[Bug 66406] JULI ClassLoaderLogManager creates multiple loggers named ""
https://bz.apache.org/bugzilla/show_bug.cgi?id=66406 Piotr P. Karwasz changed: What|Removed |Added OS||All --- Comment #1 from Piotr P. Karwasz --- I believe that this behavior is dictated by the lack of support in JUL for logger contexts, which forces Tomcat to use several hacks and tricks. However, I have to partially agree with this report. The way Tomcat JULI deals with `Handler` sharing between applications is inconsistent. If an application does not have a `logging.properties` file (very common case): * the root logger of an application has the global root logger as parent and `useParentHandlers` set to true. This way it delegates all logging to the global root logger handlers, * all other loggers copy the references to global handlers as their own. I believe that this architecture can be simplified and remove the need for a parent of the root logger. I'll try to submit a PR for it. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/03: Update package renamed fork of Commons Codec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e529969d152c9ffa17226ee3cd1225b471cb0d59
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:41:45 2023 +
Update package renamed fork of Commons Codec
---
MERGE.txt| 4 ++--
java/org/apache/tomcat/util/codec/binary/BaseNCodec.java | 5 +++--
webapps/docs/changelog.xml | 6 +-
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index de8e38d901..5673ec8d95 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -37,7 +37,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/bcel
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-2ee2bff580c7138545377628074173412c27290c (2023-01-02)
+2ee2bff580c7138545377628074173412c27290c (2023-01-03)
Codec
-
@@ -45,7 +45,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-ae32a3f2fa6b722b8ad67bd125a52edb78932314 (2022-11-29)
+f03cbd3ba741758ead9f59bc07e6688a739a4813 (2023-01-03)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 09e647ff97..0bfcf7312a 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -16,6 +16,8 @@
*/
package org.apache.tomcat.util.codec.binary;
+import java.util.Arrays;
+
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.res.StringManager;
@@ -206,8 +208,7 @@ public abstract class BaseNCodec {
newCapacity = createPositiveCapacity(minCapacity);
}
-final byte[] b = new byte[newCapacity];
-System.arraycopy(context.buffer, 0, b, 0, context.buffer.length);
+final byte[] b = Arrays.copyOf(context.buffer, newCapacity);
context.buffer = b;
return b;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bed020552d..b80ff1a41d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -164,9 +164,13 @@
Jakarta EE to 1.0.6. (markt)
-Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-02,
+Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03,
6.7.1-SNAPSHOT). (markt)
+
+Update the internal fork of Apache Commons Codec to 3eafd6c
(2023-01-03,
+1.16-SNAPSHOT). (markt)
+
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/03: Update packaged renamed fork of Commons File Upload
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 063e2e81ede50c287f737cc8e2915ce7217e886e
Author: Mark Thomas
AuthorDate: Tue Dec 13 17:55:34 2022 +
Update packaged renamed fork of Commons File Upload
---
MERGE.txt | 2 +-
java/org/apache/catalina/connector/Request.java| 10 -
java/org/apache/tomcat/util/http/Parameters.java | 5 +++
.../util/http/fileupload/FileUploadBase.java | 29 +
.../impl/FileCountLimitExceededException.java | 50 ++
webapps/docs/changelog.xml | 4 ++
webapps/docs/config/ajp.xml| 15 ---
webapps/docs/config/http.xml | 15 ---
8 files changed, 116 insertions(+), 14 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 8c1ed33662..41646180c2 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -54,7 +54,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/commons/fileupload2
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-aa8eff6f04c939fd99834360415b1ddb2f637cb1 (2022-11-29)
+34eb241c051b02eca3b0b1b04f67b3b4e6c3a24d (2023-02-03)
Note: Tomcat's copy of fileupload also includes classes copied manually from
Commons IO.
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index ecfc7aaa16..340d775b15 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2816,8 +2816,9 @@ public class Request implements HttpServletRequest {
}
}
+int maxParameterCount = getConnector().getMaxParameterCount();
Parameters parameters = coyoteRequest.getParameters();
-parameters.setLimit(getConnector().getMaxParameterCount());
+parameters.setLimit(maxParameterCount);
boolean success = false;
try {
@@ -2869,6 +2870,13 @@ public class Request implements HttpServletRequest {
upload.setFileItemFactory(factory);
upload.setFileSizeMax(mce.getMaxFileSize());
upload.setSizeMax(mce.getMaxRequestSize());
+if (maxParameterCount > -1) {
+// There is a limit. The limit for parts needs to be reduced by
+// the number of parameters we have already parsed.
+// Must be under the limit else parsing parameters would have
+// triggered an exception.
+upload.setFileCountMax(maxParameterCount - parameters.size());
+}
parts = new ArrayList<>();
try {
diff --git a/java/org/apache/tomcat/util/http/Parameters.java
b/java/org/apache/tomcat/util/http/Parameters.java
index ce765374e7..d233190ddb 100644
--- a/java/org/apache/tomcat/util/http/Parameters.java
+++ b/java/org/apache/tomcat/util/http/Parameters.java
@@ -125,6 +125,11 @@ public final class Parameters {
}
+public int size() {
+return parameterCount;
+}
+
+
public void recycle() {
parameterCount = 0;
paramHashValues.clear();
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
index acc4aa307f..d527313723 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
@@ -24,6 +24,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Objects;
+import
org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException;
import org.apache.tomcat.util.http.fileupload.impl.FileItemIteratorImpl;
import org.apache.tomcat.util.http.fileupload.impl.FileUploadIOException;
import org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException;
@@ -103,6 +104,12 @@ public abstract class FileUploadBase {
*/
private long fileSizeMax = -1;
+/**
+ * The maximum permitted number of files that may be uploaded in a single
+ * request. A value of -1 indicates no maximum.
+ */
+private long fileCountMax = -1;
+
/**
* The content encoding to use when reading part headers.
*/
@@ -179,6 +186,24 @@ public abstract class FileUploadBase {
this.fileSizeMax = fileSizeMax;
}
+/**
+ * Returns the maximum number of files allowed in a single request.
+ *
+ * @return The maximum number of files allowed in a single request.
+ */
+public long getFileCountMax() {
+return fileCountMax;
+}
+
+/**
+ * Sets the maximum number of files allowed per request/
+ *
+ * @param fileCountMax The new limit. {@code -1} means no limit.
+ */
+public void setFileCountMax(long fileCountMax) {
+this.fileCountMax = fileCountMax;
+}
+
/**
[tomcat] 02/03: Update package renamed fork of Commons BCEL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a6fed7ace3ac90919f598a6eb2bfa4d95e54f61f
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:28:02 2023 +
Update package renamed fork of Commons BCEL
---
MERGE.txt | 2 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +++---
webapps/docs/changelog.xml | 4
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 41646180c2..de8e38d901 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -37,7 +37,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/bcel
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-b015e90257850e810e57d1244664300f50de4a4c (2022-11-28)
+2ee2bff580c7138545377628074173412c27290c (2023-01-02)
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
index 468314f097..a9639e0be4 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
@@ -44,6 +44,7 @@ public class ConstantPool {
constantPool = new Constant[constantPoolCount];
/*
* constantPool[0] is unused by the compiler and may be used freely by
the implementation.
+ * constantPool[0] is currently unused by the implementation.
*/
for (int i = 1; i < constantPoolCount; i++) {
constantPool[i] = Constant.readConstant(input);
@@ -105,22 +106,25 @@ public class ConstantPool {
* @throws ClassFormatException if index is invalid
*/
public T getConstant(final int index, final Class
castTo) throws ClassFormatException {
-if (index >= constantPool.length || index < 0) {
+if (index >= constantPool.length || index < 1) {
throw new ClassFormatException("Invalid constant pool reference
using index: " + index + ". Constant pool size is: " + constantPool.length);
}
if (constantPool[index] != null &&
!castTo.isAssignableFrom(constantPool[index].getClass())) {
throw new ClassFormatException("Invalid constant pool reference at
index: " + index +
". Expected " + castTo + " but was " +
constantPool[index].getClass());
}
-// Previous check ensures this won't throw a ClassCastException
-final T c = castTo.cast(constantPool[index]);
-// the 0th element is always null
-if (c == null && index != 0) {
+if (index > 1) {
final Constant prev = constantPool[index - 1];
-if (prev == null || prev.getTag() != Const.CONSTANT_Double &&
prev.getTag() != Const.CONSTANT_Long) {
-throw new ClassFormatException("Constant pool at index " +
index + " is null.");
+if (prev != null && (prev.getTag() == Const.CONSTANT_Double ||
prev.getTag() == Const.CONSTANT_Long)) {
+throw new ClassFormatException("Constant pool at index " +
index + " is invalid. The index is unused due to the preceeding "
++ Const.getConstantName(prev.getTag()) + ".");
}
}
+// Previous check ensures this won't throw a ClassCastException
+final T c = castTo.cast(constantPool[index]);
+if (c == null) {
+throw new ClassFormatException("Constant pool at index " + index +
" is null.");
+}
return c;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 43facab6e9..bed020552d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -163,6 +163,10 @@
Update the packaged version of the Apache Tomcat Migration Tool for
Jakarta EE to 1.0.6. (markt)
+
+Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-02,
+6.7.1-SNAPSHOT). (markt)
+
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (b364efe99e -> e529969d15)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from b364efe99e Fix BZ 63390 - Fix test on Solaris.
new 063e2e81ed Update packaged renamed fork of Commons File Upload
new a6fed7ace3 Update package renamed fork of Commons BCEL
new e529969d15 Update package renamed fork of Commons Codec
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
MERGE.txt | 6 ++--
java/org/apache/catalina/connector/Request.java| 10 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +++
.../tomcat/util/codec/binary/BaseNCodec.java | 5 +--
java/org/apache/tomcat/util/http/Parameters.java | 5 +++
.../util/http/fileupload/FileUploadBase.java | 29 +
...n.java => FileCountLimitExceededException.java} | 37 +-
webapps/docs/changelog.xml | 12 +++
webapps/docs/config/ajp.xml| 15 +
webapps/docs/config/http.xml | 15 +
10 files changed, 112 insertions(+), 40 deletions(-)
copy
java/org/apache/tomcat/util/http/fileupload/impl/{SizeLimitExceededException.java
=> FileCountLimitExceededException.java} (54%)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Missed file
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new f03f5adb9c Missed file
f03f5adb9c is described below
commit f03f5adb9cbe7a127e9b6794bb4a2ee43bb2d57b
Author: Mark Thomas
AuthorDate: Tue Jan 3 14:44:57 2023 +
Missed file
---
.../tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java
b/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java
index 0b5819ec3b..b3feafe0e7 100644
---
a/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java
+++
b/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java
@@ -20,7 +20,7 @@ import javax.naming.RefAddr;
import javax.naming.Reference;
/**
- * A JNDI ObjectFactory which creates SharedPoolDataSources
+ * A JNDI ObjectFactory which creates {@code SharedPoolDataSource}s
*
* @since 2.0
*/
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/04: Update packaged renamed fork of Commons File Upload
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 8a2285f13affa961cc65595aad999db5efae45ce
Author: Mark Thomas
AuthorDate: Tue Dec 13 17:55:34 2022 +
Update packaged renamed fork of Commons File Upload
---
MERGE.txt | 2 +-
java/org/apache/catalina/connector/Request.java| 10 -
java/org/apache/tomcat/util/http/Parameters.java | 5 +++
.../util/http/fileupload/FileUploadBase.java | 29 +
.../impl/FileCountLimitExceededException.java | 50 ++
webapps/docs/changelog.xml | 4 ++
webapps/docs/config/ajp.xml| 15 ---
webapps/docs/config/http.xml | 15 ---
8 files changed, 116 insertions(+), 14 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 8c1ed33662..41646180c2 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -54,7 +54,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/commons/fileupload2
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-aa8eff6f04c939fd99834360415b1ddb2f637cb1 (2022-11-29)
+34eb241c051b02eca3b0b1b04f67b3b4e6c3a24d (2023-02-03)
Note: Tomcat's copy of fileupload also includes classes copied manually from
Commons IO.
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index ecfc7aaa16..340d775b15 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2816,8 +2816,9 @@ public class Request implements HttpServletRequest {
}
}
+int maxParameterCount = getConnector().getMaxParameterCount();
Parameters parameters = coyoteRequest.getParameters();
-parameters.setLimit(getConnector().getMaxParameterCount());
+parameters.setLimit(maxParameterCount);
boolean success = false;
try {
@@ -2869,6 +2870,13 @@ public class Request implements HttpServletRequest {
upload.setFileItemFactory(factory);
upload.setFileSizeMax(mce.getMaxFileSize());
upload.setSizeMax(mce.getMaxRequestSize());
+if (maxParameterCount > -1) {
+// There is a limit. The limit for parts needs to be reduced by
+// the number of parameters we have already parsed.
+// Must be under the limit else parsing parameters would have
+// triggered an exception.
+upload.setFileCountMax(maxParameterCount - parameters.size());
+}
parts = new ArrayList<>();
try {
diff --git a/java/org/apache/tomcat/util/http/Parameters.java
b/java/org/apache/tomcat/util/http/Parameters.java
index ce765374e7..d233190ddb 100644
--- a/java/org/apache/tomcat/util/http/Parameters.java
+++ b/java/org/apache/tomcat/util/http/Parameters.java
@@ -125,6 +125,11 @@ public final class Parameters {
}
+public int size() {
+return parameterCount;
+}
+
+
public void recycle() {
parameterCount = 0;
paramHashValues.clear();
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
index acc4aa307f..d527313723 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
@@ -24,6 +24,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Objects;
+import
org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException;
import org.apache.tomcat.util.http.fileupload.impl.FileItemIteratorImpl;
import org.apache.tomcat.util.http.fileupload.impl.FileUploadIOException;
import org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException;
@@ -103,6 +104,12 @@ public abstract class FileUploadBase {
*/
private long fileSizeMax = -1;
+/**
+ * The maximum permitted number of files that may be uploaded in a single
+ * request. A value of -1 indicates no maximum.
+ */
+private long fileCountMax = -1;
+
/**
* The content encoding to use when reading part headers.
*/
@@ -179,6 +186,24 @@ public abstract class FileUploadBase {
this.fileSizeMax = fileSizeMax;
}
+/**
+ * Returns the maximum number of files allowed in a single request.
+ *
+ * @return The maximum number of files allowed in a single request.
+ */
+public long getFileCountMax() {
+return fileCountMax;
+}
+
+/**
+ * Sets the maximum number of files allowed per request/
+ *
+ * @param fileCountMax The new limit. {@code -1} means no limit.
+ */
+public void setFileCountMax(long fileCountMax) {
+this.fileCountMax = fileCountMax;
+}
+
/**
[tomcat] 02/04: Update package renamed fork of Commons BCEL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3c0a637594f8ba5f99c1078c27319268ab4c9860
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:28:02 2023 +
Update package renamed fork of Commons BCEL
---
MERGE.txt | 2 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +++---
webapps/docs/changelog.xml | 4
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 41646180c2..de8e38d901 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -37,7 +37,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/bcel
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-b015e90257850e810e57d1244664300f50de4a4c (2022-11-28)
+2ee2bff580c7138545377628074173412c27290c (2023-01-02)
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
index 468314f097..a9639e0be4 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
@@ -44,6 +44,7 @@ public class ConstantPool {
constantPool = new Constant[constantPoolCount];
/*
* constantPool[0] is unused by the compiler and may be used freely by
the implementation.
+ * constantPool[0] is currently unused by the implementation.
*/
for (int i = 1; i < constantPoolCount; i++) {
constantPool[i] = Constant.readConstant(input);
@@ -105,22 +106,25 @@ public class ConstantPool {
* @throws ClassFormatException if index is invalid
*/
public T getConstant(final int index, final Class
castTo) throws ClassFormatException {
-if (index >= constantPool.length || index < 0) {
+if (index >= constantPool.length || index < 1) {
throw new ClassFormatException("Invalid constant pool reference
using index: " + index + ". Constant pool size is: " + constantPool.length);
}
if (constantPool[index] != null &&
!castTo.isAssignableFrom(constantPool[index].getClass())) {
throw new ClassFormatException("Invalid constant pool reference at
index: " + index +
". Expected " + castTo + " but was " +
constantPool[index].getClass());
}
-// Previous check ensures this won't throw a ClassCastException
-final T c = castTo.cast(constantPool[index]);
-// the 0th element is always null
-if (c == null && index != 0) {
+if (index > 1) {
final Constant prev = constantPool[index - 1];
-if (prev == null || prev.getTag() != Const.CONSTANT_Double &&
prev.getTag() != Const.CONSTANT_Long) {
-throw new ClassFormatException("Constant pool at index " +
index + " is null.");
+if (prev != null && (prev.getTag() == Const.CONSTANT_Double ||
prev.getTag() == Const.CONSTANT_Long)) {
+throw new ClassFormatException("Constant pool at index " +
index + " is invalid. The index is unused due to the preceeding "
++ Const.getConstantName(prev.getTag()) + ".");
}
}
+// Previous check ensures this won't throw a ClassCastException
+final T c = castTo.cast(constantPool[index]);
+if (c == null) {
+throw new ClassFormatException("Constant pool at index " + index +
" is null.");
+}
return c;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9369ae0221..43cc1364aa 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -146,6 +146,10 @@
Update the packaged version of the Apache Tomcat Migration Tool for
Jakarta EE to 1.0.6. (markt)
+
+Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-02,
+6.7.1-SNAPSHOT). (markt)
+
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated (7d2a6333d7 -> 474f8c942b)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 7d2a6333d7 Fix BZ 63390 - Fix test on Solaris.
new 8a2285f13a Update packaged renamed fork of Commons File Upload
new 3c0a637594 Update package renamed fork of Commons BCEL
new 82ccef2290 Update package renamed fork of Commons Codec
new 474f8c942b Update package renamed fork of Commons DBCP
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
MERGE.txt | 8 +-
java/org/apache/catalina/connector/Request.java| 10 +-
.../apache/tomcat/dbcp/dbcp2/AbandonedTrace.java | 25 +-
.../apache/tomcat/dbcp/dbcp2/BasicDataSource.java | 355 --
.../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java | 78 ++-
.../dbcp/dbcp2/ConnectionFactoryFactory.java | 8 +-
.../dbcp/dbcp2/DataSourceConnectionFactory.java| 2 +-
.../tomcat/dbcp/dbcp2/DelegatingConnection.java| 43 +-
.../dbcp/dbcp2/DelegatingPreparedStatement.java| 23 +
.../tomcat/dbcp/dbcp2/DelegatingStatement.java | 35 +-
.../apache/tomcat/dbcp/dbcp2/DriverFactory.java| 2 +-
.../dbcp/dbcp2/DriverManagerConnectionFactory.java | 8 +-
.../org/apache/tomcat/dbcp/dbcp2/Jdbc41Bridge.java | 4 +-
.../dbcp/dbcp2/LifetimeExceededException.java | 15 +-
.../tomcat/dbcp/dbcp2/LocalStrings.properties | 2 +-
.../tomcat/dbcp/dbcp2/ObjectNameWrapper.java | 2 +-
java/org/apache/tomcat/dbcp/dbcp2/PStmtKey.java| 758 +++--
.../dbcp/dbcp2/PoolableCallableStatement.java | 33 +-
.../tomcat/dbcp/dbcp2/PoolableConnection.java | 14 +-
.../dbcp/dbcp2/PoolableConnectionFactory.java | 58 +-
.../dbcp/dbcp2/PoolableConnectionMXBean.java | 5 +-
.../dbcp/dbcp2/PoolablePreparedStatement.java | 33 +-
.../tomcat/dbcp/dbcp2/PoolingConnection.java | 66 +-
.../apache/tomcat/dbcp/dbcp2/PoolingDriver.java| 13 +-
java/org/apache/tomcat/dbcp/dbcp2/Utils.java | 61 +-
.../dbcp/dbcp2/cpdsadapter/ConnectionImpl.java | 60 +-
.../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java | 63 +-
.../dbcp/dbcp2/cpdsadapter/PStmtKeyCPDS.java | 22 +-
.../dbcp2/cpdsadapter/PooledConnectionImpl.java| 165 ++---
.../dbcp/dbcp2/cpdsadapter/package-info.java | 4 +-
.../dbcp2/datasources/CPDSConnectionFactory.java | 31 +-
.../tomcat/dbcp/dbcp2/datasources/CharArray.java | 14 +-
.../dbcp2/datasources/InstanceKeyDataSource.java | 39 +-
.../datasources/InstanceKeyDataSourceFactory.java | 26 +-
.../datasources/KeyedCPDSConnectionFactory.java| 26 +-
.../dbcp2/datasources/PerUserPoolDataSource.java | 294 +++-
.../datasources/PerUserPoolDataSourceFactory.java | 2 +-
.../tomcat/dbcp/dbcp2/datasources/PoolKey.java | 2 +-
.../dbcp2/datasources/PooledConnectionManager.java | 20 +-
.../dbcp2/datasources/SharedPoolDataSource.java| 10 +-
.../datasources/SharedPoolDataSourceFactory.java | 2 +-
.../tomcat/dbcp/dbcp2/datasources/UserPassKey.java | 2 +-
.../dbcp/dbcp2/datasources/package-info.java | 18 +-
.../managed/DataSourceXAConnectionFactory.java | 50 +-
.../dbcp2/managed/LocalXAConnectionFactory.java| 34 +-
.../dbcp/dbcp2/managed/ManagedConnection.java | 8 +-
.../dbcp/dbcp2/managed/ManagedDataSource.java | 2 +-
.../managed/PoolableManagedConnectionFactory.java | 5 +-
.../dbcp/dbcp2/managed/SynchronizationAdapter.java | 18 +-
.../dbcp/dbcp2/managed/TransactionContext.java | 18 +-
.../dbcp/dbcp2/managed/TransactionRegistry.java| 13 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +-
.../tomcat/util/codec/binary/BaseNCodec.java | 5 +-
java/org/apache/tomcat/util/http/Parameters.java | 5 +
.../util/http/fileupload/FileUploadBase.java | 29 +
...n.java => FileCountLimitExceededException.java} | 37 +-
webapps/docs/changelog.xml | 16 +
webapps/docs/config/ajp.xml| 15 +-
webapps/docs/config/http.xml | 15 +-
59 files changed, 1156 insertions(+), 1593 deletions(-)
copy test/org/apache/el/TesterBeanAA.java =>
java/org/apache/tomcat/dbcp/dbcp2/managed/SynchronizationAdapter.java (71%)
copy
java/org/apache/tomcat/util/http/fileupload/impl/{SizeLimitExceededException.java
=> FileCountLimitExceededException.java} (54%)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/04: Update package renamed fork of Commons Codec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 82ccef22901452aa264870f61df9c1e73cc16ab9
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:41:45 2023 +
Update package renamed fork of Commons Codec
---
MERGE.txt| 4 ++--
java/org/apache/tomcat/util/codec/binary/BaseNCodec.java | 5 +++--
webapps/docs/changelog.xml | 6 +-
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index de8e38d901..5673ec8d95 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -37,7 +37,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/bcel
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-2ee2bff580c7138545377628074173412c27290c (2023-01-02)
+2ee2bff580c7138545377628074173412c27290c (2023-01-03)
Codec
-
@@ -45,7 +45,7 @@ Unused code is removed
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-ae32a3f2fa6b722b8ad67bd125a52edb78932314 (2022-11-29)
+f03cbd3ba741758ead9f59bc07e6688a739a4813 (2023-01-03)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 09e647ff97..0bfcf7312a 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -16,6 +16,8 @@
*/
package org.apache.tomcat.util.codec.binary;
+import java.util.Arrays;
+
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.res.StringManager;
@@ -206,8 +208,7 @@ public abstract class BaseNCodec {
newCapacity = createPositiveCapacity(minCapacity);
}
-final byte[] b = new byte[newCapacity];
-System.arraycopy(context.buffer, 0, b, 0, context.buffer.length);
+final byte[] b = Arrays.copyOf(context.buffer, newCapacity);
context.buffer = b;
return b;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 43cc1364aa..34e7d3ec84 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -147,9 +147,13 @@
Jakarta EE to 1.0.6. (markt)
-Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-02,
+Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03,
6.7.1-SNAPSHOT). (markt)
+
+Update the internal fork of Apache Commons Codec to 3eafd6c
(2023-01-03,
+1.16-SNAPSHOT). (markt)
+
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/04: Update package renamed fork of Commons BCEL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 740e88d78e1a31dac9e9c92a4f12b743e0a2a19e
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:28:02 2023 +
Update package renamed fork of Commons BCEL
---
MERGE.txt | 2 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +++---
webapps/docs/changelog.xml | 4
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 223868bc5c..103e396411 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -36,7 +36,7 @@ BCEL
Sub-tree:
src/main/java/org/apache/bcel
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-b015e90257850e810e57d1244664300f50de4a4c (2022-11-28)
+2ee2bff580c7138545377628074173412c27290c (2023-01-03)
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
index 468314f097..a9639e0be4 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
@@ -44,6 +44,7 @@ public class ConstantPool {
constantPool = new Constant[constantPoolCount];
/*
* constantPool[0] is unused by the compiler and may be used freely by
the implementation.
+ * constantPool[0] is currently unused by the implementation.
*/
for (int i = 1; i < constantPoolCount; i++) {
constantPool[i] = Constant.readConstant(input);
@@ -105,22 +106,25 @@ public class ConstantPool {
* @throws ClassFormatException if index is invalid
*/
public T getConstant(final int index, final Class
castTo) throws ClassFormatException {
-if (index >= constantPool.length || index < 0) {
+if (index >= constantPool.length || index < 1) {
throw new ClassFormatException("Invalid constant pool reference
using index: " + index + ". Constant pool size is: " + constantPool.length);
}
if (constantPool[index] != null &&
!castTo.isAssignableFrom(constantPool[index].getClass())) {
throw new ClassFormatException("Invalid constant pool reference at
index: " + index +
". Expected " + castTo + " but was " +
constantPool[index].getClass());
}
-// Previous check ensures this won't throw a ClassCastException
-final T c = castTo.cast(constantPool[index]);
-// the 0th element is always null
-if (c == null && index != 0) {
+if (index > 1) {
final Constant prev = constantPool[index - 1];
-if (prev == null || prev.getTag() != Const.CONSTANT_Double &&
prev.getTag() != Const.CONSTANT_Long) {
-throw new ClassFormatException("Constant pool at index " +
index + " is null.");
+if (prev != null && (prev.getTag() == Const.CONSTANT_Double ||
prev.getTag() == Const.CONSTANT_Long)) {
+throw new ClassFormatException("Constant pool at index " +
index + " is invalid. The index is unused due to the preceeding "
++ Const.getConstantName(prev.getTag()) + ".");
}
}
+// Previous check ensures this won't throw a ClassCastException
+final T c = castTo.cast(constantPool[index]);
+if (c == null) {
+throw new ClassFormatException("Constant pool at index " + index +
" is null.");
+}
return c;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b44c13668d..0f3ff2285b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -140,6 +140,10 @@
+
+Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03,
+6.7.1-SNAPSHOT). (markt)
+
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/04: Update packaged renamed fork of Commons File Upload
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cf77cc545de0488fb89e24294151504a7432df74
Author: Mark Thomas
AuthorDate: Tue Dec 13 17:55:34 2022 +
Update packaged renamed fork of Commons File Upload
---
MERGE.txt | 2 +-
java/org/apache/catalina/connector/Request.java| 10 -
java/org/apache/tomcat/util/http/Parameters.java | 5 +++
.../util/http/fileupload/FileUploadBase.java | 29 +
.../impl/FileCountLimitExceededException.java | 50 ++
webapps/docs/changelog.xml | 8
webapps/docs/config/ajp.xml| 15 ---
webapps/docs/config/http.xml | 15 ---
8 files changed, 120 insertions(+), 14 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index ba36b6c608..223868bc5c 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
Sub-tree:
src/main/java/org/apache/commons/fileupload2
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-aa8eff6f04c939fd99834360415b1ddb2f637cb1 (2022-11-29)
+34eb241c051b02eca3b0b1b04f67b3b4e6c3a24d (2023-01-03)
Note: Tomcat's copy of fileupload also includes classes copied manually from
Commons IO.
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 266a853f7b..3a38bf8cca 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2872,8 +2872,9 @@ public class Request implements HttpServletRequest {
}
}
+int maxParameterCount = getConnector().getMaxParameterCount();
Parameters parameters = coyoteRequest.getParameters();
-parameters.setLimit(getConnector().getMaxParameterCount());
+parameters.setLimit(maxParameterCount);
boolean success = false;
try {
@@ -2925,6 +2926,13 @@ public class Request implements HttpServletRequest {
upload.setFileItemFactory(factory);
upload.setFileSizeMax(mce.getMaxFileSize());
upload.setSizeMax(mce.getMaxRequestSize());
+if (maxParameterCount > -1) {
+// There is a limit. The limit for parts needs to be reduced by
+// the number of parameters we have already parsed.
+// Must be under the limit else parsing parameters would have
+// triggered an exception.
+upload.setFileCountMax(maxParameterCount - parameters.size());
+}
parts = new ArrayList<>();
try {
diff --git a/java/org/apache/tomcat/util/http/Parameters.java
b/java/org/apache/tomcat/util/http/Parameters.java
index ce765374e7..d233190ddb 100644
--- a/java/org/apache/tomcat/util/http/Parameters.java
+++ b/java/org/apache/tomcat/util/http/Parameters.java
@@ -125,6 +125,11 @@ public final class Parameters {
}
+public int size() {
+return parameterCount;
+}
+
+
public void recycle() {
parameterCount = 0;
paramHashValues.clear();
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
index 248d1c59a4..4c61fa718c 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
@@ -25,6 +25,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Objects;
+import
org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException;
import org.apache.tomcat.util.http.fileupload.impl.FileItemIteratorImpl;
import org.apache.tomcat.util.http.fileupload.impl.FileUploadIOException;
import org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException;
@@ -128,6 +129,12 @@ public abstract class FileUploadBase {
*/
private long fileSizeMax = -1;
+/**
+ * The maximum permitted number of files that may be uploaded in a single
+ * request. A value of -1 indicates no maximum.
+ */
+private long fileCountMax = -1;
+
/**
* The content encoding to use when reading part headers.
*/
@@ -204,6 +211,24 @@ public abstract class FileUploadBase {
this.fileSizeMax = fileSizeMax;
}
+/**
+ * Returns the maximum number of files allowed in a single request.
+ *
+ * @return The maximum number of files allowed in a single request.
+ */
+public long getFileCountMax() {
+return fileCountMax;
+}
+
+/**
+ * Sets the maximum number of files allowed per request/
+ *
+ * @param fileCountMax The new limit. {@code -1} means no limit.
+ */
+public void setFileCountMax(long fileCountMax) {
+this.fileCountMax = fileCountMax;
+}
+
/**
* Retr
[tomcat] 03/04: Update package renamed fork of Commons Codec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 5b71a7174ae4158fc427388cc91707613a6df58c
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:41:45 2023 +
Update package renamed fork of Commons Codec
---
MERGE.txt| 2 +-
java/org/apache/tomcat/util/codec/binary/BaseNCodec.java | 5 +++--
webapps/docs/changelog.xml | 4
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 103e396411..a311fc8c56 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -43,7 +43,7 @@ Codec
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-ae32a3f2fa6b722b8ad67bd125a52edb78932314 (2022-11-29)
+f03cbd3ba741758ead9f59bc07e6688a739a4813 (2023-01-03)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 3e912a985c..a234da2f0c 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -16,6 +16,8 @@
*/
package org.apache.tomcat.util.codec.binary;
+import java.util.Arrays;
+
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.res.StringManager;
@@ -248,8 +250,7 @@ public abstract class BaseNCodec {
newCapacity = createPositiveCapacity(minCapacity);
}
-final byte[] b = new byte[newCapacity];
-System.arraycopy(context.buffer, 0, b, 0, context.buffer.length);
+final byte[] b = Arrays.copyOf(context.buffer, newCapacity);
context.buffer = b;
return b;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0f3ff2285b..bdf6967e64 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -144,6 +144,10 @@
Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03,
6.7.1-SNAPSHOT). (markt)
+
+Update the internal fork of Apache Commons Codec to 3eafd6c
(2023-01-03,
+1.16-SNAPSHOT). (markt)
+
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated (0533c845d3 -> e655e48b56)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 0533c845d3 Fix BZ 63390 - Fix test on Solaris.
new cf77cc545d Update packaged renamed fork of Commons File Upload
new 740e88d78e Update package renamed fork of Commons BCEL
new 5b71a7174a Update package renamed fork of Commons Codec
new e655e48b56 Update package renamed fork of Commons DBCP
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
MERGE.txt | 8 +-
java/org/apache/catalina/connector/Request.java| 10 +-
.../apache/tomcat/dbcp/dbcp2/AbandonedTrace.java | 25 +-
.../apache/tomcat/dbcp/dbcp2/BasicDataSource.java | 355 --
.../tomcat/dbcp/dbcp2/BasicDataSourceFactory.java | 78 ++-
.../dbcp/dbcp2/ConnectionFactoryFactory.java | 8 +-
.../dbcp/dbcp2/DataSourceConnectionFactory.java| 2 +-
.../tomcat/dbcp/dbcp2/DelegatingConnection.java| 43 +-
.../dbcp/dbcp2/DelegatingPreparedStatement.java| 23 +
.../tomcat/dbcp/dbcp2/DelegatingStatement.java | 35 +-
.../apache/tomcat/dbcp/dbcp2/DriverFactory.java| 2 +-
.../dbcp/dbcp2/DriverManagerConnectionFactory.java | 8 +-
.../org/apache/tomcat/dbcp/dbcp2/Jdbc41Bridge.java | 4 +-
.../dbcp/dbcp2/LifetimeExceededException.java | 15 +-
.../tomcat/dbcp/dbcp2/LocalStrings.properties | 2 +-
.../tomcat/dbcp/dbcp2/ObjectNameWrapper.java | 2 +-
java/org/apache/tomcat/dbcp/dbcp2/PStmtKey.java| 758 +++--
.../dbcp/dbcp2/PoolableCallableStatement.java | 33 +-
.../tomcat/dbcp/dbcp2/PoolableConnection.java | 14 +-
.../dbcp/dbcp2/PoolableConnectionFactory.java | 58 +-
.../dbcp/dbcp2/PoolableConnectionMXBean.java | 5 +-
.../dbcp/dbcp2/PoolablePreparedStatement.java | 33 +-
.../tomcat/dbcp/dbcp2/PoolingConnection.java | 66 +-
.../apache/tomcat/dbcp/dbcp2/PoolingDriver.java| 13 +-
java/org/apache/tomcat/dbcp/dbcp2/Utils.java | 61 +-
.../dbcp/dbcp2/cpdsadapter/ConnectionImpl.java | 60 +-
.../dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java | 63 +-
.../dbcp/dbcp2/cpdsadapter/PStmtKeyCPDS.java | 22 +-
.../dbcp2/cpdsadapter/PooledConnectionImpl.java| 165 ++---
.../dbcp/dbcp2/cpdsadapter/package-info.java | 4 +-
.../dbcp2/datasources/CPDSConnectionFactory.java | 31 +-
.../tomcat/dbcp/dbcp2/datasources/CharArray.java | 14 +-
.../dbcp2/datasources/InstanceKeyDataSource.java | 39 +-
.../datasources/InstanceKeyDataSourceFactory.java | 26 +-
.../datasources/KeyedCPDSConnectionFactory.java| 26 +-
.../dbcp2/datasources/PerUserPoolDataSource.java | 294 +++-
.../datasources/PerUserPoolDataSourceFactory.java | 2 +-
.../tomcat/dbcp/dbcp2/datasources/PoolKey.java | 2 +-
.../dbcp2/datasources/PooledConnectionManager.java | 20 +-
.../dbcp2/datasources/SharedPoolDataSource.java| 10 +-
.../datasources/SharedPoolDataSourceFactory.java | 2 +-
.../tomcat/dbcp/dbcp2/datasources/UserPassKey.java | 2 +-
.../dbcp/dbcp2/datasources/package-info.java | 18 +-
.../managed/DataSourceXAConnectionFactory.java | 50 +-
.../dbcp2/managed/LocalXAConnectionFactory.java| 34 +-
.../dbcp/dbcp2/managed/ManagedConnection.java | 8 +-
.../dbcp/dbcp2/managed/ManagedDataSource.java | 2 +-
.../managed/PoolableManagedConnectionFactory.java | 5 +-
.../dbcp/dbcp2/managed/SynchronizationAdapter.java | 18 +-
.../dbcp/dbcp2/managed/TransactionContext.java | 18 +-
.../dbcp/dbcp2/managed/TransactionRegistry.java| 13 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +-
.../tomcat/util/codec/binary/BaseNCodec.java | 5 +-
java/org/apache/tomcat/util/http/Parameters.java | 5 +
.../util/http/fileupload/FileUploadBase.java | 29 +
...n.java => FileCountLimitExceededException.java} | 37 +-
webapps/docs/changelog.xml | 20 +
webapps/docs/config/ajp.xml| 15 +-
webapps/docs/config/http.xml | 15 +-
59 files changed, 1160 insertions(+), 1593 deletions(-)
copy test/org/apache/el/TesterBeanAA.java =>
java/org/apache/tomcat/dbcp/dbcp2/managed/SynchronizationAdapter.java (71%)
copy
java/org/apache/tomcat/util/http/fileupload/impl/{SizeLimitExceededException.java
=> FileCountLimitExceededException.java} (54%)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (83b69e66eb -> 980316f529)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 83b69e66eb Fix BZ 63390 - Fix test on Solaris.
new 9ca96c8c1e Update packaged renamed fork of Commons File Upload
new 980316f529 Update package renamed fork of Commons BCEL
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
MERGE.txt | 4 +--
java/org/apache/catalina/connector/Request.java| 10 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +++
java/org/apache/tomcat/util/http/Parameters.java | 5 +++
.../util/http/fileupload/FileUploadBase.java | 29 +
...n.java => FileCountLimitExceededException.java} | 37 +-
webapps/docs/changelog.xml | 16 +-
webapps/docs/config/ajp.xml| 15 +
webapps/docs/config/http.xml | 15 +
9 files changed, 104 insertions(+), 45 deletions(-)
copy
java/org/apache/tomcat/util/http/fileupload/impl/{SizeLimitExceededException.java
=> FileCountLimitExceededException.java} (54%)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Update package renamed fork of Commons BCEL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 980316f529b9b5d295cfeefc3b502a6a26c9cc4b
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:28:02 2023 +
Update package renamed fork of Commons BCEL
---
MERGE.txt | 2 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +++---
webapps/docs/changelog.xml | 8
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index f1e65db66a..17a52c0dc3 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -36,7 +36,7 @@ BCEL
Sub-tree:
src/main/java/org/apache/bcel
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-b015e90257850e810e57d1244664300f50de4a4c (2022-11-28)
+2ee2bff580c7138545377628074173412c27290c (2023-01-03)
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
index 468314f097..a9639e0be4 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantPool.java
@@ -44,6 +44,7 @@ public class ConstantPool {
constantPool = new Constant[constantPoolCount];
/*
* constantPool[0] is unused by the compiler and may be used freely by
the implementation.
+ * constantPool[0] is currently unused by the implementation.
*/
for (int i = 1; i < constantPoolCount; i++) {
constantPool[i] = Constant.readConstant(input);
@@ -105,22 +106,25 @@ public class ConstantPool {
* @throws ClassFormatException if index is invalid
*/
public T getConstant(final int index, final Class
castTo) throws ClassFormatException {
-if (index >= constantPool.length || index < 0) {
+if (index >= constantPool.length || index < 1) {
throw new ClassFormatException("Invalid constant pool reference
using index: " + index + ". Constant pool size is: " + constantPool.length);
}
if (constantPool[index] != null &&
!castTo.isAssignableFrom(constantPool[index].getClass())) {
throw new ClassFormatException("Invalid constant pool reference at
index: " + index +
". Expected " + castTo + " but was " +
constantPool[index].getClass());
}
-// Previous check ensures this won't throw a ClassCastException
-final T c = castTo.cast(constantPool[index]);
-// the 0th element is always null
-if (c == null && index != 0) {
+if (index > 1) {
final Constant prev = constantPool[index - 1];
-if (prev == null || prev.getTag() != Const.CONSTANT_Double &&
prev.getTag() != Const.CONSTANT_Long) {
-throw new ClassFormatException("Constant pool at index " +
index + " is null.");
+if (prev != null && (prev.getTag() == Const.CONSTANT_Double ||
prev.getTag() == Const.CONSTANT_Long)) {
+throw new ClassFormatException("Constant pool at index " +
index + " is invalid. The index is unused due to the preceeding "
++ Const.getConstantName(prev.getTag()) + ".");
}
}
+// Previous check ensures this won't throw a ClassCastException
+final T c = castTo.cast(constantPool[index]);
+if (c == null) {
+throw new ClassFormatException("Constant pool at index " + index +
" is null.");
+}
return c;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 51145a4432..a2ad52ca2f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -169,10 +169,6 @@
deprecated in Java 20 onwards, the reasons for deprecation are valid
for
all versions so move away from them now. (markt)
-
-Update the internal fork of Apache Commons BCEL to b015e90 (2022-11-28,
-6.7.0-RC1). (markt)
-
Update the internal fork of Apache Commons Codec to ae32a3f
(2022-11-29,
1.16-SNAPSHOT). (markt)
@@ -188,6 +184,10 @@
Update the internal fork of Apache Commons FileUpload to 34eb241
(2023-01-03, 2.0-SNAPSHOT). (markt)
+
+Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03,
+6.7.1-SNAPSHOT). (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Update packaged renamed fork of Commons File Upload
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
Author: Mark Thomas
AuthorDate: Tue Dec 13 17:55:34 2022 +
Update packaged renamed fork of Commons File Upload
---
MERGE.txt | 2 +-
java/org/apache/catalina/connector/Request.java| 10 -
java/org/apache/tomcat/util/http/Parameters.java | 5 +++
.../util/http/fileupload/FileUploadBase.java | 29 +
.../impl/FileCountLimitExceededException.java | 50 ++
webapps/docs/changelog.xml | 8 ++--
webapps/docs/config/ajp.xml| 15 ---
webapps/docs/config/http.xml | 15 ---
8 files changed, 116 insertions(+), 18 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 885bbabe7e..f1e65db66a 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
Sub-tree:
src/main/java/org/apache/commons/fileupload2
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-aa8eff6f04c939fd99834360415b1ddb2f637cb1 (2022-11-29)
+34eb241c051b02eca3b0b1b04f67b3b4e6c3a24d (2023-01-03)
Note: Tomcat's copy of fileupload also includes classes copied manually from
Commons IO.
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 6914b0e8be..ca9df14714 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2911,8 +2911,9 @@ public class Request implements HttpServletRequest {
}
}
+int maxParameterCount = getConnector().getMaxParameterCount();
Parameters parameters = coyoteRequest.getParameters();
-parameters.setLimit(getConnector().getMaxParameterCount());
+parameters.setLimit(maxParameterCount);
boolean success = false;
try {
@@ -2964,6 +2965,13 @@ public class Request implements HttpServletRequest {
upload.setFileItemFactory(factory);
upload.setFileSizeMax(mce.getMaxFileSize());
upload.setSizeMax(mce.getMaxRequestSize());
+if (maxParameterCount > -1) {
+// There is a limit. The limit for parts needs to be reduced by
+// the number of parameters we have already parsed.
+// Must be under the limit else parsing parameters would have
+// triggered an exception.
+upload.setFileCountMax(maxParameterCount - parameters.size());
+}
parts = new ArrayList<>();
try {
diff --git a/java/org/apache/tomcat/util/http/Parameters.java
b/java/org/apache/tomcat/util/http/Parameters.java
index 294a38d834..5c416f4bd4 100644
--- a/java/org/apache/tomcat/util/http/Parameters.java
+++ b/java/org/apache/tomcat/util/http/Parameters.java
@@ -157,6 +157,11 @@ public final class Parameters {
}
+public int size() {
+return parameterCount;
+}
+
+
public void recycle() {
parameterCount = 0;
paramHashValues.clear();
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
index 267a5ae9d1..d8dbd691f8 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
@@ -25,6 +25,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Objects;
+import
org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException;
import org.apache.tomcat.util.http.fileupload.impl.FileItemIteratorImpl;
import org.apache.tomcat.util.http.fileupload.impl.FileUploadIOException;
import org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException;
@@ -128,6 +129,12 @@ public abstract class FileUploadBase {
*/
private long fileSizeMax = -1;
+/**
+ * The maximum permitted number of files that may be uploaded in a single
+ * request. A value of -1 indicates no maximum.
+ */
+private long fileCountMax = -1;
+
/**
* The content encoding to use when reading part headers.
*/
@@ -204,6 +211,24 @@ public abstract class FileUploadBase {
this.fileSizeMax = fileSizeMax;
}
+/**
+ * Returns the maximum number of files allowed in a single request.
+ *
+ * @return The maximum number of files allowed in a single request.
+ */
+public long getFileCountMax() {
+return fileCountMax;
+}
+
+/**
+ * Sets the maximum number of files allowed per request/
+ *
+ * @param fileCountMax The new limit. {@code -1} means no limit.
+ */
+public void setFileCountMax(long fileCountMax) {
+this.fileCountMax = fileCountMax;
+}
+
/**
* Retr
[tomcat] branch main updated: Happy New Year 2023
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4d6571c880 Happy New Year 2023
4d6571c880 is described below
commit 4d6571c880ecc0fe54d6d084eba7d2ee3d9d84c9
Author: Mark Thomas
AuthorDate: Tue Jan 3 16:38:58 2023 +
Happy New Year 2023
---
NOTICE | 2 +-
java/org/apache/catalina/manager/Constants.java | 2 +-
java/org/apache/catalina/manager/HTMLManagerServlet.java | 2 +-
java/org/apache/catalina/manager/host/Constants.java | 2 +-
modules/jdbc-pool/NOTICE | 2 +-
webapps/manager/WEB-INF/jsp/connectorCerts.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorCiphers.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionDetail.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionsList.jsp | 2 +-
10 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/NOTICE b/NOTICE
index 74fd3c4580..13f15a791f 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat
-Copyright 1999-2022 The Apache Software Foundation
+Copyright 1999-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
diff --git a/java/org/apache/catalina/manager/Constants.java
b/java/org/apache/catalina/manager/Constants.java
index a0cfa76a85..cb70b90b24 100644
--- a/java/org/apache/catalina/manager/Constants.java
+++ b/java/org/apache/catalina/manager/Constants.java
@@ -129,7 +129,7 @@ public class Constants {
HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation"
+
+" Copyright © 1999-2023, Apache Software Foundation"
+
"\n" +
"\n" +
"\n" +
diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index 586eac9c97..f50acb6bb6 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -796,7 +796,7 @@ public final class HTMLManagerServlet extends
ManagerServlet {
*/
@Override
public String getServletInfo() {
-return "HTMLManagerServlet, Copyright (c) 1999-2022, The Apache
Software Foundation";
+return "HTMLManagerServlet, Copyright (c) 1999-2023, The Apache
Software Foundation";
}
/**
diff --git a/java/org/apache/catalina/manager/host/Constants.java
b/java/org/apache/catalina/manager/host/Constants.java
index e03c564bf7..6ef1e2f3e1 100644
--- a/java/org/apache/catalina/manager/host/Constants.java
+++ b/java/org/apache/catalina/manager/host/Constants.java
@@ -79,7 +79,7 @@ public class Constants {
public static final String HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation" +
+" Copyright © 1999-2023, Apache Software Foundation" +
"\n" +
"\n" +
"\n" +
diff --git a/modules/jdbc-pool/NOTICE b/modules/jdbc-pool/NOTICE
index 7545628dad..c005fed3ac 100644
--- a/modules/jdbc-pool/NOTICE
+++ b/modules/jdbc-pool/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat JDBC Pool
-Copyright 2008-2022 The Apache Software Foundation
+Copyright 2008-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
index 335701686e..74a6873aa0 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
@@ -32,7 +32,7 @@
-
+
Configured certificate chains per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
index 71e4cd9c81..6b424b717b 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
@@ -32,7 +32,7 @@
-
+
Configured ciphers per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
index e4e5d3f752..d90b275ef8 100644
--- a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
@@ -32,7 +32,7 @@
-
+
Trusted certificates per Connector
diff --git a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
index 0289efcfcf..37ad142628 100644
--- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
+++ b/webapps/manager/WE
[tomcat] branch 10.1.x updated: Happy New Year 2023
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 7349b1ce4a Happy New Year 2023
7349b1ce4a is described below
commit 7349b1ce4ab677689f92f66af65b408cce224891
Author: Mark Thomas
AuthorDate: Tue Jan 3 16:38:58 2023 +
Happy New Year 2023
---
NOTICE | 2 +-
java/org/apache/catalina/manager/Constants.java | 2 +-
java/org/apache/catalina/manager/HTMLManagerServlet.java | 2 +-
java/org/apache/catalina/manager/host/Constants.java | 2 +-
modules/jdbc-pool/NOTICE | 2 +-
webapps/manager/WEB-INF/jsp/connectorCerts.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorCiphers.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionDetail.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionsList.jsp | 2 +-
10 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/NOTICE b/NOTICE
index 74fd3c4580..13f15a791f 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat
-Copyright 1999-2022 The Apache Software Foundation
+Copyright 1999-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
diff --git a/java/org/apache/catalina/manager/Constants.java
b/java/org/apache/catalina/manager/Constants.java
index a0cfa76a85..cb70b90b24 100644
--- a/java/org/apache/catalina/manager/Constants.java
+++ b/java/org/apache/catalina/manager/Constants.java
@@ -129,7 +129,7 @@ public class Constants {
HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation"
+
+" Copyright © 1999-2023, Apache Software Foundation"
+
"\n" +
"\n" +
"\n" +
diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index 586eac9c97..f50acb6bb6 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -796,7 +796,7 @@ public final class HTMLManagerServlet extends
ManagerServlet {
*/
@Override
public String getServletInfo() {
-return "HTMLManagerServlet, Copyright (c) 1999-2022, The Apache
Software Foundation";
+return "HTMLManagerServlet, Copyright (c) 1999-2023, The Apache
Software Foundation";
}
/**
diff --git a/java/org/apache/catalina/manager/host/Constants.java
b/java/org/apache/catalina/manager/host/Constants.java
index e03c564bf7..6ef1e2f3e1 100644
--- a/java/org/apache/catalina/manager/host/Constants.java
+++ b/java/org/apache/catalina/manager/host/Constants.java
@@ -79,7 +79,7 @@ public class Constants {
public static final String HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation" +
+" Copyright © 1999-2023, Apache Software Foundation" +
"\n" +
"\n" +
"\n" +
diff --git a/modules/jdbc-pool/NOTICE b/modules/jdbc-pool/NOTICE
index 7545628dad..c005fed3ac 100644
--- a/modules/jdbc-pool/NOTICE
+++ b/modules/jdbc-pool/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat JDBC Pool
-Copyright 2008-2022 The Apache Software Foundation
+Copyright 2008-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
index 335701686e..74a6873aa0 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
@@ -32,7 +32,7 @@
-
+
Configured certificate chains per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
index 71e4cd9c81..6b424b717b 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
@@ -32,7 +32,7 @@
-
+
Configured ciphers per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
index e4e5d3f752..d90b275ef8 100644
--- a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
@@ -32,7 +32,7 @@
-
+
Trusted certificates per Connector
diff --git a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
index 0289efcfcf..37ad142628 100644
--- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
+++ b/webapps/manage
[tomcat] branch 9.0.x updated: Happy New Year 2023
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new ff9b09a4d1 Happy New Year 2023
ff9b09a4d1 is described below
commit ff9b09a4d1116ea259da4026523687b7ce025130
Author: Mark Thomas
AuthorDate: Tue Jan 3 16:38:58 2023 +
Happy New Year 2023
---
NOTICE | 2 +-
java/org/apache/catalina/manager/Constants.java | 2 +-
java/org/apache/catalina/manager/HTMLManagerServlet.java | 2 +-
java/org/apache/catalina/manager/host/Constants.java | 2 +-
modules/jdbc-pool/NOTICE | 2 +-
webapps/manager/WEB-INF/jsp/connectorCerts.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorCiphers.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionDetail.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionsList.jsp | 2 +-
10 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/NOTICE b/NOTICE
index 74fd3c4580..13f15a791f 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat
-Copyright 1999-2022 The Apache Software Foundation
+Copyright 1999-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
diff --git a/java/org/apache/catalina/manager/Constants.java
b/java/org/apache/catalina/manager/Constants.java
index a0cfa76a85..cb70b90b24 100644
--- a/java/org/apache/catalina/manager/Constants.java
+++ b/java/org/apache/catalina/manager/Constants.java
@@ -129,7 +129,7 @@ public class Constants {
HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation"
+
+" Copyright © 1999-2023, Apache Software Foundation"
+
"\n" +
"\n" +
"\n" +
diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index eb8278a102..8c20448c52 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -796,7 +796,7 @@ public final class HTMLManagerServlet extends
ManagerServlet {
*/
@Override
public String getServletInfo() {
-return "HTMLManagerServlet, Copyright (c) 1999-2022, The Apache
Software Foundation";
+return "HTMLManagerServlet, Copyright (c) 1999-2023, The Apache
Software Foundation";
}
/**
diff --git a/java/org/apache/catalina/manager/host/Constants.java
b/java/org/apache/catalina/manager/host/Constants.java
index e03c564bf7..6ef1e2f3e1 100644
--- a/java/org/apache/catalina/manager/host/Constants.java
+++ b/java/org/apache/catalina/manager/host/Constants.java
@@ -79,7 +79,7 @@ public class Constants {
public static final String HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation" +
+" Copyright © 1999-2023, Apache Software Foundation" +
"\n" +
"\n" +
"\n" +
diff --git a/modules/jdbc-pool/NOTICE b/modules/jdbc-pool/NOTICE
index 7545628dad..c005fed3ac 100644
--- a/modules/jdbc-pool/NOTICE
+++ b/modules/jdbc-pool/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat JDBC Pool
-Copyright 2008-2022 The Apache Software Foundation
+Copyright 2008-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
index 335701686e..74a6873aa0 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
@@ -32,7 +32,7 @@
-
+
Configured certificate chains per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
index 71e4cd9c81..6b424b717b 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
@@ -32,7 +32,7 @@
-
+
Configured ciphers per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
index e4e5d3f752..d90b275ef8 100644
--- a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
@@ -32,7 +32,7 @@
-
+
Trusted certificates per Connector
diff --git a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
index 142eac89aa..fabe94a076 100644
--- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
+++ b/webapps/manager/
[tomcat] branch 8.5.x updated: Update package renamed fork of Commons Codec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new f5cea7a64b Update package renamed fork of Commons Codec
f5cea7a64b is described below
commit f5cea7a64bb59678d5a9af8de39fbed9a1d1e9d5
Author: Mark Thomas
AuthorDate: Tue Jan 3 12:41:45 2023 +
Update package renamed fork of Commons Codec
---
MERGE.txt| 2 +-
java/org/apache/tomcat/util/codec/binary/BaseNCodec.java | 5 +++--
webapps/docs/changelog.xml | 8
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 17a52c0dc3..a44ce46536 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -43,7 +43,7 @@ Codec
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-ae32a3f2fa6b722b8ad67bd125a52edb78932314 (2022-11-29)
+f03cbd3ba741758ead9f59bc07e6688a739a4813 (2023-01-03)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 3ff6864e54..51e3792e0e 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -16,6 +16,8 @@
*/
package org.apache.tomcat.util.codec.binary;
+import java.util.Arrays;
+
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.codec.BinaryDecoder;
import org.apache.tomcat.util.codec.BinaryEncoder;
@@ -253,8 +255,7 @@ public abstract class BaseNCodec implements BinaryEncoder,
BinaryDecoder {
newCapacity = createPositiveCapacity(minCapacity);
}
-final byte[] b = new byte[newCapacity];
-System.arraycopy(context.buffer, 0, b, 0, context.buffer.length);
+final byte[] b = Arrays.copyOf(context.buffer, newCapacity);
context.buffer = b;
return b;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a2ad52ca2f..5f0b47862c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -169,10 +169,6 @@
deprecated in Java 20 onwards, the reasons for deprecation are valid
for
all versions so move away from them now. (markt)
-
-Update the internal fork of Apache Commons Codec to ae32a3f
(2022-11-29,
-1.16-SNAPSHOT). (markt)
-
Update to Commons Daemon 1.3.3. (markt)
@@ -188,6 +184,10 @@
Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03,
6.7.1-SNAPSHOT). (markt)
+
+Update the internal fork of Apache Commons Codec to 3eafd6c
(2023-01-03,
+1.16-SNAPSHOT). (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Happy New Year 2023
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 32e98d6224 Happy New Year 2023
32e98d6224 is described below
commit 32e98d6224c05d7a0fce15895721096176bd1ceb
Author: Mark Thomas
AuthorDate: Tue Jan 3 16:38:58 2023 +
Happy New Year 2023
---
NOTICE | 2 +-
java/org/apache/catalina/manager/Constants.java | 2 +-
java/org/apache/catalina/manager/HTMLManagerServlet.java | 2 +-
java/org/apache/catalina/manager/host/Constants.java | 2 +-
modules/jdbc-pool/NOTICE | 2 +-
webapps/manager/WEB-INF/jsp/connectorCerts.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorCiphers.jsp | 2 +-
webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionDetail.jsp| 2 +-
webapps/manager/WEB-INF/jsp/sessionsList.jsp | 2 +-
10 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/NOTICE b/NOTICE
index 07ce9eb612..7fbd599f1c 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat
-Copyright 1999-2022 The Apache Software Foundation
+Copyright 1999-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
diff --git a/java/org/apache/catalina/manager/Constants.java
b/java/org/apache/catalina/manager/Constants.java
index a0cfa76a85..cb70b90b24 100644
--- a/java/org/apache/catalina/manager/Constants.java
+++ b/java/org/apache/catalina/manager/Constants.java
@@ -129,7 +129,7 @@ public class Constants {
HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation"
+
+" Copyright © 1999-2023, Apache Software Foundation"
+
"\n" +
"\n" +
"\n" +
diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index 29e1ea35c8..4d84fee106 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -791,7 +791,7 @@ public final class HTMLManagerServlet extends
ManagerServlet {
*/
@Override
public String getServletInfo() {
-return "HTMLManagerServlet, Copyright (c) 1999-2022, The Apache
Software Foundation";
+return "HTMLManagerServlet, Copyright (c) 1999-2023, The Apache
Software Foundation";
}
/**
diff --git a/java/org/apache/catalina/manager/host/Constants.java
b/java/org/apache/catalina/manager/host/Constants.java
index e03c564bf7..6ef1e2f3e1 100644
--- a/java/org/apache/catalina/manager/host/Constants.java
+++ b/java/org/apache/catalina/manager/host/Constants.java
@@ -79,7 +79,7 @@ public class Constants {
public static final String HTML_TAIL_SECTION =
"\n" +
"\n" +
-" Copyright © 1999-2022, Apache Software Foundation" +
+" Copyright © 1999-2023, Apache Software Foundation" +
"\n" +
"\n" +
"\n" +
diff --git a/modules/jdbc-pool/NOTICE b/modules/jdbc-pool/NOTICE
index 7545628dad..c005fed3ac 100644
--- a/modules/jdbc-pool/NOTICE
+++ b/modules/jdbc-pool/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat JDBC Pool
-Copyright 2008-2022 The Apache Software Foundation
+Copyright 2008-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
index 335701686e..74a6873aa0 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
@@ -32,7 +32,7 @@
-
+
Configured certificate chains per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
index 71e4cd9c81..6b424b717b 100644
--- a/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
@@ -32,7 +32,7 @@
-
+
Configured ciphers per Connector
diff --git a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
index e4e5d3f752..d90b275ef8 100644
--- a/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
+++ b/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
@@ -32,7 +32,7 @@
-
+
Trusted certificates per Connector
diff --git a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
index 142eac89aa..fabe94a076 100644
--- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
+++ b/webapps/manager/
svn commit: r1906356 - in /tomcat/site/trunk: docs/security-11.html docs/security.html xdocs/security-11.xml xdocs/security.xml
Author: markt Date: Tue Jan 3 17:33:38 2023 New Revision: 1906356 URL: http://svn.apache.org/viewvc?rev=1906356&view=rev Log: Add a security page for Tomcat 11 Added: tomcat/site/trunk/docs/security-11.html tomcat/site/trunk/xdocs/security-11.xml Modified: tomcat/site/trunk/docs/security.html tomcat/site/trunk/xdocs/security.xml Added: tomcat/site/trunk/docs/security-11.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-11.html?rev=1906356&view=auto == --- tomcat/site/trunk/docs/security-11.html (added) +++ tomcat/site/trunk/docs/security-11.html Tue Jan 3 17:33:38 2023 @@ -0,0 +1,48 @@ + +Apache Tomcat® - Apache Tomcat 11 vulnerabilitieshttp://tomcat.apache.org/";>Apache Tomcat®https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left">https://www.apache.org/images/SupportApache-small.png"; class="support-asf" alt="Support Apache">http://www.apache.org/"; target="_blank" class="pull-left">https://www.google.com/search"; method="get">GOApache TomcatHomeTaglibsMaven PluginDownloadWhich version?https://tomcat.apache.org/download-11.cgi";>Tomcat 11 (alpha)https://tomcat.apache.org/download-10.cgi";>Tomcat 10https://tomcat.apache.o rg/download-90.cgi">Tomcat 9https://tomcat.apache.org/download-80.cgi";>Tomcat 8https://tomcat.apache.org/download-migration.cgi";>Tomcat Migration Tool for Jakarta EEhttps://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectorshttps://tomcat.apache.org/download-native.cgi";>Tomcat Nativehttps://tomcat.apache.org/download-taglibs.cgi";>Taglibshttps://archive.apache.org/dist/tomcat/";>ArchivesDocumentationTomcat 11.0 (alpha)Tomcat 10.1Tomcat 10.0Tomcat 9.0Tomcat 8.5Tomcat ConnectorsTomcat Nativ e 2Tomcat Native 1.2https://cwiki.apache.org/confluence/display/TOMCAT";>WikiMigration GuidePresentationshttps://cwiki.apache.org/confluence/x/Bi8lBg";>SpecificationsProblems?Security ReportsFind helphttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQMailing ListsBug DatabaseIRCGet InvolvedOverviewSource codeBuildbothttps://cwiki.apache.org/confluence/x/vIPzBQ";>TranslationsToolsMediahref="https://twitter.com/theapachetomcat";>Twitterhref="https://www.youtube.com/c/ApacheTomcatOfficial";>YouTubehref="https://blogs.apache.org/tomcat/";>BlogMisc href="./whoweare.html">Who We Arehref="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>Swag href="./heritage.html">Heritagehref="http://www.apache.org";>Apache Homehref="./resources.html">Resourceshref="./contact.html">Contacthref="./legal.html">Legalhref="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy href="https://www.apache.org/foundation/contributing.html";>Support >Apachehref="https://www.apache.org/foundation/sponsorship.html";>Sponsorship href="http://www.apache.org/foundation/thanks.html";>Thankshttp://www.apache.org/licenses/";>LicenseContentApache Tomcat 11.x vulnerabilities +This page lists all security vulnerabilities fixed in released versions + of Apache Tomcat 11.x. Each vulnerability is given a + security impact rating by the Apache + Tomcat security team — please note that this rating may vary from + platform to platform. We also list the versions of Apache Tomcat the flaw + is known to affect, and where a flaw has not been verified list the + version with a question mark. + +Note: Vulnerabilities that are not Tomcat vulnerabilities + but have either been incorrectly reported against Tomcat or where Tomcat + provides a workaround are listed at the end of this page. + +Please note that binary patches are never provided. If you need to + apply a source code patch, use the building instructions for the + Apache Tomcat version that you are using. For Tomcat 11.0.x those are + building.html and + BUILDING.txt. + Both files can be found in the webapps/docs subdirectory + of a binary distribution. You may also want to review the + Security Considerations + page in the documentation. + +If you need help on building or configuring Tomcat or other help on + following the instructions to mitigate the known vulnerabilities listed + here, please send your questions to the public + Tomcat Users mailing list + + +If you have encountered an unlisted security vulnerability or other + unexpected behaviour that has security + impact, or if the descriptions here are incomplete, + please report them privately to the + Tomcat Security Team. Thank you. + + + Table of Contents +There are currently no known public vulnerabilities in Apache Tomcat + 11.x. + + +Copyright © 1999-2022, The Apache Software Foundation + +Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat +project logo are either registered trademarks or
svn commit: r1906357 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml
Author: markt Date: Tue Jan 3 17:45:30 2023 New Revision: 1906357 URL: http://svn.apache.org/viewvc?rev=1906357&view=rev Log: Add CVE-2022-45143 Modified: tomcat/site/trunk/docs/security-10.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-10.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1906357&r1=1906356&r2=1906357&view=diff == --- tomcat/site/trunk/docs/security-10.html (original) +++ tomcat/site/trunk/docs/security-10.html Tue Jan 3 17:45:30 2023 @@ -42,7 +42,7 @@ Table of Contents -Fixed in Apache Tomcat 10.0.27Fixed in Apache Tomcat 10.1.1Fixed in Apache Tomcat 10.0.23Fixed in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 10.0.21Fixed in Apache Tomcat 10.1.0-M15Fixed in Apache Tomcat 10.0.20Fixed in Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 10.0.16Fixed in Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 10.0.12Fixed in Apache Tomcat 10.1.0-M6Fixed in Apache Tomcat 10.0.7Fixed in Apache Tomcat 10.0.6Fixed in Apache Tomcat 10.0.5Fixed in Apache Tomcat 10.0.4Fixed in Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 10.0.0-M5Not a vulnerability in Tomcat +Fixed in Apache Tomcat 10.0.27Fixed in Apache Tomcat 10.1.2Fixed in Apache Tomcat 10.1.1Fixed in Apache Tomcat 10.0.23Fixed in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 10.0.21Fixed in Apache Tomcat 10.1.0-M15Fixed in Apache Tomcat 10.0.20Fixed in Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 10.0.16Fixed in Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 10.0.12Fixed in Apache Tomcat 10.1.0-M6Fixed in Apache Tomcat 10.0.7Fixed in Apache Tomcat 10.0.6Fixed in Apache Tomcat 10.0.5Fixed in Apache Tomcat 10.0.4Fixed in Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 10.0.0-M5 Not a vulnerability in Tomcat 2022-10-10 Fixed in Apache Tomcat 10.0.27 Low: Apache Tomcat request smuggling @@ -63,6 +63,25 @@ Affects: 10.0.0-M1 to 10.0.26 + 2022-11-14 Fixed in Apache Tomcat 10.1.2 + +Low: Apache Tomcat JsonErrorReportValve injection + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143"; rel="nofollow">CVE-2022-45143 + +The JsonErrorReportValve did not escape the + type, message or description + values. In some circumstances these are constructed from user provided + data and it was therefore possible for users to supply values that + invalidated or manipulated the JSON output. + +This was fixed with commit + https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa";>6a0ac6a4. + +This issue was identified by the Apache Tomcat Security team on 2 + September 2022. The issue was made public on 3 January 2023. + +Affects: 10.1.0-M1 to 10.1.1 + 2022-10-11 Fixed in Apache Tomcat 10.1.1 Low: Apache Tomcat request smuggling Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1906357&r1=1906356&r2=1906357&view=diff == --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Tue Jan 3 17:45:30 2023 @@ -42,7 +42,26 @@ Table of Contents -Fixed in Apache Tomcat 8.5.83Fixed in Apache Tomcat 8.5.82Fixed in Apache Tomcat 8.5.79Fixed in Apache Tomcat 8.5.78Fixed in Apache Tomcat 8.5.76Fixed in Apache Tomcat 8.5.75Fixed in Apache Tomcat 8.5.72Fixed in Apache Tomcat 8.5.68Fixed in Apache Tomcat 8.5.66Fixed in Apache Tomcat 8.5.65Fixed in Apache Tomcat 8.5.64Fixed in Apache Tomcat 8.5.63Fixed in Apache Tomcat 8.5.60Fixed in Apache Tomcat 8.5.58Fixed in Apache Tomcat 8.5.57Fixed in Apache Tomcat 8.5.56Fixed in Apache Tomcat 8.5.55Fixed in Apache Tomcat 8.5.51Fixed in Apache Tomcat 8.5.50Fixed in Apache Tomcat 8.5.49Fixed in Apache Tomcat 8.5.41Fixed in Apache Tomcat 8.5.40Fixed in Apache Tomcat 8.5.38Fixed in Apache Tomcat 8.5.34Fixed in Apache Tomcat >8.0.53Fixed in Apache >Tomcat 8.5.32Fixed in >Apache Tomcat 8.0.52href="#Fixed_in_Apache_Tomcat_8.5.31">Fixed in Apache Tomcat >8.5.31Fixed in Apache >Tomcat 8.0.50Fixed in >Apache Tomcat 8.5.28href="#Fixed_in_Apache_Tomcat_8.0.48">Fixed in Apache Tomcat >8.0.48Fixed in Apache >Tomcat 8.5.24Fixed in >Apache Tomcat 8.0.47href="#Fixed_in_Apache_Tomcat_8.5.23">Fixed in Apache Tomcat >8.5.23Fixed in Apache >
[SECURITY] CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection
CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.1 Apache Tomcat 9.0.40 to 9.0.68 Apache Tomcat 8.5.83 Description: The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 10.1.2 or later - Upgrade to Apache Tomcat 9.0.69 or later - Upgrade to Apache Tomcat 8.5.84 or later Credit: This issue was identified by the Apache Tomcat security team. History: 2023-01-03 Original advisory References: [1] https://tomcat.apache.org/security-10.html [2] https://tomcat.apache.org/security-9.html [3] https://tomcat.apache.org/security-8.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
