svn commit: r1921844 - /tomcat/site/trunk/xdocs/migration-9.xml
Author: schultz Date: Mon Nov 11 14:36:05 2024 New Revision: 1921844 URL: http://svn.apache.org/viewvc?rev=1921844&view=rev Log: Add note about HTTP reason phrases being removed. Modified: tomcat/site/trunk/xdocs/migration-9.xml Modified: tomcat/site/trunk/xdocs/migration-9.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration-9.xml?rev=1921844&r1=1921843&r2=1921844&view=diff == --- tomcat/site/trunk/xdocs/migration-9.xml (original) +++ tomcat/site/trunk/xdocs/migration-9.xml Mon Nov 11 14:36:05 2024 @@ -91,6 +91,15 @@ versions of Apache Tomcat® + + + HTTP reason phrases have been https://bz.apache.org/bugzilla/show_bug.cgi?id=60362";>removed + entirely. Some non-RFC-compliant clients are known to fail when the + reason phrase is missing. Such failures are a problem with the client + and not with Tomcat. + + + The following change is present in 8.5.0 onwards. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1921844 - /tomcat/site/trunk/xdocs/migration-9.xml
пн, 11 нояб. 2024 г. в 17:37, Christopher Schultz : > > All, > > I had this change sitting around on my computer from a long time ago, so > I decided to commit it. I'm happy to remove it if it's redundant. > Thank you, Chris. It is not redundant: There is a change with 8.5 that support for the sendReasonPhrase attribute has been removed, and there are many items below that one that are marked with "The following change is present in 8.5.0 onwards.", as this guide is for upgrading from 8.0 as well, not just from 8.5. I published the changes. (Your commit is xdocs only, without the docs directory) Best regards, Konstantin Kolinko > On 11/11/24 9:36 AM, schu...@apache.org wrote: > > Author: schultz > > Date: Mon Nov 11 14:36:05 2024 > > New Revision: 1921844 > > > > URL: http://svn.apache.org/viewvc?rev=1921844&view=rev > > Log: > > Add note about HTTP reason phrases being removed. > > > > Modified: > > tomcat/site/trunk/xdocs/migration-9.xml > > > > Modified: tomcat/site/trunk/xdocs/migration-9.xml > > URL: > > http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration-9.xml?rev=1921844&r1=1921843&r2=1921844&view=diff > > == > > --- tomcat/site/trunk/xdocs/migration-9.xml (original) > > +++ tomcat/site/trunk/xdocs/migration-9.xml Mon Nov 11 14:36:05 2024 > > @@ -91,6 +91,15 @@ versions of Apache Tomcat® > > > > > > > + > > + > > + HTTP reason phrases have been > href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60362";>removed > > + entirely. Some non-RFC-compliant clients are known to fail when the > > + reason phrase is missing. Such failures are a problem with the client > > + and not with Tomcat. > > + > > + > > + > > > > > > The following change is present in 8.5.0 onwards. > > > > > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Add change log entry
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 2cc644feb6 Add change log entry 2cc644feb6 is described below commit 2cc644feb61ff0de478d6cc8c11c605ab794cb88 Author: Mark Thomas AuthorDate: Mon Nov 11 17:19:37 2024 + Add change log entry --- webapps/docs/changelog.xml | 10 ++ 1 file changed, 10 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 13ad8222aa..edcd17a90b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,16 @@ issues do not "pop up" wrt. others). --> + + + +Align encodedSolidusHandling with the Servlet +specification. If the pass-through mode is used, any +%25 sequences will now also be passed through to avoid +errors and/or corruption when the application decodes the path. (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Add change log entry
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 4e2d691c9d Add change log entry 4e2d691c9d is described below commit 4e2d691c9dacd1a83931683abed0273fd245c44f Author: Mark Thomas AuthorDate: Mon Nov 11 17:19:37 2024 + Add change log entry --- webapps/docs/changelog.xml | 10 ++ 1 file changed, 10 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index af45efd38b..dd4e29000a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,16 @@ issues do not "pop up" wrt. others). --> + + + +Align encodedSolidusHandling with the Servlet +specification. If the pass-through mode is used, any +%25 sequences will now also be passed through to avoid +errors and/or corruption when the application decodes the path. (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r72964 - /dev/tomcat/tomcat-10/v10.1.33/ /release/tomcat/tomcat-10/v10.1.33/
Author: schultz Date: Mon Nov 11 14:29:50 2024 New Revision: 72964 Log: Promote v10.1.33 to released. Added: release/tomcat/tomcat-10/v10.1.33/ - copied from r72963, dev/tomcat/tomcat-10/v10.1.33/ Removed: dev/tomcat/tomcat-10/v10.1.33/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.33
All, The following votes were cast: +1: markt, isapir, remm, schultz There were no other votes, therefore the vote passes. Thanks to everyone who contributed towards this release. -chris On 11/7/24 5:50 PM, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.33 release is now available for voting. There was an issue with the 10.1.32 release build which has been corrected in this release. The EarlyHintsFilter.java file has been removed from the source release artifact. There are no other differences between 10.1.32 and 10.1.33. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.31 are: - Fix a regression caused by the improvement 69333 which caused the tag release to be called when using tag pooling, and to be skipped when not using it. Patch submitted by Michal Sobkiewicz. - Further WebDAV fixes and improvements For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.33/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1523 The tag is: https://github.com/apache/tomcat/tree/10.1.33 https://github.com/apache/tomcat/ commit/901b2e44375be1b28ea659e77b089041ed47124c Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Align encodedSolidusHandling with servlet spec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 0f439287de Align encodedSolidusHandling with servlet spec
0f439287de is described below
commit 0f439287de88c63d8d3aa2d1163bae2f0e0ac2a8
Author: Mark Thomas
AuthorDate: Mon Nov 11 15:01:00 2024 +
Align encodedSolidusHandling with servlet spec
---
java/org/apache/tomcat/util/buf/UDecoder.java | 17 +
test/org/apache/tomcat/util/buf/TestUDecoder.java | 42 +++
webapps/docs/config/ajp.xml | 9 -
webapps/docs/config/http.xml | 9 -
4 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index d698c5f935..b11965095e 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -145,6 +145,23 @@ public final class UDecoder {
buff[idx] = buff[j];
}
}
+} else if (res == '%') {
+/*
+ * If encoded '/' is going to be left encoded then so must
encoded '%' else the subsequent %nn
+ * decoding will either fail or corrupt the output.
+ */
+switch (encodedSolidusHandling) {
+case DECODE:
+case REJECT: {
+buff[idx] = (byte) res;
+break;
+}
+case PASS_THROUGH: {
+buff[idx++] = buff[j - 2];
+buff[idx++] = buff[j - 1];
+buff[idx] = buff[j];
+}
+}
} else {
buff[idx] = (byte) res;
}
diff --git a/test/org/apache/tomcat/util/buf/TestUDecoder.java
b/test/org/apache/tomcat/util/buf/TestUDecoder.java
index b2ca73dd16..94dbd14fb6 100644
--- a/test/org/apache/tomcat/util/buf/TestUDecoder.java
+++ b/test/org/apache/tomcat/util/buf/TestUDecoder.java
@@ -219,6 +219,48 @@ public class TestUDecoder {
}
+@Test
+public void testURLDecodeStringSolidus10a() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10b() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10c() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test(expected = CharConversionException.class)
+public void testURLDecodeStringSolidus11a() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11b() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%2f%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11c() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx/%xx", result);
+}
+
+
private void doTestSolidus(String input, String expected) throws
IOException {
for (EncodedSolidusHandling solidusHandling :
EncodedSolidusHandling.values()) {
String result = doTestSolidus(input, solidusHandling);
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index cd6086a7e1..b6590e59ff 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -128,7 +128,14 @@
time other %nn sequences are decoded. When set to
passthrough request paths containing a %2f
sequence will be processed with the %2f sequence unchanged.
- If not specified the default value is reject.
+
+ If passthrough is used then it is the application's
+ resposibility to perform any further %nn decoding required.
+ Any %25 sequences (encoded %) in the request
+ path with also be processed with the %25 sequence unchanged
+ to avoid potential corruption and/or decoding failure when the path is
+ subsequently %nn decoded by the application.
+ If not specified the default value is reject.
diff --git a/webapps/docs/config/http.xml b/webap
(tomcat) branch 11.0.x updated: Align encodedSolidusHandling with servlet spec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 85ceb0e87b Align encodedSolidusHandling with servlet spec
85ceb0e87b is described below
commit 85ceb0e87b39f5b6d9efc357b47f1112be2c7d12
Author: Mark Thomas
AuthorDate: Mon Nov 11 15:01:00 2024 +
Align encodedSolidusHandling with servlet spec
---
java/org/apache/tomcat/util/buf/UDecoder.java | 17 +
test/org/apache/tomcat/util/buf/TestUDecoder.java | 42 +++
webapps/docs/config/ajp.xml | 9 -
webapps/docs/config/http.xml | 9 -
4 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index d698c5f935..b11965095e 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -145,6 +145,23 @@ public final class UDecoder {
buff[idx] = buff[j];
}
}
+} else if (res == '%') {
+/*
+ * If encoded '/' is going to be left encoded then so must
encoded '%' else the subsequent %nn
+ * decoding will either fail or corrupt the output.
+ */
+switch (encodedSolidusHandling) {
+case DECODE:
+case REJECT: {
+buff[idx] = (byte) res;
+break;
+}
+case PASS_THROUGH: {
+buff[idx++] = buff[j - 2];
+buff[idx++] = buff[j - 1];
+buff[idx] = buff[j];
+}
+}
} else {
buff[idx] = (byte) res;
}
diff --git a/test/org/apache/tomcat/util/buf/TestUDecoder.java
b/test/org/apache/tomcat/util/buf/TestUDecoder.java
index b2ca73dd16..94dbd14fb6 100644
--- a/test/org/apache/tomcat/util/buf/TestUDecoder.java
+++ b/test/org/apache/tomcat/util/buf/TestUDecoder.java
@@ -219,6 +219,48 @@ public class TestUDecoder {
}
+@Test
+public void testURLDecodeStringSolidus10a() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10b() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10c() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test(expected = CharConversionException.class)
+public void testURLDecodeStringSolidus11a() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11b() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%2f%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11c() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx/%xx", result);
+}
+
+
private void doTestSolidus(String input, String expected) throws
IOException {
for (EncodedSolidusHandling solidusHandling :
EncodedSolidusHandling.values()) {
String result = doTestSolidus(input, solidusHandling);
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 605ac3bf98..32bdcfa142 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -127,7 +127,14 @@
time other %nn sequences are decoded. When set to
passthrough request paths containing a %2f
sequence will be processed with the %2f sequence unchanged.
- If not specified the default value is reject.
+
+ If passthrough is used then it is the application's
+ resposibility to perform any further %nn decoding required.
+ Any %25 sequences (encoded %) in the request
+ path with also be processed with the %25 sequence unchanged
+ to avoid potential corruption and/or decoding failure when the path is
+ subsequently %nn decoded by the application.
+ If not specified the default value is reject.
diff --git a/webapps/docs/config/http.xml b/webap
(tomcat) branch 9.0.x updated: Align encodedSolidusHandling with servlet spec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new ca5f5c5770 Align encodedSolidusHandling with servlet spec
ca5f5c5770 is described below
commit ca5f5c5770263367227880d94583778ed4e7ab25
Author: Mark Thomas
AuthorDate: Mon Nov 11 15:01:00 2024 +
Align encodedSolidusHandling with servlet spec
---
java/org/apache/tomcat/util/buf/UDecoder.java | 17 +
test/org/apache/tomcat/util/buf/TestUDecoder.java | 42 +++
webapps/docs/config/ajp.xml | 9 -
webapps/docs/config/http.xml | 9 -
4 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index 42f08f6ed6..7eb9ca0266 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -149,6 +149,23 @@ public final class UDecoder {
buff[idx] = buff[j];
}
}
+} else if (res == '%') {
+/*
+ * If encoded '/' is going to be left encoded then so must
encoded '%' else the subsequent %nn
+ * decoding will either fail or corrupt the output.
+ */
+switch (encodedSolidusHandling) {
+case DECODE:
+case REJECT: {
+buff[idx] = (byte) res;
+break;
+}
+case PASS_THROUGH: {
+buff[idx++] = buff[j - 2];
+buff[idx++] = buff[j - 1];
+buff[idx] = buff[j];
+}
+}
} else {
buff[idx] = (byte) res;
}
diff --git a/test/org/apache/tomcat/util/buf/TestUDecoder.java
b/test/org/apache/tomcat/util/buf/TestUDecoder.java
index b2ca73dd16..94dbd14fb6 100644
--- a/test/org/apache/tomcat/util/buf/TestUDecoder.java
+++ b/test/org/apache/tomcat/util/buf/TestUDecoder.java
@@ -219,6 +219,48 @@ public class TestUDecoder {
}
+@Test
+public void testURLDecodeStringSolidus10a() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10b() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10c() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test(expected = CharConversionException.class)
+public void testURLDecodeStringSolidus11a() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11b() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%2f%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11c() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx/%xx", result);
+}
+
+
private void doTestSolidus(String input, String expected) throws
IOException {
for (EncodedSolidusHandling solidusHandling :
EncodedSolidusHandling.values()) {
String result = doTestSolidus(input, solidusHandling);
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 4c450e94f8..9969f8dc42 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -122,7 +122,14 @@
time other %nn sequences are decoded. When set to
passthrough request paths containing a %2f
sequence will be processed with the %2f sequence unchanged.
- If not specified the default value is reject. This default
+
+ If passthrough is used then it is the application's
+ resposibility to perform any further %nn decoding required.
+ Any %25 sequences (encoded %) in the request
+ path with also be processed with the %25 sequence unchanged
+ to avoid potential corruption and/or decoding failure when the path is
+ subsequently %nn decoded by the application.
+ If not specified the default value is reject. This
default
may be modified if the deprecat
(tomcat) branch 11.0.x updated: Add change log entry
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new 85c4961ef5 Add change log entry 85c4961ef5 is described below commit 85c4961ef584ef2fcbef4999a427d8b76c36e2df Author: Mark Thomas AuthorDate: Mon Nov 11 17:19:37 2024 + Add change log entry --- webapps/docs/changelog.xml | 10 ++ 1 file changed, 10 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 10d3a583ac..3258e25c76 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,16 @@ issues do not "pop up" wrt. others). --> + + + +Align encodedSolidusHandling with the Servlet +specification. If the pass-through mode is used, any +%25 sequences will now also be passed through to avoid +errors and/or corruption when the application decodes the path. (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1921846 - in /tomcat/site/trunk: docs/migration-85.html docs/migration-9.html xdocs/migration-85.xml xdocs/migration-9.xml
Author: kkolinko Date: Mon Nov 11 15:53:30 2024 New Revision: 1921846 URL: http://svn.apache.org/viewvc?rev=1921846&view=rev Log: Migration Guides. - Correct formatting. Amend link to BZ 60362. Publish. Correct formatting in 8.5 migration guide. Amend link to BZ 60362 in 9.0 migration guide only: Refer to comment #60 that better summarizes the reasons and the current status of this feature for Tomcat 9. Modified: tomcat/site/trunk/docs/migration-85.html tomcat/site/trunk/docs/migration-9.html tomcat/site/trunk/xdocs/migration-85.xml tomcat/site/trunk/xdocs/migration-9.xml Modified: tomcat/site/trunk/docs/migration-85.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-85.html?rev=1921846&r1=1921845&r2=1921846&view=diff == --- tomcat/site/trunk/docs/migration-85.html (original) +++ tomcat/site/trunk/docs/migration-85.html Mon Nov 11 15:53:30 2024 @@ -26,7 +26,7 @@ versions of Apache Tomcat®HTTP connector changes HTTP reason phrases have been https://bz.apache.org/bugzilla/show_bug.cgi?id=60362";>removed by default, - but can be re-enabled using the sendReasonPhrase + but can be re-enabled using the sendReasonPhrase https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Common_Attributes";>configuration attribute. Modified: tomcat/site/trunk/docs/migration-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1921846&r1=1921845&r2=1921846&view=diff == --- tomcat/site/trunk/docs/migration-9.html (original) +++ tomcat/site/trunk/docs/migration-9.html Mon Nov 11 15:53:30 2024 @@ -1,6 +1,6 @@ Apache Tomcat® - Migration Guide - Tomcat 9.0.xhttps://www.apachecon.com/event-images/snippet.js";>http://tomcat.apache.org/";>Apache Tomcat®https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left">https://www.apache.org/images/Su pportApache-small.png" class="support-asf" alt="Support Apache">http://www.apache.org/"; target="_blank" class="pull-left">https://www.google.com/search"; method="get">GOApache TomcatHomeTaglibsMaven PluginDownloadWhich version?https://tomcat.apa che.org/download-11.cgi">Tomcat 11https://tomcat.apache.org/download-10.cgi";>Tomcat 10https://tomcat.apache.org/download-90.cgi";>Tomcat 9https://tomcat.apache.org/download-migration.cgi";>Tomcat Migration Tool for Jakarta EEhttps://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectorshttps://tomcat.apache.org/download-native.cgi";>Tomcat Nativehttps://tomcat.apache.org/download-taglibs.cgi";>Taglibshttps://archive.apache.org/dist/tomcat/";>ArchivesDocumentationTomcat 11.0Tomcat 10.1Tomcat 9.0UpgradingTomcat ConnectorsTomcat Native 2Tomcat Native 1.3https://cwiki.apache.org/confluence/display/TOMCAT";>WikiMigration GuidePresentationshttps://cwiki.apache.org/confluence/x/Bi8lBg";>SpecificationsProblems?Security ReportsFind helphttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQMailing ListsBug DatabaseIRCGet InvolvedOverviewSource codeBuildbotToolsMediahttps://twitter.com/theapachetomcat";>Twitterhttps://www.youtube.com/c/ApacheTomcatOfficial";>YouTubehttps://blogs.apache.org/tomcat/";>BlogMiscWho We Arehttps://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>SwagHeritagehttp://www.apache.org";>Apache HomeResourcesContactLegalhttps://privacy.apache.org/policies/privacy-policy-public.html";>Privacyhttps://www.apache.org/foundation/contributing.html";>Support Apachehttps://www.apache.org/foundation/sponsorship.html";>Sponsorshiphttp://www.apache.org/foundation/thanks.html";>Thankshttp://www.apache.org/licenses/";>Lice nseContentTable of Contents -GeneralMigrating from 8.0.x or 8.5.x to 9.0.xJava 8 requiredSpecification APIsServlet 4.0 APIJavaServer Pages 2.3Expression Language 3.0WebSocket 1.1BIO connector removedComet support removedHTTP/2 support addedTLS virtual hosting and multiple certificate support addedInternal APIsJSR-77 implementation removedClusteringInstanceListener removedSessionManagerCookiesWeb applicationsEngine and Host configurationsContext configurationsLoggingUpgrading 9.0.xTomcat 9.0.x noteable changesTomcat 9.0.x configuration file differences +GeneralMigrating from 8.0.x or 8.5.x to 9.0.xJava 8 requiredSpecification APIsServlet 4.0 APIJavaServer Pages 2.3Expression Language 3.0WebSocket 1.1BIO connector removedHTTP connector changesComet support removedHTTP/2 support addedTLS virtual hosting and multiple certificate support addedInternal APIsJSR-77 implementation removedClusteringInstanceListener removedSessionManagerCookiesWeb applicationsEngine and Host configurationsContext configurationsLoggingUpgrading 9.0.xTomcat 9.0.x noteable changesTomcat 9.0.x configuration file differences General Please read the general Migration Guide page @@ -78,6 +78,15 @@ versions of
Re: Issue with Unauthorized Requests Handling in Tomcat
Harsha, Next time, don't post security issues to the dev@ list. Please only use the security@ list for reporting vulnerabilities. Please see below. On 11/8/24 12:34 PM, Harsha Vardhan Sai T wrote: I'm reaching out about an issue I've noticed in Tomcat related to handling requests that aren't properly authorized. Specifically, when a GET request is sent to the |j_security_check| endpoint (instead of a POST request), Tomcat is returning a |200 OK| status code. However, the expected response should be a |405 Method Not Allowed| status code, since |j_security_check| is intended to accept only POST requests. Is there a specification document or reference which supports your claim that the expected response status code should be 405? My reading of Servlet Spec 6.1 section 13.6.3 is that j_security_check is *REQUIRED* to return 200. (Specifically, see step #5 in the 8-step authentication process.) *Here are the details:* * *Tomcat Version*: 9.0.95 * *Issue*: When a GET request is sent to the |j_security_check| endpoint, Tomcat responds with a |200 OK| instead of a |405 Method Not Allowed|. * *Steps to Reproduce*: 1. Deploy a web application using form-based authentication. 2. Send a GET request to the |j_security_check| endpoint. 3. Observe the response status code. I’ve implemented a custom solution to handle this on my end, but I believe it would be better if Tomcat could handle this directly. This would improve security, as accepting GET requests on sensitive endpoints can allow attackers to bypass protections. Could you please let me know if there’s a way to configure Tomcat to return the correct status code for this scenario, or if there are any plans to address this issue in future updates? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r72965 - /release/tomcat/tomcat-10/v10.1.31/
Author: schultz Date: Mon Nov 11 16:29:44 2024 New Revision: 72965 Log: Remove old release artifacts. Removed: release/tomcat/tomcat-10/v10.1.31/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Follow-up to BZ 69381. Additional location for performance improvement
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 5144218a39 Follow-up to BZ 69381. Additional location for performance
improvement
5144218a39 is described below
commit 5144218a399027a59199cb5cf3aaafe9033f7ffb
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:56:54 2024 +
Follow-up to BZ 69381. Additional location for performance improvement
---
java/org/apache/el/util/ReflectionUtil.java | 18 +++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/el/util/ReflectionUtil.java
b/java/org/apache/el/util/ReflectionUtil.java
index 6693d46648..c66421df69 100644
--- a/java/org/apache/el/util/ReflectionUtil.java
+++ b/java/org/apache/el/util/ReflectionUtil.java
@@ -149,7 +149,19 @@ public class ReflectionUtil {
paramCount = paramTypes.length;
}
-Method[] methods = base.getClass().getMethods();
+Class clazz = base.getClass();
+
+// Fast path: when no arguments exist, there can only be one matching
method and no need for coercion.
+if (paramCount == 0) {
+try {
+Method method = clazz.getMethod(methodName, paramTypes);
+return getMethod(clazz, base, method);
+} catch (NoSuchMethodException | SecurityException e) {
+// Fall through to broader, slower logic
+}
+}
+
+Method[] methods = clazz.getMethods();
Map candidates = new HashMap<>();
for (Method m : methods) {
@@ -250,7 +262,7 @@ public class ReflectionUtil {
// If a method is found where every parameter matches exactly,
// and no vars args are present, return it
if (exactMatch == paramCount && varArgsMatch == 0) {
-Method result = getMethod(base.getClass(), base, m);
+Method result = getMethod(clazz, base, m);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
@@ -300,7 +312,7 @@ public class ReflectionUtil {
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
}
-Method result = getMethod(base.getClass(), base, match);
+Method result = getMethod(clazz, base, match);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Follow-up to BZ 69381. Additional location for performance improvement
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5fbf70a2a3 Follow-up to BZ 69381. Additional location for performance
improvement
5fbf70a2a3 is described below
commit 5fbf70a2a3e4f21370e9fff304f54dea874e1002
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:56:54 2024 +
Follow-up to BZ 69381. Additional location for performance improvement
---
java/org/apache/el/util/ReflectionUtil.java | 18 +++---
webapps/docs/changelog.xml | 9 +
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/el/util/ReflectionUtil.java
b/java/org/apache/el/util/ReflectionUtil.java
index a94a73fd42..f15ccc1be0 100644
--- a/java/org/apache/el/util/ReflectionUtil.java
+++ b/java/org/apache/el/util/ReflectionUtil.java
@@ -151,7 +151,19 @@ public class ReflectionUtil {
paramCount = paramTypes.length;
}
-Method[] methods = base.getClass().getMethods();
+Class clazz = base.getClass();
+
+// Fast path: when no arguments exist, there can only be one matching
method and no need for coercion.
+if (paramCount == 0) {
+try {
+Method method = clazz.getMethod(methodName, paramTypes);
+return getMethod(clazz, base, method);
+} catch (NoSuchMethodException | SecurityException e) {
+// Fall through to broader, slower logic
+}
+}
+
+Method[] methods = clazz.getMethods();
Map candidates = new HashMap<>();
for (Method m : methods) {
@@ -252,7 +264,7 @@ public class ReflectionUtil {
// If a method is found where every parameter matches exactly,
// and no vars args are present, return it
if (exactMatch == paramCount && varArgsMatch == 0) {
-Method result = getMethod(base.getClass(), base, m);
+Method result = getMethod(clazz, base, m);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
@@ -302,7 +314,7 @@ public class ReflectionUtil {
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
}
-Method result = getMethod(base.getClass(), base, match);
+Method result = getMethod(clazz, base, match);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f28794f899..13ad8222aa 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Follow-up to the fix for 69381. Apply the optimisation for
+method lookup performance in expression language to an additional
+location. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Follow-up to BZ 69381. Additional location for performance improvement
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new e3c093169a Follow-up to BZ 69381. Additional location for performance
improvement
e3c093169a is described below
commit e3c093169a5ed8a46bc4467dd8855f3d7cbad755
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:56:54 2024 +
Follow-up to BZ 69381. Additional location for performance improvement
---
java/org/apache/el/util/ReflectionUtil.java | 18 +++---
webapps/docs/changelog.xml | 5 +
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/el/util/ReflectionUtil.java
b/java/org/apache/el/util/ReflectionUtil.java
index 6693d46648..c66421df69 100644
--- a/java/org/apache/el/util/ReflectionUtil.java
+++ b/java/org/apache/el/util/ReflectionUtil.java
@@ -149,7 +149,19 @@ public class ReflectionUtil {
paramCount = paramTypes.length;
}
-Method[] methods = base.getClass().getMethods();
+Class clazz = base.getClass();
+
+// Fast path: when no arguments exist, there can only be one matching
method and no need for coercion.
+if (paramCount == 0) {
+try {
+Method method = clazz.getMethod(methodName, paramTypes);
+return getMethod(clazz, base, method);
+} catch (NoSuchMethodException | SecurityException e) {
+// Fall through to broader, slower logic
+}
+}
+
+Method[] methods = clazz.getMethods();
Map candidates = new HashMap<>();
for (Method m : methods) {
@@ -250,7 +262,7 @@ public class ReflectionUtil {
// If a method is found where every parameter matches exactly,
// and no vars args are present, return it
if (exactMatch == paramCount && varArgsMatch == 0) {
-Method result = getMethod(base.getClass(), base, m);
+Method result = getMethod(clazz, base, m);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
@@ -300,7 +312,7 @@ public class ReflectionUtil {
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
}
-Method result = getMethod(base.getClass(), base, match);
+Method result = getMethod(clazz, base, match);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 16f6cdaf6f..10d3a583ac 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -111,6 +111,11 @@
Further optimise EL evaluation of method parameters. Patch provided by
Paolo B. (markt)
+
+Follow-up to the fix for 69381. Apply the optimisation for
+method lookup performance in expression language to an additional
+location. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Follow-up to BZ 69381. Additional location for performance improvement
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e01c602659 Follow-up to BZ 69381. Additional location for performance
improvement
e01c602659 is described below
commit e01c60265994d6c7b91f3cadff1c44038770bfe3
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:56:54 2024 +
Follow-up to BZ 69381. Additional location for performance improvement
---
java/org/apache/el/util/ReflectionUtil.java | 18 +++---
webapps/docs/changelog.xml | 5 +
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/el/util/ReflectionUtil.java
b/java/org/apache/el/util/ReflectionUtil.java
index 2422748cae..d92eba762b 100644
--- a/java/org/apache/el/util/ReflectionUtil.java
+++ b/java/org/apache/el/util/ReflectionUtil.java
@@ -151,7 +151,19 @@ public class ReflectionUtil {
paramCount = paramTypes.length;
}
-Method[] methods = base.getClass().getMethods();
+Class clazz = base.getClass();
+
+// Fast path: when no arguments exist, there can only be one matching
method and no need for coercion.
+if (paramCount == 0) {
+try {
+Method method = clazz.getMethod(methodName, paramTypes);
+return getMethod(clazz, base, method);
+} catch (NoSuchMethodException | SecurityException e) {
+// Fall through to broader, slower logic
+}
+}
+
+Method[] methods = clazz.getMethods();
Map candidates = new HashMap<>();
for (Method m : methods) {
@@ -252,7 +264,7 @@ public class ReflectionUtil {
// If a method is found where every parameter matches exactly,
// and no vars args are present, return it
if (exactMatch == paramCount && varArgsMatch == 0) {
-Method result = getMethod(base.getClass(), base, m);
+Method result = getMethod(clazz, base, m);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
@@ -302,7 +314,7 @@ public class ReflectionUtil {
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
}
-Method result = getMethod(base.getClass(), base, match);
+Method result = getMethod(clazz, base, match);
if (result == null) {
throw new MethodNotFoundException(
MessageFactory.get("error.method.notfound", base,
property, paramString(paramTypes)));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 341ffc644d..af45efd38b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -111,6 +111,11 @@
Further optimise EL evaluation of method parameters. Patch provided by
Paolo B. (markt)
+
+Follow-up to the fix for 69381. Apply the optimisation for
+method lookup performance in expression language to an additional
+location. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] fix message parameters - expiresFilter.skippedStatusCode [tomcat]
markt-asf closed pull request #776: fix message parameters - expiresFilter.skippedStatusCode URL: https://github.com/apache/tomcat/pull/776 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] fix message parameters - expiresFilter.skippedStatusCode [tomcat]
markt-asf commented on PR #776: URL: https://github.com/apache/tomcat/pull/776#issuecomment-2467491170 Thanks for the PR. Translations are handled a little differently to the rest of the code. We use POEditor. See https://cwiki.apache.org/confluence/display/TOMCAT/Managing+translations for details. I've committed a fix for the original English version and updated the translations in POEditor. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Fix message parameters. PR #776 by Chenjp
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new fabc35e3b4 Fix message parameters. PR #776 by Chenjp
fabc35e3b4 is described below
commit fabc35e3b4cb6ce41cee862ecd7ac262897e19f3
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:07:25 2024 +
Fix message parameters. PR #776 by Chenjp
---
java/org/apache/catalina/filters/LocalStrings.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/LocalStrings.properties
b/java/org/apache/catalina/filters/LocalStrings.properties
index 77e9b010b2..63a5c1485d 100644
--- a/java/org/apache/catalina/filters/LocalStrings.properties
+++ b/java/org/apache/catalina/filters/LocalStrings.properties
@@ -45,7 +45,7 @@ expiresFilter.noExpirationConfiguredForContentType=No Expires
configuration foun
expiresFilter.numberError=Exception parsing number at position [{0}] (zero
based) in comma delimited list [{1}]
expiresFilter.responseAlreadyCommitted=Request [{0}], cannot apply
ExpiresFilter on already committed response.
expiresFilter.setExpirationDate=Request [{0}] with response status [{1}]
content-type [{2}], set expiration date [{3}]
-expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{1}], skip expiration header generation for given status
+expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{2}], skip expiration header generation for given status
expiresFilter.startingPointInvalid=Invalid starting point
(access|now|modification|a|m) [{0}] in directive [{1}]
expiresFilter.startingPointNotFound=Starting point
(access|now|modification|a|m) not found in directive [{0}]
expiresFilter.unknownParameterIgnored=Unknown parameter [{0}] with value [{1}]
is ignored !
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Fix message parameters. PR #776 by Chenjp
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 86d1fca20a Fix message parameters. PR #776 by Chenjp
86d1fca20a is described below
commit 86d1fca20afa983c208a43075180487b3b33f2c4
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:07:25 2024 +
Fix message parameters. PR #776 by Chenjp
---
java/org/apache/catalina/filters/LocalStrings.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/LocalStrings.properties
b/java/org/apache/catalina/filters/LocalStrings.properties
index 73ce1c15d3..b20ab8a167 100644
--- a/java/org/apache/catalina/filters/LocalStrings.properties
+++ b/java/org/apache/catalina/filters/LocalStrings.properties
@@ -48,7 +48,7 @@ expiresFilter.noExpirationConfiguredForContentType=No Expires
configuration foun
expiresFilter.numberError=Exception parsing number at position [{0}] (zero
based) in comma delimited list [{1}]
expiresFilter.responseAlreadyCommitted=Request [{0}], cannot apply
ExpiresFilter on already committed response.
expiresFilter.setExpirationDate=Request [{0}] with response status [{1}]
content-type [{2}], set expiration date [{3}]
-expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{1}], skip expiration header generation for given status
+expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{2}], skip expiration header generation for given status
expiresFilter.startingPointInvalid=Invalid starting point
(access|now|modification|a|m) [{0}] in directive [{1}]
expiresFilter.startingPointNotFound=Starting point
(access|now|modification|a|m) not found in directive [{0}]
expiresFilter.unknownParameterIgnored=Unknown parameter [{0}] with value [{1}]
is ignored !
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Fix message parameters. PR #776 by Chenjp
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a0fb9ad5d1 Fix message parameters. PR #776 by Chenjp
a0fb9ad5d1 is described below
commit a0fb9ad5d1e8170ae261f5699fbd4d1ad22dcfe3
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:07:25 2024 +
Fix message parameters. PR #776 by Chenjp
---
java/org/apache/catalina/filters/LocalStrings.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/LocalStrings.properties
b/java/org/apache/catalina/filters/LocalStrings.properties
index 77e9b010b2..63a5c1485d 100644
--- a/java/org/apache/catalina/filters/LocalStrings.properties
+++ b/java/org/apache/catalina/filters/LocalStrings.properties
@@ -45,7 +45,7 @@ expiresFilter.noExpirationConfiguredForContentType=No Expires
configuration foun
expiresFilter.numberError=Exception parsing number at position [{0}] (zero
based) in comma delimited list [{1}]
expiresFilter.responseAlreadyCommitted=Request [{0}], cannot apply
ExpiresFilter on already committed response.
expiresFilter.setExpirationDate=Request [{0}] with response status [{1}]
content-type [{2}], set expiration date [{3}]
-expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{1}], skip expiration header generation for given status
+expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{2}], skip expiration header generation for given status
expiresFilter.startingPointInvalid=Invalid starting point
(access|now|modification|a|m) [{0}] in directive [{1}]
expiresFilter.startingPointNotFound=Starting point
(access|now|modification|a|m) not found in directive [{0}]
expiresFilter.unknownParameterIgnored=Unknown parameter [{0}] with value [{1}]
is ignored !
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Fix message parameters. PR #776 by Chenjp
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 4742fb9464 Fix message parameters. PR #776 by Chenjp
4742fb9464 is described below
commit 4742fb946443d8f5ea66ed48e66259e0d7c99755
Author: Mark Thomas
AuthorDate: Mon Nov 11 08:07:25 2024 +
Fix message parameters. PR #776 by Chenjp
---
java/org/apache/catalina/filters/LocalStrings.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/LocalStrings.properties
b/java/org/apache/catalina/filters/LocalStrings.properties
index 73ce1c15d3..b20ab8a167 100644
--- a/java/org/apache/catalina/filters/LocalStrings.properties
+++ b/java/org/apache/catalina/filters/LocalStrings.properties
@@ -48,7 +48,7 @@ expiresFilter.noExpirationConfiguredForContentType=No Expires
configuration foun
expiresFilter.numberError=Exception parsing number at position [{0}] (zero
based) in comma delimited list [{1}]
expiresFilter.responseAlreadyCommitted=Request [{0}], cannot apply
ExpiresFilter on already committed response.
expiresFilter.setExpirationDate=Request [{0}] with response status [{1}]
content-type [{2}], set expiration date [{3}]
-expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{1}], skip expiration header generation for given status
+expiresFilter.skippedStatusCode=Request [{0}] with response status [{1}]
content-type [{2}], skip expiration header generation for given status
expiresFilter.startingPointInvalid=Invalid starting point
(access|now|modification|a|m) [{0}] in directive [{1}]
expiresFilter.startingPointNotFound=Starting point
(access|now|modification|a|m) not found in directive [{0}]
expiresFilter.unknownParameterIgnored=Unknown parameter [{0}] with value [{1}]
is ignored !
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Align encodedSolidusHandling with servlet spec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9b66880d33 Align encodedSolidusHandling with servlet spec
9b66880d33 is described below
commit 9b66880d33f3d241c8921873bc4e48dd10d907a6
Author: Mark Thomas
AuthorDate: Mon Nov 11 15:01:00 2024 +
Align encodedSolidusHandling with servlet spec
---
java/org/apache/tomcat/util/buf/UDecoder.java | 17 +
webapps/docs/config/ajp.xml | 9 -
webapps/docs/config/http.xml | 9 -
3 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index d698c5f935..b11965095e 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -145,6 +145,23 @@ public final class UDecoder {
buff[idx] = buff[j];
}
}
+} else if (res == '%') {
+/*
+ * If encoded '/' is going to be left encoded then so must
encoded '%' else the subsequent %nn
+ * decoding will either fail or corrupt the output.
+ */
+switch (encodedSolidusHandling) {
+case DECODE:
+case REJECT: {
+buff[idx] = (byte) res;
+break;
+}
+case PASS_THROUGH: {
+buff[idx++] = buff[j - 2];
+buff[idx++] = buff[j - 1];
+buff[idx] = buff[j];
+}
+}
} else {
buff[idx] = (byte) res;
}
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index dd60a247cf..5e0225779b 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -127,7 +127,14 @@
time other %nn sequences are decoded. When set to
passthrough request paths containing a %2f
sequence will be processed with the %2f sequence unchanged.
- If not specified the default value is reject.
+
+ If passthrough is used then it is the application's
+ resposibility to perform any further %nn decoding required.
+ Any %25 sequences (encoded %) in the request
+ path with also be processed with the %25 sequence unchanged
+ to avoid potential corruption and/or decoding failure when the path is
+ subsequently %nn decoded by the application.
+ If not specified the default value is reject.
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index eaab13beac..a94b3095dc 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -123,7 +123,14 @@
time other %nn sequences are decoded. When set to
passthrough request paths containing a %2f
sequence will be processed with the %2f sequence unchanged.
- If not specified the default value is reject.
+
+ If passthrough is used then it is the application's
+ resposibility to perform any further %nn decoding required.
+ Any %25 sequences (encoded %) in the request
+ path with also be processed with the %25 sequence unchanged
+ to avoid potential corruption and/or decoding failure when the path is
+ subsequently %nn decoded by the application.
+ If not specified the default value is reject.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: On our reproducible builds
Rainer, On 11/9/24 4:52 AM, Rainer Jung wrote: Hi there, I checked build reproducibility for the first time (apologies) and it worked pretty well, at least for TC 11 and 10.1. That is great. I have a few observations to share: 1) codesigning, gpg ::: The source code includes the build.properties.release file. Two of its lines are IMHO questionable: do.codesigning=true gpg.exec=C:/Program Files (x86)/GnuPG/bin/gpg.exe These lines mean, that if I just want to check reproducibility, I need to set do.codesigning=false in my local build.properties. No, you can leave this set to true. If the code is already signed, you will not produce new signatures. The GPG ones from the RM will remain. The detached signatures for the Windows binaries will be re-attached during the build to the binaries YOU build, and the signatures should be correct. In BUILDING.txt we document, that you have to set do.codesigning=true to use codesigning, but in fact it is already set to true and you have to set to false to not use code signing. BUILDING.txt isn't really meant for an audience who is verifying releases. Similar for gpg.exec: Since I can not use the RM's key, when doing a reproducibility check, I would not sign the files using gpg. That should be the default and for TC 11 and 10.1 it was for me, because the value of gpg.exec in the build.properties.release did not point to a valid path on my system. For TC 9 it did, so I had to overwrite gpg.exec. This should be okay, because you should not be signing anything in order to verify a release. I may have set up a chicken-and-egg situation where the RM sets a gpg.exec setting which does not work in your environment (which should be okay) but in order to do "ant release" there is a test to see if GPG is working. That test should be skipped when verifying a release. I thought about it initially when adding that check and did not go back to see what the best way would be to ensure (a) the release-build does not fail due to GPG failing (missing binary/wrong path, or bad password) and (b) ignore everything when /verifying/ a release. I cannot remember why I added gpg.exec to build.properties.release. I tend to agree that it probably doesn't belong in there. Maybe it would be better to add the two lines commented out? At least for the gpg.exec it would still document, what was used without making it the default value on other user's systems? 2) Reproducibility for TC 9 ::: If I run "ant release" with Java 17 as suggested in build.properties.release, I get the error, that for release including ffm you need 22. But if I run it with Java 22 then it seems I do not get a reproducible build? For Tomcat 9, I think we need to add the value of the Java version used to build FFM to build.properties.release. Right now, I think it's not mentioned anywhere. 3) locale : To make the build documentation reproducible I had to set export LANG=en_US.utf8 I did not check, whether and how I can replace setting a JVM system property instead. But I think if we want to make the build reproducible including docs, we need to either document the locale settings in build.properties.release or even better standardize on a given one. I think standardizing on en_US.utf8 should be fine. Thanks for pointing this out. I did not check the user's locale and, as it happens, my locale is always en_US.utf8. I think we should be able to set this in the build.properties.release for all Java-related things. I wonder about the Windows installer, though. I think the best locale to use would be en.utf8 and leave out the US part. Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1921844 - /tomcat/site/trunk/xdocs/migration-9.xml
All, I had this change sitting around on my computer from a long time ago, so I decided to commit it. I'm happy to remove it if it's redundant. -chris On 11/11/24 9:36 AM, schu...@apache.org wrote: Author: schultz Date: Mon Nov 11 14:36:05 2024 New Revision: 1921844 URL: http://svn.apache.org/viewvc?rev=1921844&view=rev Log: Add note about HTTP reason phrases being removed. Modified: tomcat/site/trunk/xdocs/migration-9.xml Modified: tomcat/site/trunk/xdocs/migration-9.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration-9.xml?rev=1921844&r1=1921843&r2=1921844&view=diff == --- tomcat/site/trunk/xdocs/migration-9.xml (original) +++ tomcat/site/trunk/xdocs/migration-9.xml Mon Nov 11 14:36:05 2024 @@ -91,6 +91,15 @@ versions of Apache Tomcat® + + + HTTP reason phrases have been https://bz.apache.org/bugzilla/show_bug.cgi?id=60362";>removed + entirely. Some non-RFC-compliant clients are known to fail when the + reason phrase is missing. Such failures are a problem with the client + and not with Tomcat. + + + The following change is present in 8.5.0 onwards. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1921845 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Mon Nov 11 15:13:44 2024 New Revision: 1921845 URL: http://svn.apache.org/viewvc?rev=1921845&view=rev Log: Announce release of v10.1.33. [This commit notification would consist of 74 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 10.1.33 Available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.33. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the /webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use. Apache Tomcat 10.1.33 is a bugfix and feature release. The notable changes compared to 10.1.31 include: - Fix a regression caused by the improvement 69333 which caused the tag release to be called when using tag pooling, and to be skipped when not using it. Patch submitted by Michal Sobkiewicz. - Further WebDAV fixes and improvements. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-10.1-doc/changelog.html Downloads: http://tomcat.apache.org/download-10.cgi Migration guides from Apache Tomcat 8.5.x and 9.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add additional unit tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a0d4fe0a02 Add additional unit tests
a0d4fe0a02 is described below
commit a0d4fe0a02b0d69bb4b6dccea011debe51b8572c
Author: Mark Thomas
AuthorDate: Mon Nov 11 17:01:24 2024 +
Add additional unit tests
---
test/org/apache/tomcat/util/buf/TestUDecoder.java | 42 +++
1 file changed, 42 insertions(+)
diff --git a/test/org/apache/tomcat/util/buf/TestUDecoder.java
b/test/org/apache/tomcat/util/buf/TestUDecoder.java
index b2ca73dd16..94dbd14fb6 100644
--- a/test/org/apache/tomcat/util/buf/TestUDecoder.java
+++ b/test/org/apache/tomcat/util/buf/TestUDecoder.java
@@ -219,6 +219,48 @@ public class TestUDecoder {
}
+@Test
+public void testURLDecodeStringSolidus10a() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10b() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus10c() throws IOException {
+String result = doTestSolidus("xx%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test(expected = CharConversionException.class)
+public void testURLDecodeStringSolidus11a() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.REJECT);
+Assert.assertEquals("xx%xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11b() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.PASS_THROUGH);
+Assert.assertEquals("xx%2f%25xx", result);
+}
+
+
+@Test
+public void testURLDecodeStringSolidus11c() throws IOException {
+String result = doTestSolidus("xx%2f%25xx",
EncodedSolidusHandling.DECODE);
+Assert.assertEquals("xx/%xx", result);
+}
+
+
private void doTestSolidus(String input, String expected) throws
IOException {
for (EncodedSolidusHandling solidusHandling :
EncodedSolidusHandling.values()) {
String result = doTestSolidus(input, solidusHandling);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-9.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/1168 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 9.0.x] 4e2d691c9dacd1a83931683abed0273fd245c44f Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69439] New: ExpiresFilter - improper handling of conflicting cache-control directives
https://bz.apache.org/bugzilla/show_bug.cgi?id=69439 Bug ID: 69439 Summary: ExpiresFilter - improper handling of conflicting cache-control directives Product: Tomcat 10 Version: 10.1.33 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: ch...@msn.com Target Milestone: -- Since multiple Cache-Control headers are allowed (via #addHeader), then conflict may happen. Currently ExpiresFilter pickup the first-added cache-control header as the effective field, cause follow-up directives (like no-store or max-age) to be ignored. rfc9111 - 4.2.1 - If directives conflict (e.g., both max-age and no-cache are present), the most restrictive directive should be honored. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
