Support for OpenSSL 3.0 in TOMCAT
Dear Team, As per OpenSSL release strategy "Version 1.1.1 will be supported until 2023-09-11 (LTS)". Will tomcat extend the support for OpenSSL 1.1.1 on EL8 beyond this timeline or there any plan to update to OpenSSL 3.0 Thanks and Regards Sandeep Maurya Ph: +91-9971135213
RE: Support for OpenSSL 3.0 in TOMCAT
Dear Team, As per OpenSSL release strategy "Version 1.1.1 will be supported until 2023-09-11 (LTS)". Will tomcat extend the support for OpenSSL 1.1.1 on EL8 beyond this timeline or there any plan to update to OpenSSL 3.0 Thanks and Regards Sandeep Maurya Ph: +91-9971135213
Re: Support for OpenSSL 3.0 in TOMCAT
What makes you think Tomcat Native doesn't support OpenSSL 3.0? Mark On 22/11/2022 08:10, Sandeep 1. Maurya (EXT-NSB) wrote: Dear Team, As per OpenSSL release strategy "Version 1.1.1 will be supported until 2023-09-11 (LTS)". Will tomcat extend the support for OpenSSL 1.1.1 on EL8 beyond this timeline or there any plan to update to OpenSSL 3.0 Thanks and Regards Sandeep Maurya Ph: +91-9971135213 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: Support for OpenSSL 3.0 in TOMCAT
Hi, We are using Tomcat 9.0.65 currently in our product . Is OpenSSL 3.0 support is available in any releases of TOMCAT-9 series. Thanks and regards Sandeep Maurya Ph: +91-9971135213 -Original Message- From: Mark Thomas Sent: 22 November 2022 13:54 To: Tomcat Developers List Subject: Re: Support for OpenSSL 3.0 in TOMCAT What makes you think Tomcat Native doesn't support OpenSSL 3.0? Mark On 22/11/2022 08:10, Sandeep 1. Maurya (EXT-NSB) wrote: > Dear Team, > > > As per OpenSSL release strategy "Version 1.1.1 will be supported until > 2023-09-11 (LTS)". Will tomcat extend the support for OpenSSL 1.1.1 on > EL8 beyond this timeline or there any plan to update to OpenSSL 3.0 > > > > Thanks and Regards > > Sandeep Maurya > > Ph: +91-9971135213 > > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #10: Bump engine.io from 1.8.5 to 3.6.1
dependabot[bot] opened a new pull request, #10:
URL: https://github.com/apache/tomcat-training/pull/10
Bumps [engine.io](https://github.com/socketio/engine.io) from 1.8.5 to 3.6.1.
Release notes
Sourced from https://github.com/socketio/engine.io/releases";>engine.io's
releases.
3.6.1
:warning: This release contains an important security fix :warning:
A malicious client could send a specially crafted HTTP request,
triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
Please upgrade as soon as possible.
Bug Fixes
catch errors when destroying invalid upgrades (https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085";>83c4071)
3.6.0
Bug Fixes
add extension in the package.json main entry (https://github-redirect.dependabot.com/socketio/engine.io/issues/608";>#608)
(https://github.com/socketio/engine.io/commit/3ad0567dbd57cfb7c2ff4e8b7488d80f37022b4a";>3ad0567)
do not reset the ping timer after upgrade (https://github.com/socketio/engine.io/commit/1f5d4699862afee1e410fcb0e1f5e751ebcd2f9f";>1f5d469)
Features
decrease the default value of maxHttpBufferSize (https://github.com/socketio/engine.io/commit/58e274c437e9cbcf69fd913c813aad8fbd253703";>58e274c)
This change reduces the default value from 100 mb to a more sane 1 mb.
This helps protect the server against denial of service attacks by
malicious clients sending huge amounts of data.
See also: https://github.com/advisories/GHSA-j4f2-536g-r55m";>https://github.com/advisories/GHSA-j4f2-536g-r55m
increase the default value of pingTimeout (https://github.com/socketio/engine.io/commit/f55a79a28a5fbc6c9edae876dd11308b89cc979e";>f55a79a)
Links
Diff: https://github.com/socketio/engine.io/compare/3.5.0...3.6.0";>https://github.com/socketio/engine.io/compare/3.5.0...3.6.0
Client release: -
... (truncated)
Changelog
Sourced from https://github.com/socketio/engine.io/blob/main/CHANGELOG.md";>engine.io's
changelog.
https://github.com/socketio/engine.io/compare/3.6.0...3.6.1";>3.6.1
(2022-11-20)
:warning: This release contains an important security fix :warning:
A malicious client could send a specially crafted HTTP request,
triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
Please upgrade as soon as possible.
Bug Fixes
catch errors when destroying invalid upgrades (https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085";>83c4071)
https://github.com/socketio/engine.io/compare/6.2.0...6.2.1";>6.2.1
(2022-11-20)
:warning: This release contains an important security fix :warning:
A malicious client could send a specially crafted HTTP request,
triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
Please upgrade as soon as possible.
Bug Fixes
... (truncated)
Commits
https://github.com/socketio/engine.io/commit/67a3a8785900f77d8ad40c3c1eea8ee188c42d95";>67a3a87
chore(release): 3.6.1
https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085";>83c4071
fix: catch errors when destroying invalid upgrades
https://github.com/socketio/engine.io/commit/f62f26530cdb9c7bbfd295f3110cc2d911561fda";>f62f265
chore(release): 3.6.0
https://github.com/socketio/engine.io/commit/f55a79a28a5fbc6c9edae876dd11308b89cc979e";>f55a79a
feat: increase the default value of pingTimeout
https://github.com/socketio/engine.io/commit/1f5d4699862afee1e410fcb0e1f5e751ebcd2f9f";>1f5d469
fix: do not reset the ping timer after upgrade
https://github.com/socketio/engine.io/commit/3ad0567dbd57cfb7c2ff4e8b7488d80f37022b4a";>3ad0567
fix: add e
[tomcat-training] branch dependabot/npm_and_yarn/engine.io-3.6.1 created (now cd58809)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/npm_and_yarn/engine.io-3.6.1 in repository https://gitbox.apache.org/repos/asf/tomcat-training.git at cd58809 Bump engine.io from 1.8.5 to 3.6.1 No new revisions were added by this update. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat-training] dependabot[bot] commented on pull request #7: Bump engine.io from 1.8.5 to 3.6.0
dependabot[bot] commented on PR #7: URL: https://github.com/apache/tomcat-training/pull/7#issuecomment-1323316120 Superseded by #10. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat-training] dependabot[bot] closed pull request #7: Bump engine.io from 1.8.5 to 3.6.0
dependabot[bot] closed pull request #7: Bump engine.io from 1.8.5 to 3.6.0 URL: https://github.com/apache/tomcat-training/pull/7 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Support for OpenSSL 3.0 in TOMCAT
Please move this support question to the Tomcat Users mailing list. Mark On 22/11/2022 08:41, Sandeep 1. Maurya (EXT-NSB) wrote: Hi, We are using Tomcat 9.0.65 currently in our product . Is OpenSSL 3.0 support is available in any releases of TOMCAT-9 series. Thanks and regards Sandeep Maurya Ph: +91-9971135213 -Original Message- From: Mark Thomas Sent: 22 November 2022 13:54 To: Tomcat Developers List Subject: Re: Support for OpenSSL 3.0 in TOMCAT What makes you think Tomcat Native doesn't support OpenSSL 3.0? Mark On 22/11/2022 08:10, Sandeep 1. Maurya (EXT-NSB) wrote: Dear Team, As per OpenSSL release strategy "Version 1.1.1 will be supported until 2023-09-11 (LTS)". Will tomcat extend the support for OpenSSL 1.1.1 on EL8 beyond this timeline or there any plan to update to OpenSSL 3.0 Thanks and Regards Sandeep Maurya Ph: +91-9971135213 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66358] Need a way to close socket of the async request after it was committed
https://bz.apache.org/bugzilla/show_bug.cgi?id=66358 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #2 from Mark Thomas --- The Tomcat project does not define the Servlet API. That is the responsibility of the Jakarta Servlet project. There is an open enhancement request for this feature: https://github.com/jakartaee/servlet/issues/98 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
CDI and injection issues
Hi, Following a post on the user list, I have looked into CDI and injection processing in Tomcat standalone (or standalone extended by CDI) and found the following issues: a) metadata-complete is done wrong. The spec got retconned some time ago and metadata-complete only means Servlet spec defining metadata, such as @WebServlet (= the ones that require scanning all classes just in case). So in practice inside DefaultInstanceManager the ignoreAnnotations flag shouldn't be used at all and it should simply be removed. I am ok on only doing this in 11 ;) b) CDI is not intertwined with the DefaultInstanceManager. Basically as the user said, injections should be done *before* @PostConstruct, and it . There's a (minor) problem with the DefaultInstanceManager API, a method needs to be protected and then integrations will then be able to hack inside the DefaultInstanceManager. You can see this here in the OWB integration: https://github.com/apache/tomcat/blob/main/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansInstanceManager.java#L102 (basically, first call newInstance, because there's no other way, then inject, but newInstance will have already invoked @PostConstruct). To fix this, I plan to add an Injector interface to DefaultInstanceManager since this is pretty much the only way to do this cleanly in Tomcat standalone (taking over the whole DefaultInstanceManager is clearly not the best idea). The impact of fixing these for users should be non-existent: it is really a Tomcat standalone only thing impacting users with some very precise EE needs. A full EE integration will simply take over the whole annotation processing and instance manager from Tomcat, and hopefully do The Right Thing already. Although this is not super critical, I plan to address these issues in the OWB integration (after adding the needed API change in Tomcat's DefaultInstanceManager). Comments ? Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: CDI and injection issues
Hi Rémy, I put a few comments inline hoping it helps Le mar. 22 nov. 2022 à 16:11, Rémy Maucherat a écrit : > Hi, > > Following a post on the user list, I have looked into CDI and > injection processing in Tomcat standalone (or standalone extended by > CDI) and found the following issues: > > a) metadata-complete is done wrong. The spec got retconned some time > ago and metadata-complete only means Servlet spec defining metadata, > such as @WebServlet (= the ones that require scanning all classes just > in case). So in practice inside DefaultInstanceManager the > ignoreAnnotations flag shouldn't be used at all and it should simply > be removed. I am ok on only doing this in 11 ;) > > b) CDI is not intertwined with the DefaultInstanceManager. Basically > as the user said, injections should be done *before* @PostConstruct, > and it . There's a (minor) problem with the DefaultInstanceManager > API, a method needs to be protected and then integrations will then be > able to hack inside the DefaultInstanceManager. You can see this here > in the OWB integration: > > https://github.com/apache/tomcat/blob/main/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansInstanceManager.java#L102 > (basically, first call newInstance, because there's no other way, then > inject, but newInstance will have already invoked @PostConstruct). To > fix this, I plan to add an Injector interface to > DefaultInstanceManager since this is pretty much the only way to do > this cleanly in Tomcat standalone (taking over the whole > DefaultInstanceManager is clearly not the best idea). > Yeah, TomEE ([1]) had some hard time with JSP due to that and its re-implementation of the instantiation. Basically the idea was to implement it aside Tomcat default impl but for some classes it was not convenient enough. That said I have to admit I'm not sure it needs a new concept (injector) because basically it will copy the instance manager API (inject, release or something like that since it is not only about the inject phase so either you define the lifecycle or you store a Runnable you call at release time too - isnt the abstraction too complex then?). Another issue there is that newInstance assumes a "new" which means you can not use a CDI instance generally speaking, only a banalised instance which gets injections so it means you can just impl yourself a newInstance+whatever you want+postconstruct call (this is light actually). This is where setting ignoreAnnotations would be quite fancy in your own instance manager and wouldnt need any new API. That said, enabling to use a CDI instance would be way more powerful and is not against the spec - it is actually not specified AFAIK. Indeed it would need a toggle on the OWBIM of Tomcat integration but it would also open way more doors in terms of usage because your servlet (filter, ...) is now a CDI beans with a connection to its bus and interceptors. I know it can already be done by using a container initializer which gets beans injected and the instances directly passed to the addServlet() (instead of the class) but it would also be a very valuable addition to the module if the instantiation is reworked so I'm just mentionning it as an opportunity. [1] https://github.com/apache/tomee/blob/main/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/JavaeeInstanceManager.java > > The impact of fixing these for users should be non-existent: it is > really a Tomcat standalone only thing impacting users with some very > precise EE needs. A full EE integration will simply take over the > whole annotation processing and instance manager from Tomcat, and > hopefully do The Right Thing already. > > Although this is not super critical, I plan to address these issues in > the OWB integration (after adding the needed API change in Tomcat's > DefaultInstanceManager). > > Comments ? > > Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: CDI and injection issues
On Tue, Nov 22, 2022 at 4:30 PM Romain Manni-Bucau
wrote:
>
> Hi Rémy,
>
> I put a few comments inline hoping it helps
>
>
> Le mar. 22 nov. 2022 à 16:11, Rémy Maucherat a écrit :
>
> > Hi,
> >
> > Following a post on the user list, I have looked into CDI and
> > injection processing in Tomcat standalone (or standalone extended by
> > CDI) and found the following issues:
> >
> > a) metadata-complete is done wrong. The spec got retconned some time
> > ago and metadata-complete only means Servlet spec defining metadata,
> > such as @WebServlet (= the ones that require scanning all classes just
> > in case). So in practice inside DefaultInstanceManager the
> > ignoreAnnotations flag shouldn't be used at all and it should simply
> > be removed. I am ok on only doing this in 11 ;)
> >
> > b) CDI is not intertwined with the DefaultInstanceManager. Basically
> > as the user said, injections should be done *before* @PostConstruct,
> > and it . There's a (minor) problem with the DefaultInstanceManager
> > API, a method needs to be protected and then integrations will then be
> > able to hack inside the DefaultInstanceManager. You can see this here
> > in the OWB integration:
> >
> > https://github.com/apache/tomcat/blob/main/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansInstanceManager.java#L102
> > (basically, first call newInstance, because there's no other way, then
> > inject, but newInstance will have already invoked @PostConstruct). To
> > fix this, I plan to add an Injector interface to
> > DefaultInstanceManager since this is pretty much the only way to do
> > this cleanly in Tomcat standalone (taking over the whole
> > DefaultInstanceManager is clearly not the best idea).
> >
>
> Yeah, TomEE ([1]) had some hard time with JSP due to that and its
> re-implementation of the instantiation.
> Basically the idea was to implement it aside Tomcat default impl but for
> some classes it was not convenient enough.
> That said I have to admit I'm not sure it needs a new concept (injector)
> because basically it will copy the instance manager API (inject, release or
> something like that since it is not only about the inject phase so either
> you define the lifecycle or you store a Runnable you call at release time
> too - isnt the abstraction too complex then?).
For EE or some other similar embedded, the assumption was that
InstanceManager would be fully reimplemented. But this is more work
for a lighter weight integration, ok.
The change to add the API to DefaultInstanceManager would be:
--- a/java/org/apache/catalina/core/DefaultInstanceManager.java
+++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
@@ -109,6 +109,7 @@ public class DefaultInstanceManager implements
InstanceManager {
new ManagedConcurrentWeakHashMap<>();
private final Map postConstructMethods;
private final Map preDestroyMethods;
+private Injector injector = null;
public DefaultInstanceManager(Context context,
Map> injectionMap,
@@ -172,6 +173,9 @@ public class DefaultInstanceManager implements
InstanceManager {
Map injections =
assembleInjectionsFromClassHierarchy(clazz);
populateAnnotationsCache(clazz, injections);
processAnnotations(instance, injections);
+if (injector != null) {
+injector.inject(instance);
+}
postConstruct(instance, clazz);
}
return instance;
@@ -193,6 +197,9 @@ public class DefaultInstanceManager implements
InstanceManager {
@Override
public void destroyInstance(Object instance) throws IllegalAccessException,
InvocationTargetException {
+if (injector != null) {
+injector.destroy(instance);
+}
if (!ignoreAnnotations) {
preDestroy(instance, instance.getClass());
}
@@ -828,4 +835,16 @@ public class DefaultInstanceManager implements
InstanceManager {
return loadClass(className, classLoader);
}
}
+
+public void setInjector(Injector injector) {
+if (injector == null) {
+this.injector = injector;
+}
+}
+
+public interface Injector {
+void inject(Object instance);
+void destroy(Object instance);
+}
+
}
Simply allowing inject and destroy callbacks on the main
DefaultInstanceManager, which is what the OWBInstanceManager
integration does (except it cannot do it in the right order for
injection, which is what the user complained about).
> Another issue there is that newInstance assumes a "new" which means you can
> not use a CDI instance generally speaking, only a banalised instance which
> gets injections so it means you can just impl yourself a
> newInstance+whatever you want+postconstruct call (this is light actually).
> This is where setting ignoreAnnotations would be quite fancy in your own
> instance manager and wouldnt need any new API.
Here it clearly relies on the beha
Re: CDI and injection issues
Hmm, how is your injector different from an InstanceManager? (
https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/InstanceManager.java
)
Only by not having all `newInstance` flavors?
Will also need the backgroundProcess (cache cleanup, same as instance
manager) and similarly the calling context (new instance params), in
particular the classloader.
This is why I said it sounds more like a single API and more hooking the
default instance to enable what you want or just redo it is likely simpler
_on an API standpoint_.
Guess postConstruct() method as in TomEE impl - but using tomcat in place
method, just exposing it - can be sufficient and keep the API clean if you
don't want to reimpl anything.
About JSP hack, it is more general but hits mainly JSP: it is about tomcat
specific JNDI injections, the workaround and wiring used elsewhere for
beans didn't work properly for JSP. Guess you don't have this issue but
something making it easier to handle can also probably be welcomed by
consumers.
Le mar. 22 nov. 2022 à 17:26, Rémy Maucherat a écrit :
> On Tue, Nov 22, 2022 at 4:30 PM Romain Manni-Bucau
> wrote:
> >
> > Hi Rémy,
> >
> > I put a few comments inline hoping it helps
> >
> >
> > Le mar. 22 nov. 2022 à 16:11, Rémy Maucherat a écrit :
> >
> > > Hi,
> > >
> > > Following a post on the user list, I have looked into CDI and
> > > injection processing in Tomcat standalone (or standalone extended by
> > > CDI) and found the following issues:
> > >
> > > a) metadata-complete is done wrong. The spec got retconned some time
> > > ago and metadata-complete only means Servlet spec defining metadata,
> > > such as @WebServlet (= the ones that require scanning all classes just
> > > in case). So in practice inside DefaultInstanceManager the
> > > ignoreAnnotations flag shouldn't be used at all and it should simply
> > > be removed. I am ok on only doing this in 11 ;)
> > >
> > > b) CDI is not intertwined with the DefaultInstanceManager. Basically
> > > as the user said, injections should be done *before* @PostConstruct,
> > > and it . There's a (minor) problem with the DefaultInstanceManager
> > > API, a method needs to be protected and then integrations will then be
> > > able to hack inside the DefaultInstanceManager. You can see this here
> > > in the OWB integration:
> > >
> > >
> https://github.com/apache/tomcat/blob/main/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansInstanceManager.java#L102
> > > (basically, first call newInstance, because there's no other way, then
> > > inject, but newInstance will have already invoked @PostConstruct). To
> > > fix this, I plan to add an Injector interface to
> > > DefaultInstanceManager since this is pretty much the only way to do
> > > this cleanly in Tomcat standalone (taking over the whole
> > > DefaultInstanceManager is clearly not the best idea).
> > >
> >
> > Yeah, TomEE ([1]) had some hard time with JSP due to that and its
> > re-implementation of the instantiation.
> > Basically the idea was to implement it aside Tomcat default impl but for
> > some classes it was not convenient enough.
> > That said I have to admit I'm not sure it needs a new concept (injector)
> > because basically it will copy the instance manager API (inject, release
> or
> > something like that since it is not only about the inject phase so either
> > you define the lifecycle or you store a Runnable you call at release time
> > too - isnt the abstraction too complex then?).
>
> For EE or some other similar embedded, the assumption was that
> InstanceManager would be fully reimplemented. But this is more work
> for a lighter weight integration, ok.
>
> The change to add the API to DefaultInstanceManager would be:
> --- a/java/org/apache/catalina/core/DefaultInstanceManager.java
> +++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
> @@ -109,6 +109,7 @@ public class DefaultInstanceManager implements
> InstanceManager {
> new ManagedConcurrentWeakHashMap<>();
> private final Map postConstructMethods;
> private final Map preDestroyMethods;
> +private Injector injector = null;
>
> public DefaultInstanceManager(Context context,
> Map> injectionMap,
> @@ -172,6 +173,9 @@ public class DefaultInstanceManager implements
> InstanceManager {
> Map injections =
> assembleInjectionsFromClassHierarchy(clazz);
> populateAnnotationsCache(clazz, injections);
> processAnnotations(instance, injections);
> +if (injector != null) {
> +injector.inject(instance);
> +}
> postConstruct(instance, clazz);
> }
> return instance;
> @@ -193,6 +197,9 @@ public class DefaultInstanceManager implements
> InstanceManager {
> @Override
> public void destroyInstance(Object instance) throws
> IllegalAccessException,
> InvocationTargetException {
> +if (injector != null) {
> +injector
[tomcat] branch 8.5.x updated: Set release date for Tomcat 8.5.84
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 893cca6598 Set release date for Tomcat 8.5.84 893cca6598 is described below commit 893cca6598c68755a1b85a39216fad0dbd07bc42 Author: Christopher Schultz AuthorDate: Tue Nov 22 14:00:32 2022 -0500 Set release date for Tomcat 8.5.84 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 218df3261b..edff7a999b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -147,7 +147,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1905458 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-8.5-doc/ docs/tomcat-8.5-doc/annotationapi/ docs/tomcat-8.5-doc/annotationapi/javax/annotation/ docs/tomcat-8.5-doc/annotationapi/jav
Author: schultz Date: Tue Nov 22 19:01:34 2022 New Revision: 1905458 URL: http://svn.apache.org/viewvc?rev=1905458&view=rev Log: Update web site to include Tomcat 8.5.84 [This commit notification would consist of 135 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.5.84 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.84. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.84 is a bugfix and feature release. The notable changes compared to 8.5.83 include: - Fix concurrency issue in evaluation of expression language containing lambda expressions. - Correct the date format used with the expires attribute of HTTP cookies. A single space rather than a single dash should be used to separate the day, month and year components to be compliant with RFC 6265. - Update to Commons Daemon 1.3.2. Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html Downloads: https://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 7.x and 8.0: https://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf merged pull request #569: Refine native resources metadata
markt-asf merged PR #569: URL: https://github.com/apache/tomcat/pull/569 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Refine native resources metadata
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 73963de5c3 Refine native resources metadata
73963de5c3 is described below
commit 73963de5c33c19c2568d5b9dbbb44a8b0f9415c0
Author: Sébastien Deleuze
AuthorDate: Wed Nov 16 18:10:39 2022 +0100
Refine native resources metadata
This commit updates the native resources hints in order
to avoid classpath wide inclusion of resources.
It also removes from tomcat-embeded-core metadata 1.5M of
XSD and DTD servlet resources located in
jakarta/servlet/resources which now need to be configured
explicitly when needed.
---
modules/stuffed/tomcat-resource.json | 12
.../tomcat-embed-core/native-image/tomcat-resource.json | 9 +
res/graal/tomcat-embed-el/native-image/tomcat-resource.json | 6 --
.../tomcat-embed-jasper/native-image/tomcat-resource.json| 6 ++
.../native-image/tomcat-resource.json| 11 +--
.../tomcat-embed-websocket/native-image/tomcat-resource.json | 6 --
6 files changed, 16 insertions(+), 34 deletions(-)
diff --git a/modules/stuffed/tomcat-resource.json
b/modules/stuffed/tomcat-resource.json
index 96746e77b4..0c41918d60 100644
--- a/modules/stuffed/tomcat-resource.json
+++ b/modules/stuffed/tomcat-resource.json
@@ -73,9 +73,13 @@
{"name":"org.apache.tomcat.websocket.server.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^jakarta/servlet/resources/.*"},
+{"pattern":"^org/apache/tomcat/.*\\.dtd$"},
+{"pattern":"^org/apache/jasper/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^jakarta/servlet/jsp/resources/.*"}
]
}
diff --git a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
index e356bab9fb..f10d8f2785 100644
--- a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
@@ -48,9 +48,10 @@
{"name":"org.apache.tomcat.util.threads.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^org/apache/tomcat/.*\\.dtd$"}
]
}
diff --git a/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
index 82e41a96f0..e94292424a 100644
--- a/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
@@ -2,11 +2,5 @@
"bundles":[
{"name":"jakarta.el.LocalStrings"},
{"name":"org.apache.el.LocalStrings"}
- ],
- "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
]
}
diff --git a/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
index f8c661e6d8..fa339f838c 100644
--- a/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
@@ -3,9 +3,7 @@
{"name":"org.apache.jasper.resources.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/jasper/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^jakarta/servlet/jsp/resources/.*"}
]
}
diff --git
a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
index b084fa0b7a..ea7243d531 100644
--- a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
@@ -37,15 +37,6 @@
{"name":"org.apache.tomcat.util.threads.LocalStrings"}
],
"resources":[
-{"pattern":".*/Authenticators.properties$"},
-{"pattern":".*/MimeTypeMappings.properties$"},
-{"pattern":".*/catalina.pr
[tomcat] branch 10.1.x updated: Update change log
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 9c794c95a3 Update change log 9c794c95a3 is described below commit 9c794c95a310787b6a56c98e4c66fbcedc9420e3 Author: Mark Thomas AuthorDate: Tue Nov 22 19:46:36 2022 + Update change log --- webapps/docs/changelog.xml | 5 + 1 file changed, 5 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index a140055a53..bbf91d02ba 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -156,6 +156,11 @@ deprecated in Java 20 onwards, the reasons for deprecation are valid for all versions so move away from them now. (markt) + +Refine the Tomcat native image metadata to avoid including unintended +non-Tomcat resources. Pull request 569 provided by Sébastien +Deleuze. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Refine native resources metadata
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new eb69ef8402 Refine native resources metadata
eb69ef8402 is described below
commit eb69ef8402868a66ba7174ccd3d7adf90b1a4d4e
Author: Sébastien Deleuze
AuthorDate: Wed Nov 16 18:10:39 2022 +0100
Refine native resources metadata
This commit updates the native resources hints in order
to avoid classpath wide inclusion of resources.
It also removes from tomcat-embeded-core metadata 1.5M of
XSD and DTD servlet resources located in
jakarta/servlet/resources which now need to be configured
explicitly when needed.
---
modules/stuffed/tomcat-resource.json | 12
.../tomcat-embed-core/native-image/tomcat-resource.json | 9 +
res/graal/tomcat-embed-el/native-image/tomcat-resource.json | 6 --
.../tomcat-embed-jasper/native-image/tomcat-resource.json| 6 ++
.../native-image/tomcat-resource.json| 11 +--
.../tomcat-embed-websocket/native-image/tomcat-resource.json | 6 --
webapps/docs/changelog.xml | 5 +
7 files changed, 21 insertions(+), 34 deletions(-)
diff --git a/modules/stuffed/tomcat-resource.json
b/modules/stuffed/tomcat-resource.json
index 96746e77b4..0c41918d60 100644
--- a/modules/stuffed/tomcat-resource.json
+++ b/modules/stuffed/tomcat-resource.json
@@ -73,9 +73,13 @@
{"name":"org.apache.tomcat.websocket.server.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^jakarta/servlet/resources/.*"},
+{"pattern":"^org/apache/tomcat/.*\\.dtd$"},
+{"pattern":"^org/apache/jasper/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^jakarta/servlet/jsp/resources/.*"}
]
}
diff --git a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
index e356bab9fb..f10d8f2785 100644
--- a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
@@ -48,9 +48,10 @@
{"name":"org.apache.tomcat.util.threads.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^org/apache/tomcat/.*\\.dtd$"}
]
}
diff --git a/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
index 82e41a96f0..e94292424a 100644
--- a/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
@@ -2,11 +2,5 @@
"bundles":[
{"name":"jakarta.el.LocalStrings"},
{"name":"org.apache.el.LocalStrings"}
- ],
- "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
]
}
diff --git a/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
index f8c661e6d8..fa339f838c 100644
--- a/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
@@ -3,9 +3,7 @@
{"name":"org.apache.jasper.resources.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/jasper/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^jakarta/servlet/jsp/resources/.*"}
]
}
diff --git
a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
index b084fa0b7a..ea7243d531 100644
--- a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
@@ -37,15 +37,6 @@
{"name":"org.apache.tomcat.util.threads.LocalStrings"}
],
"resources":[
-{"pattern":".*/Authenticators.properties$"},
-{"pattern
[tomcat] branch 9.0.x updated: Refine native resources metadata
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 97b552c3e6 Refine native resources metadata
97b552c3e6 is described below
commit 97b552c3e6f27382e59353458835e0c011f4d099
Author: Sébastien Deleuze
AuthorDate: Wed Nov 16 18:10:39 2022 +0100
Refine native resources metadata
This commit updates the native resources hints in order
to avoid classpath wide inclusion of resources.
It also removes from tomcat-embeded-core metadata 1.5M of
XSD and DTD servlet resources located in
jakarta/servlet/resources which now need to be configured
explicitly when needed.
---
res/graal/tomcat-embed-core/native-image/tomcat-resource.json | 9 +
res/graal/tomcat-embed-el/native-image/tomcat-resource.json | 6 --
.../tomcat-embed-jasper/native-image/tomcat-resource.json | 6 ++
.../native-image/tomcat-resource.json | 11 +--
.../tomcat-embed-websocket/native-image/tomcat-resource.json | 6 --
5 files changed, 8 insertions(+), 30 deletions(-)
diff --git a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
index e23572b6e8..2496b48534 100644
--- a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json
@@ -48,9 +48,10 @@
{"name":"org.apache.tomcat.util.threads.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^org/apache/tomcat/.*\\.dtd$"}
]
}
diff --git a/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
index 645ff26c17..51f3b30450 100644
--- a/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-el/native-image/tomcat-resource.json
@@ -2,11 +2,5 @@
"bundles":[
{"name":"javax.el.LocalStrings"},
{"name":"org.apache.el.Messages"}
- ],
- "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
]
}
diff --git a/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
index f8c661e6d8..fa339f838c 100644
--- a/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-jasper/native-image/tomcat-resource.json
@@ -3,9 +3,7 @@
{"name":"org.apache.jasper.resources.LocalStrings"}
],
"resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/jasper/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^jakarta/servlet/jsp/resources/.*"}
]
}
diff --git
a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
index 135d134f92..d318043936 100644
--- a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json
@@ -37,15 +37,6 @@
{"name":"org.apache.tomcat.util.threads.LocalStrings"}
],
"resources":[
-{"pattern":".*/Authenticators.properties$"},
-{"pattern":".*/MimeTypeMappings.properties$"},
-{"pattern":".*/catalina.properties$"},
-{"pattern":".*/CharsetMapperDefault.properties$"},
-{"pattern":".*/ServerInfo.properties$"},
-{"pattern":".*/RestrictedServlets.properties$"},
-{"pattern":".*/RestrictedListeners.properties$"},
-{"pattern":".*/RestrictedFilters.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/catalina/.*\\.properties$"}
]
}
diff --git a/res/graal/tomcat-embed-websocket/native-image/tomcat-resource.json
b/res/graal/tomcat-embed-websocket/native-image/tomcat-resource.json
index 60570692fc..b158949a9e 100644
--- a/res/graal/tomcat-embed-websocket/native-image/tomcat-resource.json
+++ b/res/graal/tomcat-embed-websocket/native-image/tomcat-resource.json
@@ -3,11 +3,5 @@
{"name":"org.apache.tomcat.websocket.LocalStrings"},
{"name":"org.apache.tomcat.websocket.pojo.LocalStrings"},
{"name":"org.apache.tomcat.websocket.server.LocalStrings"}
- ],
- "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.proper
