory/BeanFactory.java
b/java/org/apache/naming/factory/BeanFactory.java
index 7a42991..1f207cd 100644
--- a/java/org/apache/naming/factory/BeanFactory.java
+++ b/java/org/apache/naming/factory/BeanFactory.java
@@ -19,13 +19,9 @@ package org.apache.naming.factory;
import java.beans.BeanInfo;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
-import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Enumeration;
-import java.util.HashMap;
import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Map;
import javax.naming.Context;
import javax.naming.Name;
@@ -34,6 +30,8 @@ import javax.naming.RefAddr;
import javax.naming.Reference;
import javax.naming.spi.ObjectFactory;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
import org.apache.naming.ResourceRef;
import org.apache.naming.StringManager;
@@ -92,6 +90,8 @@ public class BeanFactory implements ObjectFactory {
private static final StringManager sm =
StringManager.getManager(BeanFactory.class);
+private final Log log = LogFactory.getLog(BeanFactory.class); // Not static
+
/**
* Create a new Bean instance.
*
@@ -125,44 +125,14 @@ public class BeanFactory implements ObjectFactory {
Object bean = beanClass.getConstructor().newInstance();
-/* Look for properties with explicitly configured setter */
+// Look for the removed forceString option
RefAddr ra = ref.get("forceString");
-Map forced = new HashMap<>();
-String value;
-
if (ra != null) {
-value = (String)ra.getContent();
-Class paramTypes[] = new Class[1];
-paramTypes[0] = String.class;
-String setterName;
-int index;
-
-/* Items are given as comma separated list */
-for (String param: value.split(",")) {
-param = param.trim();
-/* A single item can either be of the form name=method
- * or just a property name (and we will use a standard
- * setter) */
-index = param.indexOf('=');
-if (index >= 0) {
-setterName = param.substring(index + 1).trim();
-param = param.substring(0, index).trim();
-} else {
-setterName = "set" +
- param.substring(0,
1).toUpperCase(Locale.ENGLISH) +
- param.substring(1);
-}
-try {
-forced.put(param, beanClass.getMethod(setterName,
paramTypes));
-} catch (NoSuchMethodException|SecurityException ex) {
-throw new NamingException
-("Forced String setter " + setterName +
- " not found for property " + param);
-}
-}
+log.warn(sm.getString("beanFactory.noForceString"));
}
Enumeration e = ref.getAll();
+String value;
while (e.hasMoreElements()) {
@@ -180,28 +150,13 @@ public class BeanFactory implements ObjectFactory {
Object[] valueArray = new Object[1];
-/* Shortcut for properties with explicitly configured
setter */
-Method method = forced.get(propName);
-if (method != null) {
-valueArray[0] = value;
-try {
-method.invoke(bean, valueArray);
-} catch (IllegalAccessException|
- IllegalArgumentException|
- InvocationTargetException ex) {
-
[tomcat] 01/02: Clean-up. No fucntional change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 63279f47db0b05c8eb6650d2e92993cb051bc56a
Author: Mark Thomas
AuthorDate: Wed Mar 30 11:58:32 2022 +0100
Clean-up. No fucntional change.
---
java/org/apache/naming/factory/BeanFactory.java| 96 +++---
.../apache/naming/factory/LocalStrings.properties | 5 ++
2 files changed, 33 insertions(+), 68 deletions(-)
diff --git a/java/org/apache/naming/factory/BeanFactory.java
b/java/org/apache/naming/factory/BeanFactory.java
index 6bf9352..7a42991 100644
--- a/java/org/apache/naming/factory/BeanFactory.java
+++ b/java/org/apache/naming/factory/BeanFactory.java
@@ -35,6 +35,7 @@ import javax.naming.Reference;
import javax.naming.spi.ObjectFactory;
import org.apache.naming.ResourceRef;
+import org.apache.naming.StringManager;
/**
* Object factory for any Resource conforming to the JavaBean spec.
@@ -87,23 +88,9 @@ import org.apache.naming.ResourceRef;
*
* @author Aner Perez [aner at ncstech.com]
*/
-public class BeanFactory
-implements ObjectFactory {
-
-// --- Constructors
-
-
-// -- Constants
-
-
-// - Instance Variables
-
-
-// - Public Methods
-
-
-// -- ObjectFactory Methods
+public class BeanFactory implements ObjectFactory {
+private static final StringManager sm =
StringManager.getManager(BeanFactory.class);
/**
* Create a new Bean instance.
@@ -111,34 +98,26 @@ public class BeanFactory
* @param obj The reference object describing the Bean
*/
@Override
-public Object getObjectInstance(Object obj, Name name, Context nameCtx,
-Hashtable environment)
-throws NamingException {
+public Object getObjectInstance(Object obj, Name name, Context nameCtx,
Hashtable environment)
+throws NamingException {
if (obj instanceof ResourceRef) {
try {
-
Reference ref = (Reference) obj;
String beanClassName = ref.getClassName();
Class beanClass = null;
-ClassLoader tcl =
-Thread.currentThread().getContextClassLoader();
-if (tcl != null) {
-try {
+ClassLoader tcl =
Thread.currentThread().getContextClassLoader();
+try {
+if (tcl != null) {
beanClass = tcl.loadClass(beanClassName);
-} catch(ClassNotFoundException e) {
-}
-} else {
-try {
+} else {
beanClass = Class.forName(beanClassName);
-} catch(ClassNotFoundException e) {
-e.printStackTrace();
}
-}
-if (beanClass == null) {
-throw new NamingException
-("Class not found: " + beanClassName);
+} catch(ClassNotFoundException cnfe) {
+NamingException ne = new
NamingException(sm.getString("beanFactory.classNotFound", beanClassName));
+ne.initCause(cnfe);
+throw ne;
}
BeanInfo bi = Introspector.getBeanInfo(beanClass);
@@ -174,8 +153,7 @@ public class BeanFactory
param.substring(1);
}
try {
-forced.put(param,
- beanClass.getMethod(setterName,
paramTypes));
+forced.put(param, beanClass.getMethod(setterName,
paramTypes));
} catch (NoSuchMethodException|SecurityException ex) {
throw new NamingException
("Forced String setter " + setterName +
@@ -219,7 +197,7 @@ public class BeanFactory
}
int i = 0;
-for (i = 0; i
[tomcat] branch main updated (0c35e93 -> 3ab593b)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 0c35e93 Use better location for Tomcat pid file in example new 63279f47 Clean-up. No fucntional change. new 3ab593b Fix BZ 65736 replace forceString with a String setter lookup The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/naming/factory/BeanFactory.java| 165 ++--- .../apache/naming/factory/LocalStrings.properties | 6 + .../org/apache/naming/factory/TestBeanFactory.java | 67 + .../org/apache/naming/factory/TesterBean.java | 28 +++- webapps/docs/changelog.xml | 10 ++ webapps/docs/jndi-resources-howto.xml | 112 ++ 6 files changed, 163 insertions(+), 225 deletions(-) create mode 100644 test/org/apache/naming/factory/TestBeanFactory.java copy java/org/apache/catalina/ha/backend/Proxy.java => test/org/apache/naming/factory/TesterBean.java (62%) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove trailing spaces
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 80ddfba Remove trailing spaces
80ddfba is described below
commit 80ddfba2f62af1d9b8228d2c5796ef8359136898
Author: Mark Thomas
AuthorDate: Wed Mar 30 12:38:36 2022 +0100
Remove trailing spaces
---
webapps/docs/jndi-resources-howto.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/webapps/docs/jndi-resources-howto.xml
b/webapps/docs/jndi-resources-howto.xml
index f19f0a5..8bcc694 100644
--- a/webapps/docs/jndi-resources-howto.xml
+++ b/webapps/docs/jndi-resources-howto.xml
@@ -333,15 +333,15 @@ writer.println("foo = " + bean.getFoo() + ", bar = " +
BeanFactory will convert the value to the appropriate primitive or
primitive wrapper and then use that value when calling the setter. Some
beans have properties with types that cannot automatically be converted
-from String. If the bean provides an alternative setter with
+from String. If the bean provides an alternative setter with
the same name that does take a String, the BeanFactory will
attempt to use that setter. If the BeanFactory cannot use the value or
perform an appropriate conversion, setting the property will fail with a
NamingException.
-
+
The forceString property available in earlier Tomcat
releases has been removed as a security hardening measure.
-
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection
https://bz.apache.org/bugzilla/show_bug.cgi?id=65736 --- Comment #11 from Mark Thomas --- I've implemented this alternative approach for 10.1.x. It isn't as generic as forceString but it is sufficient to meet the original requirement. Two questions: 1. Should we back-port this? If so, how far? 2. Do we want to expand conversion so if the setter is for Type T that we can't convert and T has a constructor T(String) we use that constructor to create an instance of T and then pass that to the setter? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Increment version for next dev cycle
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new ba31e8c Increment version for next dev cycle ba31e8c is described below commit ba31e8c9cb0b82bc125a24bdc4ee2be7d43b6f61 Author: Mark Thomas AuthorDate: Wed Mar 30 12:43:31 2022 +0100 Increment version for next dev cycle --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index a3b75ae..faf6523 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=0 -version.build=19 +version.build=20 version.patch=0 version.suffix=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 29a2e43..d2e1e88 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.0.19 +maven.asf.release.deploy.version=10.0.20 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 2195c9d..afb1ff6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Call for Presentations now open, ApacheCon North America 2022
[You are receiving this because you are subscribed to one or more user or dev mailing list of an Apache Software Foundation project.] ApacheCon draws participants at all levels to explore “Tomorrow’s Technology Today” across 300+ Apache projects and their diverse communities. ApacheCon showcases the latest developments in ubiquitous Apache projects and emerging innovations through hands-on sessions, keynotes, real-world case studies, trainings, hackathons, community events, and more. The Apache Software Foundation will be holding ApacheCon North America 2022 at the New Orleans Sheration, October 3rd through 6th, 2022. The Call for Presentations is now open, and will close at 00:01 UTC on May 23rd, 2022. We are accepting presentation proposals for any topic that is related to the Apache mission of producing free software for the public good. This includes, but is not limited to: Community Big Data Search IoT Cloud Fintech Pulsar Tomcat You can submit your session proposals starting today at https://cfp.apachecon.com/ Rich Bowen, on behalf of the ApacheCon Planners apachecon.com @apachecon - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.61
On 30/03/2022 10:21, Rémy Maucherat wrote: [X] Stable - go ahead and release as 9.0.61 (stable) Tested with tc-native-1.2.32 on fedora35 [jfclere@ovpn-113-163 tomcat-native-tests]$ java --version +++ openjdk 11.0.14.1 2022-02-08 OpenJDK Runtime Environment 18.9 (build 11.0.14.1+1) OpenJDK 64-Bit Server VM 18.9 (build 11.0.14.1+1, mixed mode, sharing) +++ -- Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: EOL dates for Tomcat 5.0 and 4.1?
Konstantin, On 3/28/22 18:23, Konstantin Kolinko wrote: вт, 29 мар. 2022 г. в 00:47, Christopher Schultz : Jon, On 3/28/22 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote: If nobody else does, I dub thee "The Librarian"!!! Stack Overflow rewards this kind of work with a badge called "Necromancer". I happen to have 3 of those, though it looks that the official cause for them is a bit different. https://stackoverflow.com/users/4116988/konstantin-kolinko?tab=badges I've got 7 :p :) What astonished me while looking through the archives is that I was one of the people who tested and voted for the 4.1.40 release. Time flies fast. Wow it really does. During my first ApacheCon in Atlanta, we were discussing whether or not Tomcat 7.0 to be be released stable or not. We decided "not" and waited another 2 months to release the first stable version. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Security hardening. Deprecate getResources() and always return null.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1abcf3f Security hardening. Deprecate getResources() and always
return null.
1abcf3f is described below
commit 1abcf3f4d741c824ae490009fe32ce300f10eddc
Author: Mark Thomas
AuthorDate: Wed Mar 30 20:22:49 2022 +0100
Security hardening. Deprecate getResources() and always return null.
This method is never used by Tomcat. If something accidently exposes the
class loader then this method can be used to gain access to Tomcat
internals.
---
java/org/apache/catalina/loader/WebappClassLoaderBase.java | 7 ++-
webapps/docs/changelog.xml | 6 ++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index b10d4fc..0a0053e 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -428,10 +428,15 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
// - Properties
/**
+ * Unused. Always returns {@code null}.
+ *
* @return associated resources.
+ *
+ * @deprecated This will be removed in Tomcat 10.1.x onwards
*/
+@Deprecated
public WebResourceRoot getResources() {
-return this.resources;
+return null;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8115d94..61180d2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,12 @@
for an alternative setter with the same name that accepts a
String. This is a security hardening measure. (markt)
+
+ Effectively disable the
+ WebappClassLoaderBase.getResources() method as it is not
+ used and if something accidently exposes the class loader this method
+ can be used to gain access to Tomcat internals. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Security hardening. Deprecate getResources() and always return null.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 8af3ae9 Security hardening. Deprecate getResources() and always
return null.
8af3ae9 is described below
commit 8af3ae9fdc3d4a06ccafbde0d7fc441dd9e64bfe
Author: Mark Thomas
AuthorDate: Wed Mar 30 20:22:49 2022 +0100
Security hardening. Deprecate getResources() and always return null.
This method is never used by Tomcat. If something accidently exposes the
class loader then this method can be used to gain access to Tomcat
internals.
---
java/org/apache/catalina/loader/WebappClassLoaderBase.java | 7 ++-
webapps/docs/changelog.xml | 10 ++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 00e4fc3..5e579b3 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -427,10 +427,15 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
// - Properties
/**
+ * Unused. Always returns {@code null}.
+ *
* @return associated resources.
+ *
+ * @deprecated This will be removed in Tomcat 10.1.x onwards
*/
+@Deprecated
public WebResourceRoot getResources() {
-return this.resources;
+return null;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index afb1ff6..512eec7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,16 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+ Effectively disable the
+ WebappClassLoaderBase.getResources() method as it is not
+ used and if something accidently exposes the class loader this method
+ can be used to gain access to Tomcat internals. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Security hardening. Deprecate getResources() and always return null.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 8a904f6 Security hardening. Deprecate getResources() and always
return null.
8a904f6 is described below
commit 8a904f6065080409a1e00606cd7bceec6ad8918c
Author: Mark Thomas
AuthorDate: Wed Mar 30 20:22:49 2022 +0100
Security hardening. Deprecate getResources() and always return null.
This method is never used by Tomcat. If something accidently exposes the
class loader then this method can be used to gain access to Tomcat
internals.
---
java/org/apache/catalina/loader/WebappClassLoaderBase.java | 7 ++-
webapps/docs/changelog.xml | 10 ++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 76a53b7..8746b6b 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -425,10 +425,15 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
// - Properties
/**
+ * Unused. Always returns {@code null}.
+ *
* @return associated resources.
+ *
+ * @deprecated This will be removed in Tomcat 10.1.x onwards
*/
+@Deprecated
public WebResourceRoot getResources() {
-return this.resources;
+return null;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6bdf4b6..f6b43e9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,16 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+ Effectively disable the
+ WebappClassLoaderBase.getResources() method as it is not
+ used and if something accidently exposes the class loader this method
+ can be used to gain access to Tomcat internals. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Security hardening. Deprecate getResources() and always return null.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 530108c Security hardening. Deprecate getResources() and always
return null.
530108c is described below
commit 530108cb568ba7bb51594d0ecfc2421db2e4bf53
Author: Mark Thomas
AuthorDate: Wed Mar 30 20:22:49 2022 +0100
Security hardening. Deprecate getResources() and always return null.
This method is never used by Tomcat. If something accidently exposes the
class loader then this method can be used to gain access to Tomcat
internals.
---
java/org/apache/catalina/loader/WebappClassLoaderBase.java | 7 ++-
webapps/docs/changelog.xml | 6 ++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 3d0ac44..e6d0707 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -431,10 +431,15 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
// - Properties
/**
+ * Unused. Always returns {@code null}.
+ *
* @return associated resources.
+ *
+ * @deprecated This will be removed in Tomcat 10.1.x onwards
*/
+@Deprecated
public WebResourceRoot getResources() {
-return this.resources;
+return null;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3c4c4d1..c9c2ab1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -116,6 +116,12 @@
Harden the CredentialHandler implementations by switching to a
constant-time implementation for credential comparisons.
(schultz/markt)
+
+ Effectively disable the
+ WebappClassLoaderBase.getResources() method as it is not
+ used and if something accidently exposes the class loader this method
+ can be used to gain access to Tomcat internals. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove deprecated code
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 03b0119 Remove deprecated code
03b0119 is described below
commit 03b01198fa6fa132be4b3528daa9b648c314a9dd
Author: Mark Thomas
AuthorDate: Wed Mar 30 20:27:10 2022 +0100
Remove deprecated code
---
java/org/apache/catalina/loader/WebappClassLoaderBase.java | 13 -
webapps/docs/changelog.xml | 7 +++
2 files changed, 3 insertions(+), 17 deletions(-)
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 0a0053e..c8b1ee4 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -428,19 +428,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
// - Properties
/**
- * Unused. Always returns {@code null}.
- *
- * @return associated resources.
- *
- * @deprecated This will be removed in Tomcat 10.1.x onwards
- */
-@Deprecated
-public WebResourceRoot getResources() {
-return null;
-}
-
-
-/**
* Set associated resources.
* @param resources the resources from which the classloader will
* load the classes
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 61180d2..cb82a40 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,10 +114,9 @@
String. This is a security hardening measure. (markt)
- Effectively disable the
- WebappClassLoaderBase.getResources() method as it is not
- used and if something accidently exposes the class loader this method
- can be used to gain access to Tomcat internals. (markt)
+ Remove the WebappClassLoaderBase.getResources() method as
+ it is not used and if something accidently exposes the class loader
+ this method can be used to gain access to Tomcat internals. (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection
https://bz.apache.org/bugzilla/show_bug.cgi?id=65736 --- Comment #12 from quaff --- > 1. Should we back-port this? If so, how far? Yes, back to 8.x. > 2. Do we want to expand conversion so if the setter is for Type T that we > can't convert and T has a constructor T(String) we use that constructor to > create an instance of T and then pass that to the setter? I think we should keep it as simple as possible, BeanFactory is not widely used AFAIK. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
