[Bug 66513] Primary Key Violation using PersistentManager + PersistentValves +
https://bz.apache.org/bugzilla/show_bug.cgi?id=66513 --- Comment #7 from Remy Maucherat --- First, I'd like to add that this issue is in the javadoc of PersistentValve: it requires a persistent manager, *and* "to work correctly it assumes only one request exists per session at any one time". So no big surprise then. Actually, someone already talked about this problem (= the session object can change so sync on that object may fail to do what is expected): http://illegalargumentexception.blogspot.com/2008/04/java-synchronizing-on-transient-id.html Unfortunately, it seems the solution proposed is not good since it syncs too much. Similarly, String.intern should not be used for sync (explanations are available online). Instead, I think we should use the original suggestion from Vincent: the ParsistentManager (or most likely, the StoreBase) should use a concurrent map to deduplicate the session ids. But there's still a problem: all the session ids that are in a store would now be in memory. Maybe that's not a problem these days but it was certainly something that was avoided before. So I cannot find a solution yet that fixes this while keeping everything as it was. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
PersistentValve removal ?
Hi, After looking at BZ 66513, reading things online, the javadoc with its heavy handed usage warnings, code of PersistentValve and tracing back all the calls in the PersistentManager itself, my conclusion is that the functionality provided by that valve is probably not doable without significant compromises that would likely break most of its usefulness. This seems to be a core design issue basically, or at least this is a far more complex problem than what can be achieved using a quick hack. As a result, I would be inclined to propose dropping PersistentValve in Tomcat 11, and deprecating it in the other branches. Comments ? Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66513] Primary Key Violation using PersistentManager + PersistentValves +
https://bz.apache.org/bugzilla/show_bug.cgi?id=66513 --- Comment #8 from Vincent Liautaud --- Hi Remy, thank you for your reply and i understand the issue regrding the memory usage of this concurrent map. Anyway, as explained before we have been in a position where multiple requests exist at a time for a same session (which is explicitly explained to avoid in your documentation, as you noticed) because : 1-The documentation contained an example of filter : filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html| .*\.css|.*\.txt" This filter introduced a malicious space character before the .*\.css !!! For users (like me) who had copy and paste this filter in their configuration file, all css requests were not filtered (so Servlet + CSS generate concurrent requests for a same session => It seems you have corrected the documentation recently (So Thanks, problem fixed). 2-There had no debug trace in order to display all the requests that have not been filtered. This kind of trace would be very useful to identify some lack on the filter (to check that no file type extention have been forgotten on these filter). Regards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-8.5.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/36/builds/501 Blamelist: Igal Sapir Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 8.5.x] 746373b0bc28bd6cf73e67dfe3eb8ee04a4cd812 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Remove unused imports.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 889d0dbaa3 Remove unused imports. 889d0dbaa3 is described below commit 889d0dbaa3082b7e7caa4fcb31cd107dd0553767 Author: Mark Thomas AuthorDate: Fri May 26 12:49:31 2023 +0100 Remove unused imports. --- test/org/apache/catalina/filters/TestRateLimitFilter.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java b/test/org/apache/catalina/filters/TestRateLimitFilter.java index 49e785d7e6..4abc66f3dd 100644 --- a/test/org/apache/catalina/filters/TestRateLimitFilter.java +++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java @@ -19,8 +19,6 @@ package org.apache.catalina.filters; import java.io.IOException; import java.util.Date; -import java.util.Enumeration; -import java.util.Map; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-8.5.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/36/builds/502 Blamelist: Igal Sapir , Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 8.5.x] 889d0dbaa3082b7e7caa4fcb31cd107dd0553767 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timing for June releases
Mark, On 5/24/23 04:28, Mark Thomas wrote: OpenSSL has just announced a security fix release for 30 May. We won't know what the security issues are until then so my tentative plan is to tag and release Native 1.2.x and 2.0.x on 31 May, release Native 1.2.x and 2.0.x relatively quickly, update all Tomcat versions to use the new Native versions and then start the June releases. Thoughts? Sounds good. I can set aside some time on Wednesday morning to roll 10.1.x and 8.5.x as well. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66616] New: French: Misleading HTTP 401 error description ("La requête nécessite une authentification HTTP.")
https://bz.apache.org/bugzilla/show_bug.cgi?id=66616
Bug ID: 66616
Summary: French: Misleading HTTP 401 error description ("La
requête nécessite une authentification HTTP.")
Product: Tomcat 10
Version: 10.1.9
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: chea...@gmail.com
Target Milestone: --
When a resource requires HTTP auth, Tomcat understandably returns an HTTP 401
status code. In French, the result is the following when no credentials are
provided:
> État HTTP 401 – Non autorisé
> Type Rapport d'état
> description La requête nécessite une authentification HTTP.
> Apache Tomcat/8.5.85
While the sentence may not be valid/clear, one understands that credentials are
missing.
Unfortunately, the result (including the description) is exactly the same no
matter what caused an 401 error. This understandably causes confusion when
invalid credentials are provided.
This issue does not exist in English, where the description remains constant,
but is vague enough to cover both situations:
> The request has not been applied because it lacks valid authentication
> credentials for the target resource.
The French version used to correspond to the English, but did not follow after
a 2017 change in r1779641:
https://svn.apache.org/viewvc?view=revision&revision=1779641
One challenge is that French does not have an equivalent as clear and canonical
as "login credentials" to my knowledge. One possible up-to-date translation
would be:
> La requête n'a pas été appliquée car elle n'a pas d'informations
> d'authentification valides pour la ressource cible.
However, "applying a request" does not seem valid to me, and I would rather
recommend changing the English version to "has not been treated", "has not been
processed" or "has not been granted", and the French translation to:
> La requête n'a pas été traitée car elle n'a pas d'informations
> d'authentification valides pour la ressource cible.
...or:
> La requête a été refusée car elle n'a pas d'informations d'authentification
> valides pour la ressource cible.
This persists in the most current code:
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/valves/LocalStrings_fr.properties#L53
vs
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/valves/LocalStrings.properties#L55
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66613] Developing wiki page: Unclear reference to "service wrapper" in Debugging
https://bz.apache.org/bugzilla/show_bug.cgi?id=66613 Philippe Cloutier changed: What|Removed |Added Status|RESOLVED|VERIFIED -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66617] New: Developing wiki page: "How do I configure Tomcat to support remote debugging?" does not cover distributed shell scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=66617 Bug ID: 66617 Summary: Developing wiki page: "How do I configure Tomcat to support remote debugging?" does not cover distributed shell scripts Product: Tomcat 10 Version: 10.1.9 Hardware: All OS: All Status: NEW Severity: trivial Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: chea...@gmail.com Target Milestone: -- The "How do I configure Tomcat to support remote debugging?" section of the Tomcat Developing FAQ at https://cwiki.apache.org/confluence/display/TOMCAT/Developing?show-miniview#Developing-Debugging contains the following item: > If you are using shell scripts to start Tomcat, start it with the following > command: > catalina jpda start > [...] This case visibly refers to *custom* shell scripts. Unfortunately, employees in my organization appear to have (pretty much) followed that advice even though we are using vendor-provided shell scripts (those shipped by Tomcat), which means we effectively modified code that doesn't belong to us (a Bad Idea™). Colleagues modified the last line of startup.sh adding "jpda", meaning our changes are lost at least every time the Tomcat package is upgraded: https://github.com/apache/tomcat/blob/483c3d0adde00a5c6569bd75b2901dc6786d1663/bin/startup.sh#L60 Considering that our case is surely far from rare, it would be important to: 1. at least indicate in the existing item that it treats *custom* shell scripts only 2. ideally, add an item covering the case of official (distributed) shell scripts -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
