Re: Cookie parsing and upcoming updates to RFC6265
On 27/08/2024 17:21, Christopher Schultz wrote: Mark, On 8/27/24 11:31, Mark Thomas wrote: On 26/08/2024 15:14, Christopher Schultz wrote: All, On 8/16/24 11:25, Mark Thomas wrote: On 16/08/2024 13:40, Tim Funk wrote: How about missingEqualsCookie="allow | ignore"? The proposed options were: - ignore - name - value By using [allow | ignore] instead of yes/no, it opens the door to additional behaviors. (such as reject which triggers a http error) Agreed. I think maybe we should couple this new configuration attribute with an enabled-by-default Valve (maybe only in 11/12, disabled-by-default in 9/10) that detects empty cookie names and throws an exception and/or returns a 400 response. "ignore" should remove the cookie entirely and allow requests containing these to be serviced. Using the "value" option with this Valve enabled would cause a 400 response. Or it could be worked-into an existing Valve/Filter such as the HttpHeaderSecurityFilter or similar. Or we could add a "reject" option to the configuration setting that triggered an exception. At what stage would this trigger an exception? Coudl the application somehow catch that exception? I would think that a 400 response might make more sense because what does "reject" mean to an application when Tomcat is doing the rejecting? It wouldn't be much different than "ignore" other than you have to tell the client it's being "rejected". That suggests a 400 response to me. Currently, when the cookie header is parsed. If session cookies are enabled (they are by default) that parsing will occur during request parsing which means any exception would be outside of the control of the application and the client would see a 400 response. If an application wants to control what to do here, it could use the name option (or the value option if the Servlet spec is changed to allow cookies with no name) and then check the cookies itself at an appropriate point. I don't think it is worth trying to refactor the cookie parsing so an exception is thrown when the application requests the cookies. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] Add 11.0.x branch to GitHub actions CI [tomcat]
dsoumis opened a new pull request, #747: URL: https://github.com/apache/tomcat/pull/747 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Add 11.0.x branch to GitHub actions CI [tomcat]
markt-asf merged PR #747: URL: https://github.com/apache/tomcat/pull/747 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add 11.0.x branch to GitHub actions CI
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b8e772855d Add 11.0.x branch to GitHub actions CI b8e772855d is described below commit b8e772855dc0c331fa2fb89ad250e8169bf3ec1a Author: Dimitrios Soumis AuthorDate: Wed Aug 28 12:26:11 2024 +0300 Add 11.0.x branch to GitHub actions CI --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 918dbe96ee..7d49195292 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,7 @@ on: push: branches: - main + - 11.0.x - 10.1.x - 9.0.x pull_request: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated (b8e772855d -> a9f7072a57)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from b8e772855d Add 11.0.x branch to GitHub actions CI
new 284aa41292 Fix typo
new a9f7072a57 NoEqualsCookie -> CookiesWithoutEquals
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../apache/catalina/connector/mbeans-descriptors.xml | 2 +-
.../apache/tomcat/util/http/CookieProcessorBase.java | 14 +++---
.../{NoEqualsCookie.java => CookiesWithoutEquals.java} | 12 ++--
.../apache/tomcat/util/http/LocalStrings.properties| 4 ++--
.../apache/tomcat/util/http/LocalStrings_fr.properties | 4 ++--
.../apache/tomcat/util/http/LocalStrings_ko.properties | 4 ++--
.../tomcat/util/http/LocalStrings_zh_CN.properties | 4 ++--
.../tomcat/util/http/Rfc6265CookieProcessor.java | 2 +-
java/org/apache/tomcat/util/http/parser/Cookie.java| 18 +-
.../org/apache/tomcat/util/http/TestCookieParsing.java | 12 ++--
test/org/apache/tomcat/util/http/TestCookies.java | 18 +-
webapps/docs/changelog.xml | 6 +++---
webapps/docs/config/cookie-processor.xml | 2 +-
13 files changed, 51 insertions(+), 51 deletions(-)
rename java/org/apache/tomcat/util/http/{NoEqualsCookie.java =>
CookiesWithoutEquals.java} (85%)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 284aa41292bcd242df5106ab4d8087b81598dad1 Author: Mark Thomas AuthorDate: Wed Aug 28 10:53:14 2024 +0100 Fix typo --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index 263de6085f..9048b0e06d 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -48,7 +48,7 @@ type="boolean"/>
(tomcat) 02/02: NoEqualsCookie -> CookiesWithoutEquals
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a9f7072a57a0d5384fe9ad254ef960bb563ccbdd
Author: Mark Thomas
AuthorDate: Wed Aug 28 10:56:50 2024 +0100
NoEqualsCookie -> CookiesWithoutEquals
---
.../apache/tomcat/util/http/CookieProcessorBase.java | 14 +++---
.../{NoEqualsCookie.java => CookiesWithoutEquals.java} | 12 ++--
.../apache/tomcat/util/http/LocalStrings.properties| 4 ++--
.../apache/tomcat/util/http/LocalStrings_fr.properties | 4 ++--
.../apache/tomcat/util/http/LocalStrings_ko.properties | 4 ++--
.../tomcat/util/http/LocalStrings_zh_CN.properties | 4 ++--
.../tomcat/util/http/Rfc6265CookieProcessor.java | 2 +-
java/org/apache/tomcat/util/http/parser/Cookie.java| 18 +-
.../org/apache/tomcat/util/http/TestCookieParsing.java | 12 ++--
test/org/apache/tomcat/util/http/TestCookies.java | 18 +-
webapps/docs/changelog.xml | 6 +++---
webapps/docs/config/cookie-processor.xml | 2 +-
12 files changed, 50 insertions(+), 50 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index e650fb194c..db7e9fde9f 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -42,21 +42,21 @@ public abstract class CookieProcessorBase implements
CookieProcessor {
private boolean partitioned = false;
-private NoEqualsCookie noEqualsCookie = NoEqualsCookie.IGNORE;
+private CookiesWithoutEquals cookiesWithoutEquals =
CookiesWithoutEquals.IGNORE;
-public String getNoEqualsCookie() {
-return noEqualsCookie.getValue();
+public String getCookiesWithoutEquals() {
+return cookiesWithoutEquals.getValue();
}
-protected NoEqualsCookie getNoEqualsCookieInternal() {
-return noEqualsCookie;
+protected CookiesWithoutEquals getCookiesWithoutEqualsInternal() {
+return cookiesWithoutEquals;
}
-public void setNoEqualsCookie(String noEqualsCookie) {
-this.noEqualsCookie = NoEqualsCookie.fromString(noEqualsCookie);
+public void setCookiesWithoutEquals(String cookiesWithoutEquals) {
+this.cookiesWithoutEquals =
CookiesWithoutEquals.fromString(cookiesWithoutEquals);
}
diff --git a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
similarity index 85%
rename from java/org/apache/tomcat/util/http/NoEqualsCookie.java
rename to java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
index 8d47102b95..02163a8c56 100644
--- a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
+++ b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
@@ -20,7 +20,7 @@ import java.util.Locale;
import org.apache.tomcat.util.res.StringManager;
-public enum NoEqualsCookie {
+public enum CookiesWithoutEquals {
IGNORE("ignore"),
NAME("name");
/*
@@ -34,11 +34,11 @@ public enum NoEqualsCookie {
*/
-private static final StringManager sm =
StringManager.getManager(NoEqualsCookie.class);
+private static final StringManager sm =
StringManager.getManager(CookiesWithoutEquals.class);
private final String value;
-NoEqualsCookie(String value) {
+CookiesWithoutEquals(String value) {
this.value = value;
}
@@ -46,15 +46,15 @@ public enum NoEqualsCookie {
return value;
}
-public static NoEqualsCookie fromString(String from) {
+public static CookiesWithoutEquals fromString(String from) {
String trimmedLower = from.trim().toLowerCase(Locale.ENGLISH);
-for (NoEqualsCookie value : values()) {
+for (CookiesWithoutEquals value : values()) {
if (value.getValue().equals(trimmedLower)) {
return value;
}
}
-throw new IllegalStateException(sm.getString("noEqualsCookie.invalid",
from));
+throw new
IllegalStateException(sm.getString("cookiesWithoutEquals.invalid", from));
}
}
diff --git a/java/org/apache/tomcat/util/http/LocalStrings.properties
b/java/org/apache/tomcat/util/http/LocalStrings.properties
index ce2d474ea6..102ef873fd 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings.properties
@@ -20,9 +20,9 @@ cookies.invalidSameSiteCookies=Unknown setting [{0}], must be
one of: unset, non
cookies.invalidSpecial=Cookies: Unknown Special Cookie
cookies.maxCountFail=More than the maximum allowed number of cookies, [{0}],
were detected.
-headers.maxCountFail=More than the maximum allowed number of headers, [{0}],
were detected.
+cookiesWithoutEquals.invalid=The value [{0}] is not recognised
-
(tomcat) branch 10.1.x updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 7ce366b182 Fix typo 7ce366b182 is described below commit 7ce366b1829f31bd3f7c59eeb316128ee2a3dc54 Author: Mark Thomas AuthorDate: Wed Aug 28 10:53:14 2024 +0100 Fix typo --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index fb55170c3a..0398dd1c1e 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -48,7 +48,7 @@ type="boolean"/>
(tomcat) branch 9.0.x updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 3b0a5aab6b Fix typo 3b0a5aab6b is described below commit 3b0a5aab6bb4540f3eb1f6723a7bd1e4477f5546 Author: Mark Thomas AuthorDate: Wed Aug 28 10:53:14 2024 +0100 Fix typo --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index fb55170c3a..0398dd1c1e 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -48,7 +48,7 @@ type="boolean"/>
(tomcat) branch 11.0.x updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new 55ef99a6f5 Fix typo 55ef99a6f5 is described below commit 55ef99a6f5f551793cf5723d3533485054625dfd Author: Mark Thomas AuthorDate: Wed Aug 28 10:53:14 2024 +0100 Fix typo --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index 263de6085f..9048b0e06d 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -48,7 +48,7 @@ type="boolean"/>
(tomcat) branch 11.0.x updated: NoEqualsCookie -> CookiesWithoutEquals
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 5f129ef8ff NoEqualsCookie -> CookiesWithoutEquals
5f129ef8ff is described below
commit 5f129ef8ff639130373132463b1bc7ba2adba4e9
Author: Mark Thomas
AuthorDate: Wed Aug 28 10:56:50 2024 +0100
NoEqualsCookie -> CookiesWithoutEquals
---
.../apache/tomcat/util/http/CookieProcessorBase.java | 14 +++---
.../{NoEqualsCookie.java => CookiesWithoutEquals.java} | 12 ++--
.../apache/tomcat/util/http/LocalStrings.properties| 4 ++--
.../apache/tomcat/util/http/LocalStrings_fr.properties | 4 ++--
.../apache/tomcat/util/http/LocalStrings_ko.properties | 4 ++--
.../tomcat/util/http/LocalStrings_zh_CN.properties | 4 ++--
.../tomcat/util/http/Rfc6265CookieProcessor.java | 2 +-
java/org/apache/tomcat/util/http/parser/Cookie.java| 18 +-
.../org/apache/tomcat/util/http/TestCookieParsing.java | 12 ++--
test/org/apache/tomcat/util/http/TestCookies.java | 18 +-
webapps/docs/changelog.xml | 2 +-
webapps/docs/config/cookie-processor.xml | 2 +-
12 files changed, 48 insertions(+), 48 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index 54cb7de5f4..395216aeb6 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -42,21 +42,21 @@ public abstract class CookieProcessorBase implements
CookieProcessor {
private boolean partitioned = false;
-private NoEqualsCookie noEqualsCookie = NoEqualsCookie.NAME;
+private CookiesWithoutEquals cookiesWithoutEquals =
CookiesWithoutEquals.NAME;
-public String getNoEqualsCookie() {
-return noEqualsCookie.getValue();
+public String getCookiesWithoutEquals() {
+return cookiesWithoutEquals.getValue();
}
-protected NoEqualsCookie getNoEqualsCookieInternal() {
-return noEqualsCookie;
+protected CookiesWithoutEquals getCookiesWithoutEqualsInternal() {
+return cookiesWithoutEquals;
}
-public void setNoEqualsCookie(String noEqualsCookie) {
-this.noEqualsCookie = NoEqualsCookie.fromString(noEqualsCookie);
+public void setCookiesWithoutEquals(String cookiesWithoutEquals) {
+this.cookiesWithoutEquals =
CookiesWithoutEquals.fromString(cookiesWithoutEquals);
}
diff --git a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
similarity index 85%
rename from java/org/apache/tomcat/util/http/NoEqualsCookie.java
rename to java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
index 8d47102b95..02163a8c56 100644
--- a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
+++ b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
@@ -20,7 +20,7 @@ import java.util.Locale;
import org.apache.tomcat.util.res.StringManager;
-public enum NoEqualsCookie {
+public enum CookiesWithoutEquals {
IGNORE("ignore"),
NAME("name");
/*
@@ -34,11 +34,11 @@ public enum NoEqualsCookie {
*/
-private static final StringManager sm =
StringManager.getManager(NoEqualsCookie.class);
+private static final StringManager sm =
StringManager.getManager(CookiesWithoutEquals.class);
private final String value;
-NoEqualsCookie(String value) {
+CookiesWithoutEquals(String value) {
this.value = value;
}
@@ -46,15 +46,15 @@ public enum NoEqualsCookie {
return value;
}
-public static NoEqualsCookie fromString(String from) {
+public static CookiesWithoutEquals fromString(String from) {
String trimmedLower = from.trim().toLowerCase(Locale.ENGLISH);
-for (NoEqualsCookie value : values()) {
+for (CookiesWithoutEquals value : values()) {
if (value.getValue().equals(trimmedLower)) {
return value;
}
}
-throw new IllegalStateException(sm.getString("noEqualsCookie.invalid",
from));
+throw new
IllegalStateException(sm.getString("cookiesWithoutEquals.invalid", from));
}
}
diff --git a/java/org/apache/tomcat/util/http/LocalStrings.properties
b/java/org/apache/tomcat/util/http/LocalStrings.properties
index ce2d474ea6..102ef873fd 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings.properties
@@ -20,9 +20,9 @@ cookies.invalidSameSiteCookies=Unknown setting [{0}], must be
one of: unset, non
cookies.invalidSpecial=Cookies: Unknown Special Cookie
cookies.maxCountFail=More than the maximum allowed number of cookies, [{0}],
were detected.
-heade
(tomcat) branch 10.1.x updated: NoEqualsCookie -> CookiesWithoutEquals
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 44a8be2833 NoEqualsCookie -> CookiesWithoutEquals
44a8be2833 is described below
commit 44a8be2833489c1247f3eb53169383ddeb392411
Author: Mark Thomas
AuthorDate: Wed Aug 28 10:56:50 2024 +0100
NoEqualsCookie -> CookiesWithoutEquals
---
.../apache/tomcat/util/http/CookieProcessorBase.java | 14 +++---
.../{NoEqualsCookie.java => CookiesWithoutEquals.java} | 12 ++--
.../apache/tomcat/util/http/LocalStrings.properties| 4 ++--
.../apache/tomcat/util/http/LocalStrings_fr.properties | 4 ++--
.../apache/tomcat/util/http/LocalStrings_ko.properties | 4 ++--
.../tomcat/util/http/LocalStrings_zh_CN.properties | 4 ++--
.../tomcat/util/http/Rfc6265CookieProcessor.java | 2 +-
java/org/apache/tomcat/util/http/parser/Cookie.java| 18 +-
.../org/apache/tomcat/util/http/TestCookieParsing.java | 12 ++--
test/org/apache/tomcat/util/http/TestCookies.java | 18 +-
webapps/docs/changelog.xml | 2 +-
webapps/docs/config/cookie-processor.xml | 2 +-
12 files changed, 48 insertions(+), 48 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index 54cb7de5f4..395216aeb6 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -42,21 +42,21 @@ public abstract class CookieProcessorBase implements
CookieProcessor {
private boolean partitioned = false;
-private NoEqualsCookie noEqualsCookie = NoEqualsCookie.NAME;
+private CookiesWithoutEquals cookiesWithoutEquals =
CookiesWithoutEquals.NAME;
-public String getNoEqualsCookie() {
-return noEqualsCookie.getValue();
+public String getCookiesWithoutEquals() {
+return cookiesWithoutEquals.getValue();
}
-protected NoEqualsCookie getNoEqualsCookieInternal() {
-return noEqualsCookie;
+protected CookiesWithoutEquals getCookiesWithoutEqualsInternal() {
+return cookiesWithoutEquals;
}
-public void setNoEqualsCookie(String noEqualsCookie) {
-this.noEqualsCookie = NoEqualsCookie.fromString(noEqualsCookie);
+public void setCookiesWithoutEquals(String cookiesWithoutEquals) {
+this.cookiesWithoutEquals =
CookiesWithoutEquals.fromString(cookiesWithoutEquals);
}
diff --git a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
similarity index 85%
rename from java/org/apache/tomcat/util/http/NoEqualsCookie.java
rename to java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
index 8d47102b95..02163a8c56 100644
--- a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
+++ b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
@@ -20,7 +20,7 @@ import java.util.Locale;
import org.apache.tomcat.util.res.StringManager;
-public enum NoEqualsCookie {
+public enum CookiesWithoutEquals {
IGNORE("ignore"),
NAME("name");
/*
@@ -34,11 +34,11 @@ public enum NoEqualsCookie {
*/
-private static final StringManager sm =
StringManager.getManager(NoEqualsCookie.class);
+private static final StringManager sm =
StringManager.getManager(CookiesWithoutEquals.class);
private final String value;
-NoEqualsCookie(String value) {
+CookiesWithoutEquals(String value) {
this.value = value;
}
@@ -46,15 +46,15 @@ public enum NoEqualsCookie {
return value;
}
-public static NoEqualsCookie fromString(String from) {
+public static CookiesWithoutEquals fromString(String from) {
String trimmedLower = from.trim().toLowerCase(Locale.ENGLISH);
-for (NoEqualsCookie value : values()) {
+for (CookiesWithoutEquals value : values()) {
if (value.getValue().equals(trimmedLower)) {
return value;
}
}
-throw new IllegalStateException(sm.getString("noEqualsCookie.invalid",
from));
+throw new
IllegalStateException(sm.getString("cookiesWithoutEquals.invalid", from));
}
}
diff --git a/java/org/apache/tomcat/util/http/LocalStrings.properties
b/java/org/apache/tomcat/util/http/LocalStrings.properties
index f670b79cb9..11ca7e0a07 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings.properties
@@ -20,9 +20,9 @@ cookies.invalidSameSiteCookies=Unknown setting [{0}], must be
one of: unset, non
cookies.invalidSpecial=Cookies: Unknown Special Cookie
cookies.maxCountFail=More than the maximum allowed number of cookies, [{0}],
were detected.
-heade
(tomcat) branch 9.0.x updated: NoEqualsCookie -> CookiesWithoutEquals
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new fbb90e471b NoEqualsCookie -> CookiesWithoutEquals
fbb90e471b is described below
commit fbb90e471b002df3970e69895f970f9c45ecab16
Author: Mark Thomas
AuthorDate: Wed Aug 28 10:56:50 2024 +0100
NoEqualsCookie -> CookiesWithoutEquals
---
.../tomcat/util/http/CookieProcessorBase.java | 14 ++--
...EqualsCookie.java => CookiesWithoutEquals.java} | 12 +--
.../tomcat/util/http/LocalStrings.properties | 4 ++--
.../tomcat/util/http/LocalStrings_fr.properties| 4 ++--
.../tomcat/util/http/LocalStrings_ko.properties| 4 ++--
.../tomcat/util/http/LocalStrings_zh_CN.properties | 4 ++--
.../tomcat/util/http/Rfc6265CookieProcessor.java | 2 +-
.../org/apache/tomcat/util/http/parser/Cookie.java | 25 +++---
.../apache/tomcat/util/http/TestCookieParsing.java | 15 +++--
test/org/apache/tomcat/util/http/TestCookies.java | 18
.../apache/tomcat/util/http/parser/TestCookie.java | 4 ++--
webapps/docs/changelog.xml | 2 +-
webapps/docs/config/cookie-processor.xml | 2 +-
13 files changed, 56 insertions(+), 54 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index 54cb7de5f4..395216aeb6 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -42,21 +42,21 @@ public abstract class CookieProcessorBase implements
CookieProcessor {
private boolean partitioned = false;
-private NoEqualsCookie noEqualsCookie = NoEqualsCookie.NAME;
+private CookiesWithoutEquals cookiesWithoutEquals =
CookiesWithoutEquals.NAME;
-public String getNoEqualsCookie() {
-return noEqualsCookie.getValue();
+public String getCookiesWithoutEquals() {
+return cookiesWithoutEquals.getValue();
}
-protected NoEqualsCookie getNoEqualsCookieInternal() {
-return noEqualsCookie;
+protected CookiesWithoutEquals getCookiesWithoutEqualsInternal() {
+return cookiesWithoutEquals;
}
-public void setNoEqualsCookie(String noEqualsCookie) {
-this.noEqualsCookie = NoEqualsCookie.fromString(noEqualsCookie);
+public void setCookiesWithoutEquals(String cookiesWithoutEquals) {
+this.cookiesWithoutEquals =
CookiesWithoutEquals.fromString(cookiesWithoutEquals);
}
diff --git a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
similarity index 85%
rename from java/org/apache/tomcat/util/http/NoEqualsCookie.java
rename to java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
index 8d47102b95..02163a8c56 100644
--- a/java/org/apache/tomcat/util/http/NoEqualsCookie.java
+++ b/java/org/apache/tomcat/util/http/CookiesWithoutEquals.java
@@ -20,7 +20,7 @@ import java.util.Locale;
import org.apache.tomcat.util.res.StringManager;
-public enum NoEqualsCookie {
+public enum CookiesWithoutEquals {
IGNORE("ignore"),
NAME("name");
/*
@@ -34,11 +34,11 @@ public enum NoEqualsCookie {
*/
-private static final StringManager sm =
StringManager.getManager(NoEqualsCookie.class);
+private static final StringManager sm =
StringManager.getManager(CookiesWithoutEquals.class);
private final String value;
-NoEqualsCookie(String value) {
+CookiesWithoutEquals(String value) {
this.value = value;
}
@@ -46,15 +46,15 @@ public enum NoEqualsCookie {
return value;
}
-public static NoEqualsCookie fromString(String from) {
+public static CookiesWithoutEquals fromString(String from) {
String trimmedLower = from.trim().toLowerCase(Locale.ENGLISH);
-for (NoEqualsCookie value : values()) {
+for (CookiesWithoutEquals value : values()) {
if (value.getValue().equals(trimmedLower)) {
return value;
}
}
-throw new IllegalStateException(sm.getString("noEqualsCookie.invalid",
from));
+throw new
IllegalStateException(sm.getString("cookiesWithoutEquals.invalid", from));
}
}
diff --git a/java/org/apache/tomcat/util/http/LocalStrings.properties
b/java/org/apache/tomcat/util/http/LocalStrings.properties
index 0b44e2fc52..06a0e94292 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings.properties
@@ -20,9 +20,9 @@ cookies.invalidSameSiteCookies=Unknown setting [{0}], must be
one of: unset, non
cookies.invalidSpecial=Cookies: Unknown Special Cookie
cookies.maxCountFail=More than the maximum allowed number of cookies, [{0}],
were detect
[Bug 69293] New: Cannot start Apache
https://bz.apache.org/bugzilla/show_bug.cgi?id=69293 Bug ID: 69293 Summary: Cannot start Apache Product: Tomcat 10 Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Packaging Assignee: dev@tomcat.apache.org Reporter: sgs-dc-service...@jp.sony.com Target Milestone: -- See below error below: httpd.exe - cannot load modules/mod_sso.so -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 02db97e04d Fix typo 02db97e04d is described below commit 02db97e04dfaa62229ec04c9622884273db61f99 Author: Mark Thomas AuthorDate: Wed Aug 28 11:34:58 2024 +0100 Fix typo --- webapps/docs/security-howto.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index 0ca99031c1..6a371820e7 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -133,7 +133,7 @@ The examples web application should always be removed from any security sensitive installation. While the examples web application does not contain any known vulnerabilities, it is known to contain features - (particularly the cookie examples that display the contents of all + (particularly the cookie examples that display the contents of all cookies received and allow new cookies to be set) that may be used by an attacker in conjunction with a vulnerability in another application deployed on the Tomcat instance to obtain additional information that would otherwise be - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new 72b2409462 Fix typo 72b2409462 is described below commit 72b24094628427b133c077407140e066d1ce02e2 Author: Mark Thomas AuthorDate: Wed Aug 28 11:34:58 2024 +0100 Fix typo --- webapps/docs/security-howto.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index 0ca99031c1..6a371820e7 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -133,7 +133,7 @@ The examples web application should always be removed from any security sensitive installation. While the examples web application does not contain any known vulnerabilities, it is known to contain features - (particularly the cookie examples that display the contents of all + (particularly the cookie examples that display the contents of all cookies received and allow new cookies to be set) that may be used by an attacker in conjunction with a vulnerability in another application deployed on the Tomcat instance to obtain additional information that would otherwise be - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new da2dda3070 Fix typo da2dda3070 is described below commit da2dda3070e4e2fc4d635ee80d89e53a77b6fa49 Author: Mark Thomas AuthorDate: Wed Aug 28 11:34:58 2024 +0100 Fix typo --- webapps/docs/security-howto.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index 65ef1c012c..e6a5e11809 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -133,7 +133,7 @@ The examples web application should always be removed from any security sensitive installation. While the examples web application does not contain any known vulnerabilities, it is known to contain features - (particularly the cookie examples that display the contents of all + (particularly the cookie examples that display the contents of all cookies received and allow new cookies to be set) that may be used by an attacker in conjunction with a vulnerability in another application deployed on the Tomcat instance to obtain additional information that would otherwise be - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9745c5d042 Fix typo 9745c5d042 is described below commit 9745c5d04290901fea2707a81b4dffd9a069a077 Author: Mark Thomas AuthorDate: Wed Aug 28 11:34:58 2024 +0100 Fix typo --- webapps/docs/security-howto.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index b7e50f9c02..57001b806f 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -133,7 +133,7 @@ The examples web application should always be removed from any security sensitive installation. While the examples web application does not contain any known vulnerabilities, it is known to contain features - (particularly the cookie examples that display the contents of all + (particularly the cookie examples that display the contents of all cookies received and allow new cookies to be set) that may be used by an attacker in conjunction with a vulnerability in another application deployed on the Tomcat instance to obtain additional information that would otherwise be - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1920248 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Author: markt Date: Wed Aug 28 10:47:08 2024 New Revision: 1920248 URL: http://svn.apache.org/viewvc?rev=1920248&view=rev Log: Restructure Modified: tomcat/site/trunk/docs/security-model.html tomcat/site/trunk/xdocs/security-model.xml Modified: tomcat/site/trunk/docs/security-model.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920248&r1=1920247&r2=1920248&view=diff == --- tomcat/site/trunk/docs/security-model.html (original) +++ tomcat/site/trunk/docs/security-model.html Wed Aug 28 10:47:08 2024 @@ -1,39 +1,79 @@ Apache Tomcat® - Security Modelhttps://www.apachecon.com/event-images/snippet.js";>http://tomcat.apache.org/";>Apache Tomcat®https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left">https://www.apache.org/images/SupportApache-smal l.png" class="support-asf" alt="Support Apache">http://www.apache.org/"; target="_blank" class="pull-left">https://www.google.com/search"; method="get">GOApache TomcatHomeTaglibsMaven PluginDownloadWhich version?https://tomcat.apache.org/download -11.cgi">Tomcat 11 (beta)https://tomcat.apache.org/download-10.cgi";>Tomcat 10https://tomcat.apache.org/download-90.cgi";>Tomcat 9https://tomcat.apache.org/download-migration.cgi";>Tomcat Migration Tool for Jakarta EEhttps://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectorshttps://tomcat.apache.org/download-native.cgi";>Tomcat Nativehttps://tomcat.apache.org/download-taglibs.cgi";>Taglibshttps://archive.apache.org/dist/tomcat/";>ArchivesDocumentationTomcat 11.0 (beta)Tomcat 10.1Tomcat 9.0UpgradingTomcat ConnectorsTomcat Native 2Tomcat Native 1.3https://cwiki.apache.org/confluence/display/TOMCAT";>WikiMigration GuidePresentationshttps://cwiki.apache.org/confluence/x/Bi8lBg";>SpecificationsProblems?Security ReportsFind helphttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQMailing ListsBug DatabaseIRCGet InvolvedOverviewSource codeBuildbothttps://cwiki.apache.org/confluence/x/vIPzBQ";>TranslationsToolsMediahttps://twitter.com/theapachetomcat";>Twitterhttps://www.youtube.com/c/ApacheTomcatOfficial";>YouTubehttps://blogs.apache.org/tomcat/";>BlogMiscWho We Arehttps://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>SwagHeritagehttp://www.apache.org";>Apache HomeResourcesContactLegalhttps://privacy.apache.org/policies/privacy-policy-public.html";>Privacyhttps://www.apache.org/foundation/contributing.html";>Support Apachehttps://www.apache.org/foundation/sponsorship.html";>Sponsorshiphttp://www.apache.org/foundation/ thanks.html">Thankshttp://www.apache.org/licenses/";>LicenseContentSecurity model for Apache Tomcat -This security model is currently in DRAFT from. +Introduction -The Apache Tomcat® Security Team reviews reported - vulnerabilities against the following security model: + This security model is currently in DRAFT from. - - Users with the ability to modify Tomcat and/or application - configuration files and/or binaries are trusted. - Deployed web applications are trusted. - Vulnerabilities in deployed web applications are application - vulnerabilities, not Tomcat vulnerabilities. - Data received by an HTTP connector is untrusted. - Data received by an AJP connector is untrusted apart from: - - The standard request attributes and any arbitrary request - attributes permitted by - allowedRequestAttributesPattern - - - JMX is an administrative interface and users with access to it are - trusted. - The Manager and Host manager web applications are administrative - interfaces and users with access to either of them are considered to - be trusted. - Cluster traffic requires a trusted network unless the - EncryptInterceptor is used in which case confidentiality and integrity - but not availability will be protected. - Multi-cast cluster membership always requires a trusted network. - Security sensitive information will not be logged with the default - configuration apart from anything included in the request URI. - Security sensitive information may be logged with modified logging - configurations, particularly if debug logging is enabled. - + The Apache Tomcat® Security Team reviews reported + vulnerabilities against the following security model: + + + +Administrative users + + Administrative users are always considered to be trusted. Reports that + require attacker access to and/or control of any of the following to + succeed will be rejected: + + +The Manager or Host Manager applications provided with Tomcat +Tomcat configuration files +Tomcat binaries and/or scripts +The JMX API (local or remote) +The J
Re: svn commit: r1920023 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
On 27/08/2024 17:34, Christopher Schultz wrote: Mark, On 8/27/24 11:59, Mark Thomas wrote: On 26/08/2024 15:18, Christopher Schultz wrote: + Data received by an AJP connector is trusted. Maybe clarify which data you are talking about? I'm guessing that "request attributes" and certain headers should be considered trusted, but the request entity for example is not. Thanks. Good catch. I've updated the docs. Any further changes before I add some links to this page from the security docs? I think: " Vulnerabilities in deployed web applications are application vulnerabilities, not Tomcat vulnerabilities. " ...ought to mention that Tomcat-provided web applications are in-scope for security vulnerability reports. Manager and host-manager are quite important while ROOT, docs, and examples would be limited to e.g. "low importance" because they should never be deployed into a production environment. s/multi-cast/multicast/g This list is sufficiently long that we might want to break it down a little into separate sections with separate titles e.g.: Trusted Environments The following environments, user, and code are always considered trusted. Reports that users with control over these environments will be rejected on the basis that those users are in fact trusted and have administrative or equivalent access: * Deployed web applications * Access via JMX * Access via Java Attach API or other debugging interfaces * ... As I write this, it seems to be falling apart a little. Maybe this comment will spark someone else's creativity. But the list seems to be getting long and I'm a very strong supporter of "Parallel Structure"[1] in writing, and this is all over the place. I've restructured the page. I've added the things you suggested. Any better? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69293] Cannot start Apache
https://bz.apache.org/bugzilla/show_bug.cgi?id=69293 Mark Thomas changed: What|Removed |Added OS||All Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas --- Wrong project. Bugzilla is not a support forum. You probably want the httpd users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69293] Cannot start Apache
https://bz.apache.org/bugzilla/show_bug.cgi?id=69293 Mark Thomas changed: What|Removed |Added Resolution|FIXED |INVALID -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-9.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/1049 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 9.0.x] 9745c5d04290901fea2707a81b4dffd9a069a077 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69295] New: https://socialosso.com/
https://bz.apache.org/bugzilla/show_bug.cgi?id=69295 Bug ID: 69295 Summary: https://socialosso.com/ Product: Tomcat Native Version: unspecified Hardware: PC OS: Windows XP Status: NEW Severity: normal Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: alexandermorgan1...@gmail.com Target Milestone: --- https://socialosso.com/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69295] https://socialosso.com/
https://bz.apache.org/bugzilla/show_bug.cgi?id=69295 --- Comment #1 from Alex --- Created attachment 39852 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39852&action=edit https://socialosso.com/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Update the second of the six diagrams.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new a10e83b10d Update the second of the six diagrams. a10e83b10d is described below commit a10e83b10dd25d82cba9000db032d62eaa4f3162 Author: Mark Thomas AuthorDate: Wed Aug 28 16:54:29 2024 +0100 Update the second of the six diagrams. --- webapps/docs/architecture/startup.xml | 7 +- .../docs/architecture/startup/2_catalina_init.png | Bin 0 -> 59658 bytes .../docs/architecture/startup/2_catalina_init.vpd | 1 + .../architecture/startup/2_catalina_initliaze.svg | 333 - 4 files changed, 6 insertions(+), 335 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index f25d48c529..2d4748face 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -73,8 +73,11 @@ waits in the await() method for a shutdown signal. Once a shutdown signal is received, the Server object is stopped and then destroyed. The JVM then exits. -Diagram 2 will show how the Server initialises the Connectors and associated -objects. +Diagram 2 shows how Tomcat initalizes +the objects created by the Digester in the previous step and when additional key +objects are created. A Server may have several Services although it typically +only has one. Each Service may have multiple Connectors. A Connector instance is +associated with a single Protocol instance and a single CoyoteAdapter instance. Diagram 3 will show how the Server initialises the Service(s), Engine(s) and diff --git a/webapps/docs/architecture/startup/2_catalina_init.png b/webapps/docs/architecture/startup/2_catalina_init.png new file mode 100644 index 00..3da81b7722 Binary files /dev/null and b/webapps/docs/architecture/startup/2_catalina_init.png differ diff --git a/webapps/docs/architecture/startup/2_catalina_init.vpd b/webapps/docs/architecture/startup/2_catalina_init.vpd new file mode 100644 index 00..ed00fb378d --- /dev/null +++ b/webapps/docs/architecture/startup/2_catalina_init.vpd @@ -0,0 +1 @@ +3cU2FsdKGVkX1t9tZy9VJxXYPh6Tpp90wtnKkkdoiOukuZAl8Wa4E=H8rXYII5c+76D6BMUaAe5Fky3ZKdelZm7wh7w/bFDhk4slXP3WGSsiGEH4B3hPR3QOu4btmIj/tyDU+RGpVmR1LlosBA1yC0XU/RkqBx5y1gqypY7Lj42mEiM6uFVWgy1c/wvVnLMcN1sGCet+9bs6qm1kRgpydSOOwcdJ1mKYvCEXP3FoIG5ka8ElC2kswwhz8tuyHkKiIHW8sdEiWLi4gm1x8Bc4N33z1RAKsCzSL5X7LiR0PATJqpbhhAtZBYBuY4fW0ZJc7dFvTTer9XGhoJso4OPOTY/eopXwOz0MYyxicaVCSS58EE+SI2u8J/8e53dnuPygIwZgGQsZTsR0PtYy6ilm2ETaSDoV+vUvhgqmlWU+g/j8fHd1B5qgKpAzYzzvX2V5T3Fl7Fs/BF4g5tZgMbyNlSUs45h5TRXOjZ0FdzEDnnXY [...] \ No newline at end of file diff --git a/webapps/docs/architecture/startup/2_catalina_initliaze.svg b/webapps/docs/architecture/startup/2_catalina_initliaze.svg deleted file mode 100644 index d1cc455542..00 --- a/webapps/docs/architecture/startup/2_catalina_initliaze.svg +++ /dev/null @@ -1,333 +0,0 @@ - -http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd'> -http://www.w3.org/1999/xlink"; color-rendering="auto" color-interpolation="auto" text-rendering="auto" stroke="rgb(0,0,0)" stroke-linecap="square" width="751" stroke-miterlimit="10" shape-rendering="auto" stroke-opacity="0" fill="rgb(0,0,0)" stroke-dasharray="none" font-weight="normal" stroke-width="1" height="636" xmlns="http://www.w3.org/2000/svg"; font-family="'Dialog'" font-style="normal" stroke-linejoin="miter" font-size="12px" stroke-dashoffset="0" [...] ->JkCoyoteAdapterHttp11ProtocolCoyoteAdapterCoyoteConnectorStandardServiceStandardServerCatalinainit()new()init()new()new()initialize()initialize()initialize() - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Update the second of the six diagrams.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new 58bf7b76ca Update the second of the six diagrams. 58bf7b76ca is described below commit 58bf7b76ca3e6e38952b679c383e9a2b28fa9a26 Author: Mark Thomas AuthorDate: Wed Aug 28 16:54:29 2024 +0100 Update the second of the six diagrams. --- webapps/docs/architecture/startup.xml | 7 +- .../docs/architecture/startup/2_catalina_init.png | Bin 0 -> 59658 bytes .../docs/architecture/startup/2_catalina_init.vpd | 1 + .../architecture/startup/2_catalina_initliaze.svg | 333 - 4 files changed, 6 insertions(+), 335 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index 5fbcfc57e5..6bdd7d1b38 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -73,8 +73,11 @@ waits in the await() method for a shutdown signal. Once a shutdown signal is received, the Server object is stopped and then destroyed. The JVM then exits. -Diagram 2 will show how the Server initialises the Connectors and associated -objects. +Diagram 2 shows how Tomcat initalizes +the objects created by the Digester in the previous step and when additional key +objects are created. A Server may have several Services although it typically +only has one. Each Service may have multiple Connectors. A Connector instance is +associated with a single Protocol instance and a single CoyoteAdapter instance. Diagram 3 will show how the Server initialises the Service(s), Engine(s) and diff --git a/webapps/docs/architecture/startup/2_catalina_init.png b/webapps/docs/architecture/startup/2_catalina_init.png new file mode 100644 index 00..3da81b7722 Binary files /dev/null and b/webapps/docs/architecture/startup/2_catalina_init.png differ diff --git a/webapps/docs/architecture/startup/2_catalina_init.vpd b/webapps/docs/architecture/startup/2_catalina_init.vpd new file mode 100644 index 00..ed00fb378d --- /dev/null +++ b/webapps/docs/architecture/startup/2_catalina_init.vpd @@ -0,0 +1 @@ +3cU2FsdKGVkX1t9tZy9VJxXYPh6Tpp90wtnKkkdoiOukuZAl8Wa4E=H8rXYII5c+76D6BMUaAe5Fky3ZKdelZm7wh7w/bFDhk4slXP3WGSsiGEH4B3hPR3QOu4btmIj/tyDU+RGpVmR1LlosBA1yC0XU/RkqBx5y1gqypY7Lj42mEiM6uFVWgy1c/wvVnLMcN1sGCet+9bs6qm1kRgpydSOOwcdJ1mKYvCEXP3FoIG5ka8ElC2kswwhz8tuyHkKiIHW8sdEiWLi4gm1x8Bc4N33z1RAKsCzSL5X7LiR0PATJqpbhhAtZBYBuY4fW0ZJc7dFvTTer9XGhoJso4OPOTY/eopXwOz0MYyxicaVCSS58EE+SI2u8J/8e53dnuPygIwZgGQsZTsR0PtYy6ilm2ETaSDoV+vUvhgqmlWU+g/j8fHd1B5qgKpAzYzzvX2V5T3Fl7Fs/BF4g5tZgMbyNlSUs45h5TRXOjZ0FdzEDnnXY [...] \ No newline at end of file diff --git a/webapps/docs/architecture/startup/2_catalina_initliaze.svg b/webapps/docs/architecture/startup/2_catalina_initliaze.svg deleted file mode 100644 index d1cc455542..00 --- a/webapps/docs/architecture/startup/2_catalina_initliaze.svg +++ /dev/null @@ -1,333 +0,0 @@ - -http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd'> -http://www.w3.org/1999/xlink"; color-rendering="auto" color-interpolation="auto" text-rendering="auto" stroke="rgb(0,0,0)" stroke-linecap="square" width="751" stroke-miterlimit="10" shape-rendering="auto" stroke-opacity="0" fill="rgb(0,0,0)" stroke-dasharray="none" font-weight="normal" stroke-width="1" height="636" xmlns="http://www.w3.org/2000/svg"; font-family="'Dialog'" font-style="normal" stroke-linejoin="miter" font-size="12px" stroke-dashoffset="0" [...] ->JkCoyoteAdapterHttp11ProtocolCoyoteAdapterCoyoteConnectorStandardServiceStandardServerCatalinainit()new()init()new()new()initialize()initialize()initialize() - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Update the second of the six diagrams.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 2ac737ab2d Update the second of the six diagrams. 2ac737ab2d is described below commit 2ac737ab2df52d5e96194a2ec47b29812074b13f Author: Mark Thomas AuthorDate: Wed Aug 28 16:54:29 2024 +0100 Update the second of the six diagrams. --- webapps/docs/architecture/startup.xml | 7 +-- webapps/docs/architecture/startup/2_catalina_init.png | Bin 0 -> 59658 bytes webapps/docs/architecture/startup/2_catalina_init.vpd | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index 5fbcfc57e5..6bdd7d1b38 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -73,8 +73,11 @@ waits in the await() method for a shutdown signal. Once a shutdown signal is received, the Server object is stopped and then destroyed. The JVM then exits. -Diagram 2 will show how the Server initialises the Connectors and associated -objects. +Diagram 2 shows how Tomcat initalizes +the objects created by the Digester in the previous step and when additional key +objects are created. A Server may have several Services although it typically +only has one. Each Service may have multiple Connectors. A Connector instance is +associated with a single Protocol instance and a single CoyoteAdapter instance. Diagram 3 will show how the Server initialises the Service(s), Engine(s) and diff --git a/webapps/docs/architecture/startup/2_catalina_init.png b/webapps/docs/architecture/startup/2_catalina_init.png new file mode 100644 index 00..3da81b7722 Binary files /dev/null and b/webapps/docs/architecture/startup/2_catalina_init.png differ diff --git a/webapps/docs/architecture/startup/2_catalina_init.vpd b/webapps/docs/architecture/startup/2_catalina_init.vpd new file mode 100644 index 00..ed00fb378d --- /dev/null +++ b/webapps/docs/architecture/startup/2_catalina_init.vpd @@ -0,0 +1 @@ +3cU2FsdKGVkX1t9tZy9VJxXYPh6Tpp90wtnKkkdoiOukuZAl8Wa4E=H8rXYII5c+76D6BMUaAe5Fky3ZKdelZm7wh7w/bFDhk4slXP3WGSsiGEH4B3hPR3QOu4btmIj/tyDU+RGpVmR1LlosBA1yC0XU/RkqBx5y1gqypY7Lj42mEiM6uFVWgy1c/wvVnLMcN1sGCet+9bs6qm1kRgpydSOOwcdJ1mKYvCEXP3FoIG5ka8ElC2kswwhz8tuyHkKiIHW8sdEiWLi4gm1x8Bc4N33z1RAKsCzSL5X7LiR0PATJqpbhhAtZBYBuY4fW0ZJc7dFvTTer9XGhoJso4OPOTY/eopXwOz0MYyxicaVCSS58EE+SI2u8J/8e53dnuPygIwZgGQsZTsR0PtYy6ilm2ETaSDoV+vUvhgqmlWU+g/j8fHd1B5qgKpAzYzzvX2V5T3Fl7Fs/BF4g5tZgMbyNlSUs45h5TRXOjZ0FdzEDnnXY [...] \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Update the second of the six diagrams.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 22a3d1 Update the second of the six diagrams. 22a3d1 is described below commit 22a3d13fd22c819b34addcebdbb28fa4ad9c Author: Mark Thomas AuthorDate: Wed Aug 28 16:54:29 2024 +0100 Update the second of the six diagrams. --- webapps/docs/architecture/startup.xml | 7 +-- webapps/docs/architecture/startup/2_catalina_init.png | Bin 0 -> 59658 bytes webapps/docs/architecture/startup/2_catalina_init.vpd | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index 5fbcfc57e5..6bdd7d1b38 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -73,8 +73,11 @@ waits in the await() method for a shutdown signal. Once a shutdown signal is received, the Server object is stopped and then destroyed. The JVM then exits. -Diagram 2 will show how the Server initialises the Connectors and associated -objects. +Diagram 2 shows how Tomcat initalizes +the objects created by the Digester in the previous step and when additional key +objects are created. A Server may have several Services although it typically +only has one. Each Service may have multiple Connectors. A Connector instance is +associated with a single Protocol instance and a single CoyoteAdapter instance. Diagram 3 will show how the Server initialises the Service(s), Engine(s) and diff --git a/webapps/docs/architecture/startup/2_catalina_init.png b/webapps/docs/architecture/startup/2_catalina_init.png new file mode 100644 index 00..3da81b7722 Binary files /dev/null and b/webapps/docs/architecture/startup/2_catalina_init.png differ diff --git a/webapps/docs/architecture/startup/2_catalina_init.vpd b/webapps/docs/architecture/startup/2_catalina_init.vpd new file mode 100644 index 00..ed00fb378d --- /dev/null +++ b/webapps/docs/architecture/startup/2_catalina_init.vpd @@ -0,0 +1 @@ +3cU2FsdKGVkX1t9tZy9VJxXYPh6Tpp90wtnKkkdoiOukuZAl8Wa4E=H8rXYII5c+76D6BMUaAe5Fky3ZKdelZm7wh7w/bFDhk4slXP3WGSsiGEH4B3hPR3QOu4btmIj/tyDU+RGpVmR1LlosBA1yC0XU/RkqBx5y1gqypY7Lj42mEiM6uFVWgy1c/wvVnLMcN1sGCet+9bs6qm1kRgpydSOOwcdJ1mKYvCEXP3FoIG5ka8ElC2kswwhz8tuyHkKiIHW8sdEiWLi4gm1x8Bc4N33z1RAKsCzSL5X7LiR0PATJqpbhhAtZBYBuY4fW0ZJc7dFvTTer9XGhoJso4OPOTY/eopXwOz0MYyxicaVCSS58EE+SI2u8J/8e53dnuPygIwZgGQsZTsR0PtYy6ilm2ETaSDoV+vUvhgqmlWU+g/j8fHd1B5qgKpAzYzzvX2V5T3Fl7Fs/BF4g5tZgMbyNlSUs45h5TRXOjZ0FdzEDnnXY [...] \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Update comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new c353def3fd Update comment c353def3fd is described below commit c353def3fd3cddd18371bd1f7d2b0e4d2276c867 Author: Mark Thomas AuthorDate: Wed Aug 28 17:00:55 2024 +0100 Update comment --- build.properties.default | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index 76c60fabba..58146b6a96 100644 --- a/build.properties.default +++ b/build.properties.default @@ -131,8 +131,8 @@ base-maven.loc=https://repo.maven.apache.org/maven2 # See https://cwiki.apache.org/confluence/display/TOMCAT/Managing+Tomcat%27s+Dependency+on+the+Eclipse+JDT+Core+Batch+Compiler # # Checksum is from "SHA512 Checksums for 4.31" link at -# https://download.eclipse.org/eclipse/downloads/drops4/R-4.31-202402290520/ -# https://download.eclipse.org/eclipse/downloads/drops4/R-4.31-202402290520/checksum/eclipse-4.31-SUMSSHA512 +# https://download.eclipse.org/eclipse/downloads/drops4/R-4.32-202406010610/ +# https://download.eclipse.org/eclipse/downloads/drops4/R-4.32-202406010610/checksum/eclipse-4.32-SUMSSHA512 # jdt.version=4.32 jdt.release=R-4.32-202406010610 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Update Hamcrest library to 3.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1981137055 Update Hamcrest library to 3.0
1981137055 is described below
commit 19811370556ce10f48651cfc943cd84aa08efdb4
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:23:29 2024 +0100
Update Hamcrest library to 3.0
---
build.properties.default | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 58146b6a96..e67203caf4 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -215,10 +215,10 @@ junit.jar=${junit.home}/junit-${junit.version}.jar
junit.loc=${base-maven.loc}/junit/junit/${junit.version}/junit-${junit.version}.jar
# - Hamcrest Library, used by JUnit, version 1.3 or later
-hamcrest.version=2.2
+hamcrest.version=3.0
hamcrest.checksum.enabled=true
hamcrest.checksum.algorithm=SHA-512
-hamcrest.checksum.value=6b1141329b83224f69f074cb913dbff6921d6b8693ede8d2599acb626481255dae63de42eb123cbd5f59a261ac32faae012be64e8e90406ae9215543fbca5546
+hamcrest.checksum.value=c09968882d8467d43576444b3fab868e175f0826e1d6e2015d1efec8934cdd5ffce8f285a7fc072306711ee0645dea92783a97a9e1dd8206e5e1de5de1ea8e7f
hamcrest.home=${base.path}/hamcrest-${hamcrest.version}
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Update Hamcrest library to 3.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new ad0254a64a Update Hamcrest library to 3.0
ad0254a64a is described below
commit ad0254a64a9a9bc11988550b49ea7c72096e68fe
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:23:29 2024 +0100
Update Hamcrest library to 3.0
---
build.properties.default | 4 ++--
webapps/docs/changelog.xml | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 49c5d77333..3860f00452 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -215,10 +215,10 @@ junit.jar=${junit.home}/junit-${junit.version}.jar
junit.loc=${base-maven.loc}/junit/junit/${junit.version}/junit-${junit.version}.jar
# - Hamcrest Library, used by JUnit, version 1.3 or later
-hamcrest.version=2.2
+hamcrest.version=3.0
hamcrest.checksum.enabled=true
hamcrest.checksum.algorithm=SHA-512
-hamcrest.checksum.value=6b1141329b83224f69f074cb913dbff6921d6b8693ede8d2599acb626481255dae63de42eb123cbd5f59a261ac32faae012be64e8e90406ae9215543fbca5546
+hamcrest.checksum.value=c09968882d8467d43576444b3fab868e175f0826e1d6e2015d1efec8934cdd5ffce8f285a7fc072306711ee0645dea92783a97a9e1dd8206e5e1de5de1ea8e7f
hamcrest.home=${base.path}/hamcrest-${hamcrest.version}
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3bd3d3d69b..2f58fb0372 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -192,6 +192,9 @@
are not dropped by default if a logger is configured to use trace
(FINEST) level logging. (markt)
+
+Update Hmacrest to 3.0. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Update Hamcrest library to 3.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new a6eb613abd Update Hamcrest library to 3.0
a6eb613abd is described below
commit a6eb613abd1242e71a7cd3e56a1e4f3adde39343
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:23:29 2024 +0100
Update Hamcrest library to 3.0
---
build.properties.default | 4 ++--
webapps/docs/changelog.xml | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index e8d78a38bd..a84f63039d 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -236,10 +236,10 @@ junit.jar=${junit.home}/junit-${junit.version}.jar
junit.loc=${base-maven.loc}/junit/junit/${junit.version}/junit-${junit.version}.jar
# - Hamcrest Library, used by JUnit, version 1.3 or later
-hamcrest.version=2.2
+hamcrest.version=3.0
hamcrest.checksum.enabled=true
hamcrest.checksum.algorithm=SHA-512
-hamcrest.checksum.value=6b1141329b83224f69f074cb913dbff6921d6b8693ede8d2599acb626481255dae63de42eb123cbd5f59a261ac32faae012be64e8e90406ae9215543fbca5546
+hamcrest.checksum.value=c09968882d8467d43576444b3fab868e175f0826e1d6e2015d1efec8934cdd5ffce8f285a7fc072306711ee0645dea92783a97a9e1dd8206e5e1de5de1ea8e7f
hamcrest.home=${base.path}/hamcrest-${hamcrest.version}
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4f5fd60df5..c2f400ed5b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -179,6 +179,9 @@
are not dropped by default if a logger is configured to use trace
(FINEST) level logging. (markt)
+
+Update Hmacrest to 3.0. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Update Hamcrest library to 3.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new a4de2f39dc Update Hamcrest library to 3.0
a4de2f39dc is described below
commit a4de2f39dc7fd14434c39c8a93e8dfd3cf1da68b
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:23:29 2024 +0100
Update Hamcrest library to 3.0
---
build.properties.default | 4 ++--
webapps/docs/changelog.xml | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index da866174f8..8549138ceb 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -238,10 +238,10 @@ junit.jar=${junit.home}/junit-${junit.version}.jar
junit.loc=${base-maven.loc}/junit/junit/${junit.version}/junit-${junit.version}.jar
# - Hamcrest Library, used by JUnit, version 1.3 or later
-hamcrest.version=2.2
+hamcrest.version=3.0
hamcrest.checksum.enabled=true
hamcrest.checksum.algorithm=SHA-512
-hamcrest.checksum.value=6b1141329b83224f69f074cb913dbff6921d6b8693ede8d2599acb626481255dae63de42eb123cbd5f59a261ac32faae012be64e8e90406ae9215543fbca5546
+hamcrest.checksum.value=c09968882d8467d43576444b3fab868e175f0826e1d6e2015d1efec8934cdd5ffce8f285a7fc072306711ee0645dea92783a97a9e1dd8206e5e1de5de1ea8e7f
hamcrest.home=${base.path}/hamcrest-${hamcrest.version}
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 926e47baaa..c8d91851c5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -179,6 +179,9 @@
are not dropped by default if a logger is configured to use trace
(FINEST) level logging. (markt)
+
+Update Hmacrest to 3.0. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Update EasyMock to 5.4.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 6c03681329 Update EasyMock to 5.4.0
6c03681329 is described below
commit 6c03681329867cc8350b5629fbd29c8fbb6f0a6c
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:36:43 2024 +0100
Update EasyMock to 5.4.0
---
build.properties.default | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index e67203caf4..863b2a94bb 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -224,10 +224,10 @@
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
# - EasyMock, version 5.0.0 or later -
-easymock.version=5.3.0
+easymock.version=5.4.0
easymock.checksum.enabled=true
easymock.checksum.algorithm=MD5|SHA-1
-easymock.checksum.value=a25d1fb058ddcb644011680e48ba357c|7bac0b4bbd84f49f9bcd8485281b5e52da081fa4
+easymock.checksum.value=e2f62d08abbadc33c22d580c78af440b|eb56bad81c203765f4a5c74aed28142fb0d79354
easymock.home=${base.path}/easymock-${easymock.version}
easymock.jar=${easymock.home}/easymock-${easymock.version}.jar
easymock.loc=${base-maven.loc}/org/easymock/easymock/${easymock.version}/easymock-${easymock.version}.jar
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Update EasyMock to 5.4.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 7e336d1518 Update EasyMock to 5.4.0
7e336d1518 is described below
commit 7e336d1518da87eabe0f173f935d7dfdcb50a4e0
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:36:43 2024 +0100
Update EasyMock to 5.4.0
---
build.properties.default | 4 ++--
webapps/docs/changelog.xml | 5 -
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 3860f00452..3659b855b4 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -224,10 +224,10 @@
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
# - EasyMock, version 5.0.0 or later -
-easymock.version=5.3.0
+easymock.version=5.4.0
easymock.checksum.enabled=true
easymock.checksum.algorithm=MD5|SHA-1
-easymock.checksum.value=a25d1fb058ddcb644011680e48ba357c|7bac0b4bbd84f49f9bcd8485281b5e52da081fa4
+easymock.checksum.value=e2f62d08abbadc33c22d580c78af440b|eb56bad81c203765f4a5c74aed28142fb0d79354
easymock.home=${base.path}/easymock-${easymock.version}
easymock.jar=${easymock.home}/easymock-${easymock.version}.jar
easymock.loc=${base-maven.loc}/org/easymock/easymock/${easymock.version}/easymock-${easymock.version}.jar
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2f58fb0372..80943ae3ce 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -193,7 +193,10 @@
(FINEST) level logging. (markt)
-Update Hmacrest to 3.0. (markt)
+Update Hamcrest to 3.0. (markt)
+
+
+Update EasyMock to 5.4.0. (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Update EasyMock to 5.4.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5b65df6c4e Update EasyMock to 5.4.0
5b65df6c4e is described below
commit 5b65df6c4e0ced854dfa59a06904ee3c69caaf57
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:36:43 2024 +0100
Update EasyMock to 5.4.0
---
build.properties.default | 4 ++--
webapps/docs/changelog.xml | 5 -
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index a84f63039d..1447b6bb08 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -245,10 +245,10 @@
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
# - EasyMock, version 5.0.0 or later -
-easymock.version=5.3.0
+easymock.version=5.4.0
easymock.checksum.enabled=true
easymock.checksum.algorithm=MD5|SHA-1
-easymock.checksum.value=a25d1fb058ddcb644011680e48ba357c|7bac0b4bbd84f49f9bcd8485281b5e52da081fa4
+easymock.checksum.value=e2f62d08abbadc33c22d580c78af440b|eb56bad81c203765f4a5c74aed28142fb0d79354
easymock.home=${base.path}/easymock-${easymock.version}
easymock.jar=${easymock.home}/easymock-${easymock.version}.jar
easymock.loc=${base-maven.loc}/org/easymock/easymock/${easymock.version}/easymock-${easymock.version}.jar
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c2f400ed5b..e1e9d928b2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -180,7 +180,10 @@
(FINEST) level logging. (markt)
-Update Hmacrest to 3.0. (markt)
+Update Hamcrest to 3.0. (markt)
+
+
+Update EasyMock to 5.4.0. (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Update EasyMock to 5.4.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6aae5c932a Update EasyMock to 5.4.0
6aae5c932a is described below
commit 6aae5c932a95a9d4a4379c5372b05001e346efbe
Author: Mark Thomas
AuthorDate: Wed Aug 28 17:36:43 2024 +0100
Update EasyMock to 5.4.0
---
build.properties.default | 4 ++--
webapps/docs/changelog.xml | 5 -
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 8549138ceb..a5eb124b89 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -247,10 +247,10 @@
hamcrest.jar=${hamcrest.home}/hamcrest-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest/${hamcrest.version}/hamcrest-${hamcrest.version}.jar
# - EasyMock, version 5.0.0 or later -
-easymock.version=5.3.0
+easymock.version=5.4.0
easymock.checksum.enabled=true
easymock.checksum.algorithm=MD5|SHA-1
-easymock.checksum.value=a25d1fb058ddcb644011680e48ba357c|7bac0b4bbd84f49f9bcd8485281b5e52da081fa4
+easymock.checksum.value=e2f62d08abbadc33c22d580c78af440b|eb56bad81c203765f4a5c74aed28142fb0d79354
easymock.home=${base.path}/easymock-${easymock.version}
easymock.jar=${easymock.home}/easymock-${easymock.version}.jar
easymock.loc=${base-maven.loc}/org/easymock/easymock/${easymock.version}/easymock-${easymock.version}.jar
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c8d91851c5..621f44b5d8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -180,7 +180,10 @@
(FINEST) level logging. (markt)
-Update Hmacrest to 3.0. (markt)
+Update Hamcrest to 3.0. (markt)
+
+
+Update EasyMock to 5.4.0. (markt)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-9.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/1050 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 9.0.x] 6aae5c932a95a9d4a4379c5372b05001e346efbe Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1920257 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Author: schultz Date: Wed Aug 28 21:26:56 2024 New Revision: 1920257 URL: http://svn.apache.org/viewvc?rev=1920257&view=rev Log: Minor edits. Modified: tomcat/site/trunk/docs/security-model.html tomcat/site/trunk/xdocs/security-model.xml Modified: tomcat/site/trunk/docs/security-model.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920257&r1=1920256&r2=1920257&view=diff == --- tomcat/site/trunk/docs/security-model.html (original) +++ tomcat/site/trunk/docs/security-model.html Wed Aug 28 21:26:56 2024 @@ -12,9 +12,9 @@ Administrative users - Administrative users are always considered to be trusted. Reports that - require attacker access to and/or control of any of the following to - succeed will be rejected: + Administrative users are always considered to be trusted. Reports for + vulnerabilities where an attacker already has access to or control over + any of the following will be rejected: The Manager or Host Manager applications provided with Tomcat @@ -29,13 +29,14 @@ Web applications Web applications deployed to Tomcat are considered to be trusted. - Vulnerabilities in user provided web applications are application + Vulnerabilities in user-provided web applications are application vulnerabilities, not Tomcat vulnerabilities. Reports of vulnerabilities in the web applications included with - Tomcat will be accepted. Reporters should review the comments about - each of the provided applications in the security considerations - section of the documentation for the version under test. + standard Tomcat distributions will be accepted. Reporters should + review the comments about each of the provided applications in the + security considerations section of the documentation for the version + under test. @@ -50,7 +51,7 @@ connector HTTP headers processed by a RemoteIpValve, SSLValve, equivalent filters or any similar -functionality. +functionality @@ -67,10 +68,10 @@ Logging - Security sensitive information will not be logged with the default + Security-sensitive information will not be logged with the default configuration apart from anything included in the request URI. - Security sensitive information may be logged with modified logging + Security-sensitive information may be logged with modified logging configurations, particularly if debug logging is enabled. Modified: tomcat/site/trunk/xdocs/security-model.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1920257&r1=1920256&r2=1920257&view=diff == --- tomcat/site/trunk/xdocs/security-model.xml (original) +++ tomcat/site/trunk/xdocs/security-model.xml Wed Aug 28 21:26:56 2024 @@ -20,9 +20,9 @@ - Administrative users are always considered to be trusted. Reports that - require attacker access to and/or control of any of the following to - succeed will be rejected: + Administrative users are always considered to be trusted. Reports for + vulnerabilities where an attacker already has access to or control over + any of the following will be rejected: The Manager or Host Manager applications provided with Tomcat @@ -37,13 +37,14 @@ Web applications deployed to Tomcat are considered to be trusted. - Vulnerabilities in user provided web applications are application + Vulnerabilities in user-provided web applications are application vulnerabilities, not Tomcat vulnerabilities. Reports of vulnerabilities in the web applications included with - Tomcat will be accepted. Reporters should review the comments about - each of the provided applications in the security considerations - section of the documentation for the version under test. + standard Tomcat distributions will be accepted. Reporters should + review the comments about each of the provided applications in the + security considerations section of the documentation for the version + under test. @@ -58,7 +59,7 @@ connector HTTP headers processed by a RemoteIpValve, SSLValve, equivalent filters or any similar -functionality. +functionality @@ -75,10 +76,10 @@ - Security sensitive information will not be logged with the default + Security-sensitive information will not be logged with the default configuration apart from anything included in the request URI. - Secur
Re: svn commit: r1920023 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Mark, On 8/28/24 06:48, Mark Thomas wrote: On 27/08/2024 17:34, Christopher Schultz wrote: Mark, On 8/27/24 11:59, Mark Thomas wrote: On 26/08/2024 15:18, Christopher Schultz wrote: + Data received by an AJP connector is trusted. Maybe clarify which data you are talking about? I'm guessing that "request attributes" and certain headers should be considered trusted, but the request entity for example is not. Thanks. Good catch. I've updated the docs. Any further changes before I add some links to this page from the security docs? I think: " Vulnerabilities in deployed web applications are application vulnerabilities, not Tomcat vulnerabilities. " ...ought to mention that Tomcat-provided web applications are in-scope for security vulnerability reports. Manager and host-manager are quite important while ROOT, docs, and examples would be limited to e.g. "low importance" because they should never be deployed into a production environment. s/multi-cast/multicast/g This list is sufficiently long that we might want to break it down a little into separate sections with separate titles e.g.: Trusted Environments The following environments, user, and code are always considered trusted. Reports that users with control over these environments will be rejected on the basis that those users are in fact trusted and have administrative or equivalent access: * Deployed web applications * Access via JMX * Access via Java Attach API or other debugging interfaces * ... As I write this, it seems to be falling apart a little. Maybe this comment will spark someone else's creativity. But the list seems to be getting long and I'm a very strong supporter of "Parallel Structure"[1] in writing, and this is all over the place. I've restructured the page. I've added the things you suggested. Any better? Yes, I like your work, here. I committed some minor changes. Mostly re-wording the "giving the attacker administrative rights before an attack is cheating" bit. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69285] Performance improvement to ApplicationHttpRequest.parseParameters()
https://bz.apache.org/bugzilla/show_bug.cgi?id=69285 --- Comment #2 from chjp --- Paticular difference is LinkedHashMap#afterNodeInsertion(boolean evict). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
