[Bug 69486] Destroy data in memory completely after the request-response service is finished
https://bz.apache.org/bugzilla/show_bug.cgi?id=69486 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #11 from Mark Thomas --- The DBCP comparison is not valid. There are external factors that may invalidate a database connection that the connection pool cannot detect unless it tests the connection. There are tradeoffs for when it is best to perform that test and DBCP provides a range of options to enabled applications to select the strategy that works best for them. This proposal might protect against some Tomcat bugs in some circumstances but at the price of a performance penalty for every single request. I might be convinced that such a trade-off was worth making if it guaranteed that it would eliminate a class of bugs but it can't. CVE-2024-21733 being a case in point. I'm not convinced that is a trade-off that is reasonable and I am not seeing any other committers think it is either. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69574] tomcat 10.1.34 has java 22 build in libs and can't be run on java 11.
https://bz.apache.org/bugzilla/show_bug.cgi?id=69574 --- Comment #2 from Valentin --- Remy, thanks for quick reply. We are using it as servlet container with default settings. It happened on build system (java 21), after we upgrade from 10.1.16 this lib prevent from build. On RUNNING.txt where is no any information about java 22 needed to use this lib or run. /mnt/source/home/bamboo/xml-data/build-dir/AR-RUS-JOB1/archiva3/build.xml:61: Can't read [/mnt/source/home/bamboo/build/tomcat/tomcat10_tmp/lib] (Can't read [tomcat-coyote-ffm.jar] (Can't process class [org/apache/tomcat/util/net/openssl/panama/OpenSSLContext$1.class] (Unsupported version number [66.0] (maximum 65.65535, Java null at proguard.ant.ProGuardTask.execute(ProGuardTask.java:337) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:299) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99) at org.apache.tools.ant.Task.perform(Task.java:350) at org.apache.tools.ant.Target.execute(Target.java:449) at org.apache.tools.ant.Target.performTasks(Target.java:470) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1401) at org.apache.tools.ant.Project.executeTarget(Project.java:1374) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1264) at org.apache.tools.ant.Main.runBuild(Main.java:818) at org.apache.tools.ant.Main.startAnt(Main.java:223) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101) Caused by: java.io.IOException: Can't read [/mnt/source/home/bamboo/build/tomcat/tomcat10_tmp/lib] (Can't read [tomcat-coyote-ffm.jar] (Can't process class [org/apache/tomcat/util/net/openssl/panama/OpenSSLContext$1.class] (Unsupported version number [66.0] (maximum 65.65535, Java null at proguard.InputReader.readInput(InputReader.java:282) at proguard.InputReader.readInput(InputReader.java:229) at proguard.InputReader.readInput(InputReader.java:206) at proguard.InputReader.execute(InputReader.java:157) at proguard.pass.PassRunner.run(PassRunner.java:24) at proguard.ProGuard.readInput(ProGuard.java:330) at proguard.ProGuard.execute(ProGuard.java:123) at proguard.ant.ProGuardTask.execute(ProGuardTask.java:333) ... 15 more Caused by: java.io.IOException: Can't read [tomcat-coyote-ffm.jar] (Can't process class [org/apache/tomcat/util/net/openssl/panama/OpenSSLContext$1.class] (Unsupported version number [66.0] (maximum 65.65535, Java null))) at proguard.io.DirectorySource.readFiles(DirectorySource.java:84) at proguard.io.DirectorySource.pumpDataEntries(DirectorySource.java:54) at proguard.InputReader.readInput(InputReader.java:278) ... 22 more Caused by: java.io.IOException: Can't process class [org/apache/tomcat/util/net/openssl/panama/OpenSSLContext$1.class] (Unsupported version number [66.0] (maximum 65.65535, Java null)) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] SpnegoAuthenticator allows wrong calls to login/logout methods [tomcat]
michael-o commented on code in PR #819:
URL: https://github.com/apache/tomcat/pull/819#discussion_r1948630682
##
java/org/apache/catalina/authenticator/LoginlessAuthenticatorBase.java:
##
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.authenticator;
+
+import jakarta.servlet.ServletException;
+import org.apache.catalina.connector.Request;
+
+/**
+ * A base class for the Authenticator and Valve implementations
that do not allow login via username and
+ * password. Logout operation for those implementations is also forbidden.
+ */
+public abstract class LoginlessAuthenticatorBase extends AuthenticatorBase {
+
+@Override
+public void login(String username, String password, Request request)
throws ServletException {
+throw new ServletException("Authenticator does not support login
operation");
+}
+
+@Override
+public void logout(Request request) {
Review Comment:
I don't agree with this for SPNEGO. Logout is extremely helpful if you have
a delegated credential associated with the principal you want to dispose.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] SpnegoAuthenticator allows wrong calls to login/logout methods [tomcat]
michael-o commented on code in PR #819:
URL: https://github.com/apache/tomcat/pull/819#discussion_r1948630682
##
java/org/apache/catalina/authenticator/LoginlessAuthenticatorBase.java:
##
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.authenticator;
+
+import jakarta.servlet.ServletException;
+import org.apache.catalina.connector.Request;
+
+/**
+ * A base class for the Authenticator and Valve implementations
that do not allow login via username and
+ * password. Logout operation for those implementations is also forbidden.
+ */
+public abstract class LoginlessAuthenticatorBase extends AuthenticatorBase {
+
+@Override
+public void login(String username, String password, Request request)
throws ServletException {
+throw new ServletException("Authenticator does not support login
operation");
+}
+
+@Override
+public void logout(Request request) {
Review Comment:
I don't agree with this for SPNEGO. Logout is extremely helpful if you have
a delegated credential associated with the principal you have to dispose.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] SpnegoAuthenticator allows wrong calls to login/logout methods [tomcat]
michael-o commented on PR #819: URL: https://github.com/apache/tomcat/pull/819#issuecomment-2647329120 > Just a heads up that review of this will take a little longer as I need to get my SPNEGO test environment and and running again. I didn't see any issues in a quick code review but I want to explore a few things further in a test environment before making any code changes. There are two ways to fix this: * Just throw the exception: done * Implement somthing similiar to https://github.com/gssapi/mod_auth_gssapi?tab=readme-ov-file#gssapibasicauth I'd opt for the former for the time being. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ69504 move force recycle from log access method [tomcat]
rmaucher commented on PR #821: URL: https://github.com/apache/tomcat/pull/821#issuecomment-2647221854 The PR does a lot more than what it claims to do. I will not merge it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69574] New: tomcat 10.1.34 has java 22 build in libs and can't be run on java 11.
https://bz.apache.org/bugzilla/show_bug.cgi?id=69574 Bug ID: 69574 Summary: tomcat 10.1.34 has java 22 build in libs and can't be run on java 11. Product: Tomcat 10 Version: 10.1.34 Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Packaging Assignee: dev@tomcat.apache.org Reporter: valentin...@gmail.com Target Milestone: -- admin@m3 lib % unzip -p tomcat-coyote-ffm.jar META-INF/MANIFEST.MF Manifest-Version: 1.0 Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt Bundle-ManifestVersion: 2 Bundle-Name: tomcat-coyote-ffm Bundle-SymbolicName: org.apache.tomcat-coyote-ffm Bundle-Version: 10.1.34 Export-Package: org.apache.tomcat.util.net.openssl.panama;uses:="javax .net.ssl,org.apache.juli.logging,org.apache.tomcat.util.net,org.apach e.tomcat.util.res";version="10.1.34",org.apache.tomcat.util.openssl;v ersion="10.1.34" Implementation-Title: Apache Tomcat Implementation-Vendor: Apache Software Foundation Implementation-Version: 10.1.34 Import-Package: java.io,java.lang,java.lang.foreign,java.lang.invoke,j ava.lang.ref,java.math,java.net,java.nio,java.nio.charset,java.securi ty,java.security.cert,java.util,java.util.concurrent,java.util.functi on,java.util.stream,javax.net.ssl,javax.security.auth.x500,org.apache .juli.logging;version="[10.1,11)",org.apache.tomcat.util.buf;version= "[10.1,11)",org.apache.tomcat.util.compat;version="[10.1,11)",org.apa che.tomcat.util.file;version="[10.1,11)",org.apache.tomcat.util.net;v ersion="[10.1,11)",org.apache.tomcat.util.net.jsse;version="[10.1,11) ",org.apache.tomcat.util.net.openssl;version="[10.1,11)",org.apache.t omcat.util.net.openssl.ciphers;version="[10.1,11)",org.apache.tomcat. util.res;version="[10.1,11)" Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=22))" Specification-Title: Apache Tomcat Specification-Vendor: Apache Software Foundation Specification-Version: 10.1 X-Compile-Source-JDK: 22 X-Compile-Target-JDK: 22 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69574] tomcat 10.1.34 has java 22 build in libs and can't be run on java 11.
https://bz.apache.org/bugzilla/show_bug.cgi?id=69574 Remy Maucherat changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Remy Maucherat --- It is normal that Tomcat 10.1 has Java 22+ classes in this JAR. However, it should not prevent running Tomcat 10.1 on Java 11. Please give more information on the configuration you are using and error you are getting. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69486] Destroy data in memory completely after the request-response service is finished
https://bz.apache.org/bugzilla/show_bug.cgi?id=69486 --- Comment #12 from Chen Jp --- Would to know how apache httpd server deal cleanup ops. // I'm not a C fan. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69574] tomcat 10.1.34 has java 22 build in libs and can't be run on java 11.
https://bz.apache.org/bugzilla/show_bug.cgi?id=69574 Remy Maucherat changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEEDINFO|RESOLVED --- Comment #3 from Remy Maucherat --- Ok, so it seems you are using a build system to process Tomcat. Then you are using proguard which in turn only seems to support Java 21 bytecode, given the error. In that case, the tomcat-coyote-ffm.jar JAR needs to be handled in some way (most likely deleted). This does not change the Java requirements that we advertise with Tomcat 10.1 since we support either our scripts for Tomcat standalone or the Tomcat embedded packaging (which will not include the Java 22 classes) for running Tomcat, and neither option requires Java 22. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ69486 - enhance #recycle - erase unused contents by writing zero. [tomcat]
rmaucher commented on PR #822: URL: https://github.com/apache/tomcat/pull/822#issuecomment-2647204013 Still -1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ69486 - enhance #recycle - erase unused contents by writing zero. [tomcat]
rmaucher closed pull request #822: BZ69486 - enhance #recycle - erase unused contents by writing zero. URL: https://github.com/apache/tomcat/pull/822 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 9.0.99
The following votes were cast: Binding: +1: isapir, remm, markt, rjung, schultz Non-binding: +1: dsoumis The vote therefore passes. Thanks to everyone who contributed to this release. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] BZ69446 - add parameter maxPutFileSize in DefaultServlet [tomcat]
Chenjp opened a new pull request, #823: URL: https://github.com/apache/tomcat/pull/823 Enhance PUT destination resource size restriction on both Fully and Partial PUTs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 11.0.3
The following votes were cast: Binding: +1: isapir, markt, remm, rjung, schultz Non-Binding: +1: dsoumis The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69446] HttpServlet doPut - storage exhausted without maxFileSize limitation
https://bz.apache.org/bugzilla/show_bug.cgi?id=69446 --- Comment #4 from Chen Jp --- PR 823. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r74822 - /dev/tomcat/tomcat-11/v11.0.3/ /release/tomcat/tomcat-11/v11.0.3/
Author: markt Date: Mon Feb 10 10:32:58 2025 New Revision: 74822 Log: Release Tomcat 11.0.3 Added: release/tomcat/tomcat-11/v11.0.3/ - copied from r74821, dev/tomcat/tomcat-11/v11.0.3/ Removed: dev/tomcat/tomcat-11/v11.0.3/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-training) branch main updated: Fix background
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-training.git
The following commit(s) were added to refs/heads/main by this push:
new ecbfa3c Fix background
ecbfa3c is described below
commit ecbfa3cd46734c278a729a0df16a04e5e1326cda
Author: Mark Thomas
AuthorDate: Mon Feb 10 11:18:40 2025 +
Fix background
---
modules/intro-markt.html | 8 +++--
modules/tomcat-11-jakarta-ee-11.html | 52 ++
modules/wrap-up-presentation.html | 12 +--
presentations/tomcat-11-jakarta-ee-11.html | 26 ++-
4 files changed, 57 insertions(+), 41 deletions(-)
diff --git a/modules/intro-markt.html b/modules/intro-markt.html
index ac07d1b..7912ede 100644
--- a/modules/intro-markt.html
+++ b/modules/intro-markt.html
@@ -14,14 +14,18 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
+
Introduction
Mark Thomas
ma...@apache.org
Hosted at GitHub in the https://github.com/apache/tomcat-training";>tomcat-training
repository
Pull requests welcome
-
+
Tomcat since 2003Committer, PMC member
Commons - Daemon, Pool, DBCP, BCELCommitter, PMC member
ASF member, ASF security team, ASF infrastructure team,Director
2016-19, VP Brand Management since 2018
diff --git a/modules/tomcat-11-jakarta-ee-11.html
b/modules/tomcat-11-jakarta-ee-11.html
index 7bca10e..07be3ca 100644
--- a/modules/tomcat-11-jakarta-ee-11.html
+++ b/modules/tomcat-11-jakarta-ee-11.html
@@ -14,21 +14,27 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
+
Agenda
Overview
Changes
Tomcat 11
Questions
-
+
Overview - Versioning
Tomcat major versions aligned with Servlet specification releases
Servlet specification releases aligned with and Jakarta EE releases
Tomcat 11 - Servlet 6.1 - Jakarta EE 11
Hope to keep Tomcat major version and Jakarta EE version aligned
-
+
Jakarta EE 11 - Tomcat 11
42 individual specifications - Tomcat implements 6
Those 6 are complete and released
@@ -37,7 +43,9 @@
Daily testing against 5 TCKs
Authentication TCK uses different framework - work in progress
-
+
Overview - Timing
Jakarta EE 10 was released Q3 2022
Jakarta EE 11 originally planned for Q1 2024
@@ -46,12 +54,16 @@
Tomcat 11.0.0-M1 2022-12-05
Tomcat 11.0.0 2024-10-09
-
+
Changes - Jakarta EE 11 Platform
Requires a minimum of Java 17
No SecurityManager support
-
+
Changes - Jakarta Servlet - 6.1
Safe HTTP session access for WebSocket
@@ -67,29 +79,39 @@ public interface HttpSession {
-
+
Changes - Jakarta Servlet - 6.1
Invalid request parameters will always trigger an exception
HTTP/2 server push is deprecated
Lots of clarifications
-
+
Changes - Jakarta Pages - 4.0
Depreacted classes and methods have been removed
Updated ErrorData to support the new request attribute
jakarta.servlet.error.query_string
-
+
Changes - Jakarta WebSocket - 2.2
Clarifed the responsibility for sending Ping messages
Added getSession() method to SendResult
-
+
Changes - Expression Language - 6.0
Remove all deprecated classes and methods
Dependency on JavaBeans API is now optional
Added support for java.util.Optional via OptionalELResolver
-
+
Changes - Tomcat 11
Specification / RFC updates
RFC 9218 - HTTP/2 priority frame support
@@ -98,13 +120,17 @@ public interface HttpSession {
Added virtual thread support
Added TLSCertificateReloadListener
-
+
Tomcat 11
First stable release will be on Wednesday
25th anniversary of first Tomcat commit at the ASF
Join us for cake
-
+
Tomcat 11
Major versions are supported for ~10 years
Regular monthly release cycle
diff --git a/modules/wrap-up-presentation.html
b/modules/wrap-up-presentation.html
index 50e70d2..bb006ad 100644
--- a/modules/wrap-up-presentation.html
+++ b/modules/wrap-up-presentation.html
@@ -14,10 +14,14 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
+
Questions?
-
+
Tomcat Resources
Web site: https://tomcat.apache.org";>https://tomcat.apache.org
Mailing lists: https://tomcat.apache.org/lists.html";>https://tomcat.apache.org/lists.html
@@ -25,6 +29,8 @@
Issue tracker: https://bz.apache.org/bugzilla";>https://bz.apache.org/bugzilla
Stack overflow
-
+
Thank you
diff --git a/presentations/tomcat-11-jakarta-ee-11.html
b/presentations/tomcat-11-jakarta-ee-11.html
index 17a5be4..4be42be 100644
--- a/presentations/tomcat-11-jakarta-ee-11.html
+++ b/presentations/tomcat-11-jakarta-ee-11.html
@@ -29,33 +29,13 @@
-
-
-
- body {
-position: relati
[ANN] Apache Tomcat 10.1.35 Available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.35. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the /webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use. Apache Tomcat 10.1.35 is a bugfix and feature release. The notable changes compared to 10.1.34 include: - Allow readOnly attribute configuration on the Resources element and allow configuration of the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. - Correct a regression in the fix for bug 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. - Expand the options for handling encoded '/' and '\' characters in URLs both in the Connector and when using a RequestDispatcher. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-10.1-doc/changelog.html Downloads: http://tomcat.apache.org/download-10.cgi Migration guides from Apache Tomcat 8.5.x and 9.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1923698 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Mon Feb 10 14:23:25 2025 New Revision: 1923698 URL: http://svn.apache.org/viewvc?rev=1923698&view=rev Log: Announce release of v10.1.35 [This commit notification would consist of 77 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Date for 9.0.99
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new f7c6ba4fa8 Date for 9.0.99 f7c6ba4fa8 is described below commit f7c6ba4fa8dafdd46681956a5fb459d5626626df Author: remm AuthorDate: Mon Feb 10 16:43:45 2025 +0100 Date for 9.0.99 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 8672051464..2776fee712 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -114,7 +114,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 9.0.99 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.99. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.99 is a bugfix and feature release. The notable changes compared to 9.0.98 include: - Allow readOnly attribute configuration on the Resources element and allow configuration of the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. - Correct a regression in the fix for bug 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. - Expand the options for handling encoded '/' and '\' characters in URLs both in the Connector and when using a RequestDispatcher. Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: https://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: https://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r74824 - /dev/tomcat/tomcat-9/v9.0.99/ /release/tomcat/tomcat-9/v9.0.99/
Author: remm Date: Mon Feb 10 12:30:58 2025 New Revision: 74824 Log: Release Apache Tomcat 9.0.99 Added: release/tomcat/tomcat-9/v9.0.99/ - copied from r74823, dev/tomcat/tomcat-9/v9.0.99/ Removed: dev/tomcat/tomcat-9/v9.0.99/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1923700 - in /tomcat/site/trunk: ./ docs/ xdocs/
Author: remm Date: Mon Feb 10 14:50:46 2025 New Revision: 1923700 URL: http://svn.apache.org/viewvc?rev=1923700&view=rev Log: Site update for 9.0.99 Modified: tomcat/site/trunk/build.properties.default tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-90.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-9.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-90.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-9.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1923700&r1=1923699&r2=1923700&view=diff == --- tomcat/site/trunk/build.properties.default (original) +++ tomcat/site/trunk/build.properties.default Mon Feb 10 14:50:46 2025 @@ -36,7 +36,7 @@ tomcat.loc=https://downloads.apache.org/ # - Tomcat versions - -tomcat9.0=9.0.98 +tomcat9.0=9.0.99 tomcat10.1=10.1.35 tomcat11.0=11.0.2 Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1923700&r1=1923699&r2=1923700&view=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Mon Feb 10 14:50:46 2025 @@ -74,8 +74,8 @@ Latest Stable 9.0.x Release -2024-12-09 -9.0.98 +2025-02-10 +9.0.99 Modified: tomcat/site/trunk/docs/download-90.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-90.html?rev=1923700&r1=1923699&r2=1923700&view=diff == --- tomcat/site/trunk/docs/download-90.html (original) +++ tomcat/site/trunk/docs/download-90.html Mon Feb 10 14:50:46 2025 @@ -10,7 +10,7 @@ Quick Navigation -[define v]9.0.98[end] +[define v]9.0.99[end] https://downloads.apache.org/tomcat/tomcat-9/KEYS";>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1923700&r1=1923699&r2=1923700&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Mon Feb 10 14:50:46 2025 @@ -34,6 +34,33 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2025-02-10 Tomcat 9.0.99 Released + +The Apache Tomcat Project is proud to announce the release of version 9.0.99 +of Apache Tomcat. This release implements specifications that are part of the +Java EE 8 platform. The notable changes compared to 9.0.98 include: + + Allow readOnly attribute configuration on the Resources element and + allow configuration of the readOnly attribute value of the main + resources. The attribute value will also be used by the default and + WebDAV Servlets. + + Correct a regression in the fix for bug 69382 that broke JSP + include actions if both the page attribute and the body contained + parameters. Pull request #803 provided by Chenjp. + + Expand the options for handling encoded '/' and '\' characters in + URLs both in the Connector and when using a RequestDispatcher. + + +Full details of these changes, and all the other changes, are available in the +Tomcat 9 +changelog. + + + +https://tomcat.apache.org/download-90.cgi";>Download + 2025-02-10 Tomcat 10.1.35 Released The Apache Tomcat Project is proud to announce the release of version 10.1.35 @@ -92,29 +119,6 @@ Full details of these changes, and all t https://tomcat.apache.org/download-migration.cgi";>Download -2024-12-09 Tomcat 9.0.98 Released - -The Apache Tomcat Project is proud to announce the release of version 9.0.98 -of Apache Tomcat. This release implements specifications that are part of the -Java EE 8 platform. The notable changes compared to 9.0.97 include: - -Add strong ETag support for the WebDAV and default servlet, which can - be enabled by using the useStrongETags init parameter with a value set - to true. The ETag generated will be a SHA-1 checksum of the resource - content. -Add support for RateLimit header fields for HTTP (RFC draft) in the - RateLimitFilter. -Update Tomcat's fork of Commons DBCP to 2.13.0. - - -Full details of these changes, and all the other changes, are available in the -Tomcat 9 -changelog. - - - -https://tomcat.apache.org/download-90.cgi";>Download - 2024-12-09 Tomcat 11.0.2 Released The Apache Tomc
svn commit: r1923704 - in /tomcat/site/trunk: ./ docs/ xdocs/
Author: markt
Date: Mon Feb 10 15:56:53 2025
New Revision: 1923704
URL: http://svn.apache.org/viewvc?rev=1923704&view=rev
Log:
Update site for 11.0.3 release
Modified:
tomcat/site/trunk/build.properties.default
tomcat/site/trunk/docs/download-11.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-11.0.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/download-11.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-11.0.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml
Modified: tomcat/site/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1923704&r1=1923703&r2=1923704&view=diff
==
--- tomcat/site/trunk/build.properties.default (original)
+++ tomcat/site/trunk/build.properties.default Mon Feb 10 15:56:53 2025
@@ -38,7 +38,7 @@ tomcat.loc=https://downloads.apache.org/
# - Tomcat versions -
tomcat9.0=9.0.99
tomcat10.1=10.1.35
-tomcat11.0=11.0.2
+tomcat11.0=11.0.3
# - Download destination -
tomcat-site-docs.home=${base.path}/tomcat-site-docs/
Modified: tomcat/site/trunk/docs/download-11.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-11.html?rev=1923704&r1=1923703&r2=1923704&view=diff
==
--- tomcat/site/trunk/docs/download-11.html (original)
+++ tomcat/site/trunk/docs/download-11.html Mon Feb 10 15:56:53 2025
@@ -19,7 +19,7 @@
Quick Navigation
-[define v]11.0.2[end]
+[define v]11.0.3[end]
https://downloads.apache.org/tomcat/tomcat-11/KEYS";>KEYS |
[v] |
Browse |
Modified: tomcat/site/trunk/docs/index.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1923704&r1=1923703&r2=1923704&view=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Mon Feb 10 15:56:53 2025
@@ -34,6 +34,39 @@ wiki page.
Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
project logo are trademarks of the Apache Software Foundation.
+2025-02-10 Tomcat 11.0.3 Released
+
+The Apache Tomcat Project is proud to announce the release of version 11.0.3
+of Apache Tomcat. This release implements specifications that are part of the
+Jakarta EE 11 platform.
+Users of Tomcat 10 onwards should be aware that, as a result of the move
from
+Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
+Foundation, the primary package for all implemented APIs has changed from
+javax.* to jakarta.*. This will almost certainly
+require code changes to enable applications to migrate from Tomcat 9 and
earlier
+to Tomcat 10 and later. A
+https://github.com/apache/tomcat-jakartaee-migration";>migration
+tool is available to aid this process.
+The notable changes in this release are:
+
+Allow readOnly attribute configuration on the Resources element and allow
+configuration of the readOnly attribute value of the main resources. The
+attribute value will also be used by the default and WebDAV Servlets.
+Correct a regression in the fix for bug 69382 that broke JSP include
actions
+if both the page attribute and the body contained parameters. Pull request
+#803 provided by Chenjp
+Expand the options for handling encoded '/' and '\' characters in URLs both
+in the Connector and when using a RequestDispatcher.
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 11
+changelog.
+
+
+
+https://tomcat.apache.org/download-11.cgi";>Download
+
2025-02-10 Tomcat 9.0.99 Released
The Apache Tomcat Project is proud to announce the release of version 9.0.99
@@ -119,38 +152,6 @@ Full details of these changes, and all t
https://tomcat.apache.org/download-migration.cgi";>Download
-2024-12-09 Tomcat 11.0.2 Released
-
-The Apache Tomcat Project is proud to announce the release of version 11.0.2
-of Apache Tomcat. This release implements specifications that are part of the
-Jakarta EE 11 platform.
-Users of Tomcat 10 onwards should be aware that, as a result of the move
from
-Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
-Foundation, the primary package for all implemented APIs has changed from
-javax.* to jakarta.*. This will almost certainly
-require code changes to enable applications to migrate from Tomcat 9 and
earlier
-to Tomcat 10 and later. A
-https://github.com/apache/tomcat-jakartaee-migration";>migration
-tool is available to aid this process.
-The notable changes in this release are:
-
-Add strong ETag support for the WebDAV and default servlet, which can
-be enabled by using the useStrongETags init parameter with a value set
-
svn commit: r1923703 - in /tomcat/site/trunk/docs/tomcat-11.0-doc: ./ annotationapi/ annotationapi/jakarta/annotation/ annotationapi/jakarta/annotation/security/ annotationapi/jakarta/annotation/sql/
Author: markt Date: Mon Feb 10 15:55:16 2025 New Revision: 1923703 URL: http://svn.apache.org/viewvc?rev=1923703&view=rev Log: Update docs for 11.0.3 release [This commit notification would consist of 76 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Choosing an official language for Tomcat release builds
On 10/02/2025 13:55, Christopher Schultz wrote:
Assuming we agree that the official releases of Tomcat should have
documentation in English, then I have a further proposal:
+1
- Add "locale" attribute to the tasks in the build with
an explicit locale
+1
For release-managers, I will update the pre-release target to include
javadoc-locale=en_US (or en_GB or just 'en' if we like).
I don't think it matters. Anything that varies (e.g. date format) we
already use an unambiguous form anyway.
In build.properties.default, I will set javadoc-locale to ${user.language}.
I think that is fine since .release takes priority over .default
This should allow anyone downstream to build javadocs in their own
language (either via git clone or pulling the source and removing the
javadoc-locale in build.properties.release) and also users in non-
English default locales to verify a release build.
Now that I've written the above paragraph, it does mean that it's not
trivial for a user to build the javadocs in their own language. I'd love
to hear some suggestions for how to do that with an official source
package. Maybe the "release" target can set the locale somehow. ATM, the
tasks that set up all the properties are outside any target
and apply before any targets get to run, so they cannot be conditional.
We could change that if we want to, though...
build.properties always takes priority so they just need to set a locale
in there.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 44116] Multiple JSESSIONID handling with overlapping domains does not work
https://bz.apache.org/bugzilla/show_bug.cgi?id=44116 Domains Yesterday changed: What|Removed |Added CC||domainsyester...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 11.0.3 Available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.3. Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process. The notable changes compared to 11.0.2 include: - Allow readOnly attribute configuration on the Resources element and allow configuration of the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. - Correct a regression in the fix for bug 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. - Expand the options for handling encoded '/' and '\' characters in URLs both in the Connector and when using a RequestDispatcher. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-11.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-11.cgi Migration guides from Apache Tomcat 9.0.x and 10.1.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 44116] Multiple JSESSIONID handling with overlapping domains does not work
https://bz.apache.org/bugzilla/show_bug.cgi?id=44116 Domains Yesterday changed: What|Removed |Added URL||https://www.domainsyesterda ||y.com Keywords||APIBug -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] Prevention of Util Class Institution [tomcat]
koust6u opened a new pull request, #824: URL: https://github.com/apache/tomcat/pull/824 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 44116] Multiple JSESSIONID handling with overlapping domains does not work
https://bz.apache.org/bugzilla/show_bug.cgi?id=44116 Chuck Caldarale changed: What|Removed |Added CC|domainsyester...@gmail.com | URL|https://www.domainsyesterda | |y.com | Keywords|APIBug | -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Choosing an official language for Tomcat release builds
Am 10.02.25 um 17:02 schrieb Mark Thomas:
On 10/02/2025 13:55, Christopher Schultz wrote:
Assuming we agree that the official releases of Tomcat should have
documentation in English, then I have a further proposal:
+1
- Add "locale" attribute to the tasks in the build with
an explicit locale
+1
For release-managers, I will update the pre-release target to include
javadoc-locale=en_US (or en_GB or just 'en' if we like).
I don't think it matters. Anything that varies (e.g. date format) we
already use an unambiguous form anyway.
In build.properties.default, I will set javadoc-locale to
${user.language}.
I think that is fine since .release takes priority over .default
This should allow anyone downstream to build javadocs in their own
language (either via git clone or pulling the source and removing the
javadoc-locale in build.properties.release) and also users in non-
English default locales to verify a release build.
Now that I've written the above paragraph, it does mean that it's not
trivial for a user to build the javadocs in their own language. I'd
love to hear some suggestions for how to do that with an official
source package. Maybe the "release" target can set the locale somehow.
ATM, the tasks that set up all the properties are outside
any target and apply before any targets get to run, so they cannot be
conditional. We could change that if we want to, though...
build.properties always takes priority so they just need to set a locale
in there.
II agree with everything but note that IMHO at least on Linux the
environment variable LANG takes precedence. I could not build english
javadocs with the javascript locale attribute or user.lang or whatever
Java properties when LANG pointed to a german locale.
But that might be handled by a build docs notice.
I will retry the experiment when the new props are in.
Best regards,
Rainer
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ69446 - add parameter maxPutFileSize in DefaultServlet [tomcat]
Chenjp commented on PR #823: URL: https://github.com/apache/tomcat/pull/823#issuecomment-2647885063 > The feedback was that this serves no purpose. I believe it is correct. > > For processing of POST and some others like that, processing takes memory. Also we do not know what the app will do with the data. Hence limiting could be important and it justifies having some setting. > > But PUT in the DefaultServlet is not the same. Let's say a security conscious user such as you already disabled partial PUT. A malicious user can then write the same amount of data on the server storage using a trivial increase of the amount of input even if your setting is in place. The main difference would be using separate HTTP requests. So then you would be expected to catch that pattern using some kind of extra protection (where it would also be possible to check the request length) ? > > As a result, adding this setting still does not make sense to me. Rate limiter filter, or WAF can detect and block those requests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69575] org.apache.coyote.CompressionConfig doesn't recognize "zstd" compression
https://bz.apache.org/bugzilla/show_bug.cgi?id=69575 Todor Bonchev changed: What|Removed |Added CC||todo...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69575] New: org.apache.coyote.CompressionConfig doesn't recognize "zstd" compression
https://bz.apache.org/bugzilla/show_bug.cgi?id=69575 Bug ID: 69575 Summary: org.apache.coyote.CompressionConfig doesn't recognize "zstd" compression Product: Tomcat 9 Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: todo...@gmail.com Target Milestone: - When a response is already compressed with "zstd" compression algorithm, org.apache.coyote.CompressionConfig doesn't recognize it, applies "gzip" compression ontop of "zstd" and then overrides "Content-Encoding" with "gzip" value. If gzip is applied ontop of zstd, the content-encoding value should be "zstd, gzip" instead of only gzip, but ideally if the response is already encoded with zstd, tomcat shouldn't apply gzip ontop of it. At the moment if the response is already encoded and tomcat applies gzip on top of the existing encoding and doesn't preserve the original encoding in the header "content-encoding" value, the browser (or another client) just decompress the response with gzip and receives data that it doesn't know how to decode because the value from the header is erased from tomcat server. Reference: https://github.com/apache/tomcat/blob/main/java/org/apache/coyote/CompressionConfig.java#L211 here only gzip and br are checked before encoding. https://github.com/apache/tomcat/blob/main/java/org/apache/coyote/CompressionConfig.java#L290C35-L290C51 here only gzip is set as content-encoding. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] New committer: Dimitris Soumis
On behalf of the Tomcat committers I am happy to announce that John Engebretson (jengebr) has been voted in as a new Tomcat committer. Please join me in congratulating and welcoming John. Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] New committer: John Engebretson
On behalf of the Tomcat committers I am happy to announce that John Engebretson (jengebr) has been voted in as a new Tomcat committer. Please join me in congratulating and welcoming John. Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] New committer: Dimitris Soumis
All, Whoops, "Edit as New" strikes again! -chris On 2/10/25 9:05 AM, Christopher Schultz wrote: On behalf of the Tomcat committers I am happy to announce that John Engebretson (jengebr) has been voted in as a new Tomcat committer. Please join me in congratulating and welcoming John. Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ69446 - add parameter maxPutFileSize in DefaultServlet [tomcat]
rmaucher commented on PR #823: URL: https://github.com/apache/tomcat/pull/823#issuecomment-2647874011 The feedback was that this serves no purpose. I believe it is correct. For processing of POST and some others like that, processing takes memory. Also we do not know what the app will do with the data. Hence limiting could be important and it justifies having some setting. But PUT in the DefaultServlet is not the same. Let's say a security conscious user such as you already disabled partial PUT. A malicious user can then write the same amount of data on the server storage using a trivial increase of the amount of input even if your setting is in place. The main difference would be using separate HTTP requests. So then you would be expected to catch that pattern using some kind of extra protection (where it would also be possible to check the request length) ? As a result, adding this setting still does not make sense to me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][OT] Release Apache Tomcat 10.1.35
Rainer,
On 2/7/25 4:21 PM, Rainer Jung wrote:
Am 07.02.25 um 21:50 schrieb Rainer Jung:
Hi Chris,
Am 07.02.25 um 20:44 schrieb Christopher Schultz:
Rainer,
On 2/7/25 2:38 PM, Rainer Jung wrote:
Am 04.02.25 um 23:10 schrieb Christopher Schultz:
The proposed Apache Tomcat 10.1.35 release is now available for
voting.
All committers and PMC members are kindly requested to provide a
vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members
votes are binding. We welcome non-committer votes or comments on
release builds.
The notable changes compared to 10.1.34 are:
- Allow readOnly attribute configuration on the Resources element and
allow configuration of the readOnly attribute value of the main
resources. The attribute value will also be used by the default and
WebDAV Servlets.
- Correct a regression in the fix for bug 69382 that broke JSP
include actions if both the page attribute and the body contained
parameters. Pull request #803 provided by Chenjp.
- Expand the options for handling encoded '/' and '\' characters in
URLs both in the Connector and when using a RequestDispatcher.
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on
Tomcat 10 without changes. Java EE applications designed for Tomcat
9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee
directory and Tomcat will automatically convert them to Jakarta EE
and copy them to the webapps directory.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.35/
The Maven staging repo is:
https://repository.apache.org/content/repositories/
orgapachetomcat-1530
The tag is:
https://github.com/apache/tomcat/tree/10.1.35
https://github.com/apache/tomcat/
commit/9636e5188311f30c1e46c94191d2145998778bf4
Please reply with a +1 for release or +0/-0/-1 with an explanation.
+1
Reproducibility of the build checked (except for Windows installer
and signing) on Linux Mint 22.1. OK after setting LANG.
I'd still like to look-in on this. For the installer, are you willing
to install Wine?
I could but I'm not so eager putting wine on my laptop.
Interestingly I use NSIS to build windows installers completely on
Linux. That is one of the nice features of NSIS. Currently the only
reason I see, why wine is really used, is the tempinstaller.exe which
is created and then executed to create the uninstaller. When I use
NSIS, it can create the uninstaller directly, but I have not yet
investigated why we need this indirection.
It seems it has to do with how we do code signing, but I haven't fully
understood the details. When building an installer myself, I use
!finalize 'mysignscript myinstaller.exe'
!uninstfinalize 'mysignscript myuninstaller.exe'
inside the nsi script file.
I do not know, whether this would be feasible with how we use jsign and
the cloud signing service, but it should be doable. I haven't understood
though, how the detached signatures are used. I don't seem to use
detached signatures when doing my installer.
NSIS isn't responsible for signing the installer and uninstaller. We use
jsign for that, so swapping makensis for nsis.exe should not interfere.
Without code signing (do.codesigning=false), the following changes at
least run on Linux without wine and produce an installer. But I still
have to check, whether the intsaller actually works:
--- build.xml.kpdt_orig 2025-02-04 18:40:20.0 +0100
+++ build.xml 2025-02-07 22:12:14.418108524 +0100
@@ -2565,6 +2565,7 @@
+
@@ -2618,11 +2619,10 @@
-
-
-
-
-
+
+
+
+
@@ -2632,9 +2632,11 @@
osfamily="windows" />
+
@@ -2671,10 +2673,9 @@
-
-
-
-
+
+
+
tofile="${tomcat.release}/v${version}/bin/${final.name}.exe" />
BUT: IMHO without using the official signing service, the installer will
never be reproduced by me. So even if I make some sort of code-signing
work, building the installer would just show, that the file is produced.
When the build "does code-signing" there are two paths:
1. No local detached signature file exists. This is what the release
manager encounters. Jsign takes the binary, sends it to the code-signing
service and requests a signature using the user's credentials. Our build
then saves the signature to a separate file (e.g.
res/install-win/tomcat-installer.exe.sig), and also adds the signature
to the .exe file itself.
2. A local detached signature file exists. This is what everybody
receives from the release manager in the source tarball. Jsign takes the
detached signature and attaches it to the installer file you built yourself.
If th
Choosing an official language for Tomcat release builds
All,
This is already a de-facto standard (I think), but I propose that we
make an actual decision rather than just leave it as a loose policy. If
this has already been decided, please point me to some evidence of that.
I know that the official language of the ASF and all mailing list comms,
etc. should be conducted in English, but does that cover the documentation?
Without a lot of fuss, we can only generate Javadoc in a single
language. Thus far, all release managers have been using English as
their default locale during builds, which results in English-language
javadocs. The ant script doesn't specify a language (probably so users
can get javadocs in their own language!), so it must be that the RM is
doing this, possibly passively.
Assuming we agree that the official releases of Tomcat should have
documentation in English, then I have a further proposal:
- Add "locale" attribute to the tasks in the build with
an explicit locale
For release-managers, I will update the pre-release target to include
javadoc-locale=en_US (or en_GB or just 'en' if we like).
In build.properties.default, I will set javadoc-locale to ${user.language}.
This should allow anyone downstream to build javadocs in their own
language (either via git clone or pulling the source and removing the
javadoc-locale in build.properties.release) and also users in
non-English default locales to verify a release build.
Now that I've written the above paragraph, it does mean that it's not
trivial for a user to build the javadocs in their own language. I'd love
to hear some suggestions for how to do that with an official source
package. Maybe the "release" target can set the locale somehow. ATM, the
tasks that set up all the properties are outside any target
and apply before any targets get to run, so they cannot be conditional.
We could change that if we want to, though...
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.35
All, The following votes were cast: Binding: +1: isapir, markt, remm, schultz, rjung Non-binding: +1: dsoumis There were no other votes, therefore the vote passes. Thanks to everyone who contributed towards this release. -chris On 2/4/25 5:10 PM, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.35 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.34 are: - Allow readOnly attribute configuration on the Resources element and allow configuration of the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. - Correct a regression in the fix for bug 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. - Expand the options for handling encoded '/' and '\' characters in URLs both in the Connector and when using a RequestDispatcher. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.35/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1530 The tag is: https://github.com/apache/tomcat/tree/10.1.35 https://github.com/apache/tomcat/ commit/9636e5188311f30c1e46c94191d2145998778bf4 Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r74826 - /dev/tomcat/tomcat-10/v10.1.35/ /release/tomcat/tomcat-10/v10.1.35/
Author: schultz Date: Mon Feb 10 14:00:22 2025 New Revision: 74826 Log: Promote release candidate Added: release/tomcat/tomcat-10/v10.1.35/ - copied from r74825, dev/tomcat/tomcat-10/v10.1.35/ Removed: dev/tomcat/tomcat-10/v10.1.35/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1923702 - /tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/NonPipeliningProcessor.html
Author: remm Date: Mon Feb 10 14:57:29 2025 New Revision: 1923702 URL: http://svn.apache.org/viewvc?rev=1923702&view=rev Log: Javadoc update for 9.0.99 Added: tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/NonPipeliningProcessor.html Added: tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/NonPipeliningProcessor.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/NonPipeliningProcessor.html?rev=1923702&view=auto == --- tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/NonPipeliningProcessor.html (added) +++ tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/NonPipeliningProcessor.html Mon Feb 10 14:57:29 2025 @@ -0,0 +1,105 @@ + + + + +NonPipeliningProcessor (Apache Tomcat 9.0.99 API Documentation) + + + + + + + + + + + + +var pathtoroot = "../../../"; +loadScripts(document, 'script'); + +JavaScript is disabled on your browser. + + + + + + +Skip navigation links +Apache Tomcat® 9.0.99 + +Overview +Package +Class +Tree +Deprecated +Index +Help + + + + + +Summary: +Nested | +Field | +Constr | +Method + + +Detail: +Field | +Constr | +Method + + +SEARCH: + + + + + + + + + + + +Package org.apache.coyote +Interface NonPipeliningProcessor + + + +All Superinterfaces: +Processor + + +public interface NonPipeliningProcessor +extends Processor +Marker interface used to indicate that the Processor does not implement pipe-lining of requests (e.g. + HTTP/1.1 supports pipe-lining whereas HTTP/2 does not) which may enable some components to clear references sooner + to aid GC. + + + + + + +Method Summary + +Methods inherited from interface org.apache.coyote.Processor +checkAsyncTimeoutGeneration, getLeftoverInput, getRequest, getUpgradeToken, isAsync, isUpgrade, pause, process, recycle, setSslSupport, timeoutAsync + + + + + + + + +Copyright © 2000-2025 Apache Software Foundation. Apache Tomcat, Tomcat, Apache, the Apache Tomcat logo and the Apache logo are either registered trademarks or trademarks of the Apache Software Foundation. + + + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1923701 - in /tomcat/site/trunk/docs/tomcat-9.0-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ api/ ap
Author: remm Date: Mon Feb 10 14:56:43 2025 New Revision: 1923701 URL: http://svn.apache.org/viewvc?rev=1923701&view=rev Log: Javadoc update for 9.0.99 [This commit notification would consist of 83 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Replace wine by makensis for Linux and use finalization to sign (un)installer [tomcat]
ChristopherSchultz commented on PR #825: URL: https://github.com/apache/tomcat/pull/825#issuecomment-2649493419 I think we can't build-and-sign the installer and uninstaller in this way and still produce reproducible builds. As long as `makensis` can be used to produce an unsigned uninstaller and installer with our build producing detached signatures, then I'm okay with this. Oh, and makensis needs to produce byte-for-byte identical binaries as nsis.exe, of course. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Replace wine by makensis for Linux and use finalization to sign (un)installer [tomcat]
rainerjung commented on PR #825: URL: https://github.com/apache/tomcat/pull/825#issuecomment-2649588843 Why do you think that it wouldn't be reproducible? My patch should still provide the detached signature and use it it already available. And the makensis linux binary should create the same installer as the makensis windows exe. So it would be nice, it you could test it. I tried it with locally signing with a non-official cert/key and it seemed to work. Whether the installers are cross platform reproducible I don't know. We have to test. But I also do not know whether anyone tested the reproducability using wine versus native windows. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Use JSON style format for the instant by default
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3b5ff241a7 Use JSON style format for the instant by default
3b5ff241a7 is described below
commit 3b5ff241a75119f2973b58273e3fc069467e8011
Author: remm
AuthorDate: Mon Feb 10 23:11:06 2025 +0100
Use JSON style format for the instant by default
---
java/org/apache/juli/JsonFormatter.java | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/juli/JsonFormatter.java
b/java/org/apache/juli/JsonFormatter.java
index 1ea14a01de..d67ebb2110 100644
--- a/java/org/apache/juli/JsonFormatter.java
+++ b/java/org/apache/juli/JsonFormatter.java
@@ -16,6 +16,7 @@
*/
package org.apache.juli;
+import java.util.logging.LogManager;
import java.util.logging.LogRecord;
/**
@@ -25,7 +26,7 @@ import java.util.logging.LogRecord;
*
* The LogRecord is mapped as attributes:
*
- * time: the log record timestamp
+ * time: the log record timestamp, with the default format as {@code
-MM-dd'T'HH:mm:ss.SSSX}
* level: the log level
* thread: the current on which the log occurred
* class: the class from which the log originated
@@ -39,6 +40,16 @@ import java.util.logging.LogRecord;
*/
public class JsonFormatter extends OneLineFormatter {
+private static final String DEFAULT_TIME_FORMAT =
"-MM-dd'T'HH:mm:ss.SSSX";
+
+public JsonFormatter() {
+String timeFormat =
LogManager.getLogManager().getProperty(JsonFormatter.class.getName() +
".timeFormat");
+if (timeFormat == null) {
+timeFormat = DEFAULT_TIME_FORMAT;
+}
+setTimeFormat(timeFormat);
+}
+
@Override
public String format(LogRecord record) {
StringBuilder sb = new StringBuilder();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Use JSON style format for the instant by default
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 7d00d166ee Use JSON style format for the instant by default
7d00d166ee is described below
commit 7d00d166ee5992b1dcccf6d0248833f5b3214eea
Author: remm
AuthorDate: Mon Feb 10 23:11:06 2025 +0100
Use JSON style format for the instant by default
---
java/org/apache/juli/JsonFormatter.java | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/juli/JsonFormatter.java
b/java/org/apache/juli/JsonFormatter.java
index 1ea14a01de..d67ebb2110 100644
--- a/java/org/apache/juli/JsonFormatter.java
+++ b/java/org/apache/juli/JsonFormatter.java
@@ -16,6 +16,7 @@
*/
package org.apache.juli;
+import java.util.logging.LogManager;
import java.util.logging.LogRecord;
/**
@@ -25,7 +26,7 @@ import java.util.logging.LogRecord;
*
* The LogRecord is mapped as attributes:
*
- * time: the log record timestamp
+ * time: the log record timestamp, with the default format as {@code
-MM-dd'T'HH:mm:ss.SSSX}
* level: the log level
* thread: the current on which the log occurred
* class: the class from which the log originated
@@ -39,6 +40,16 @@ import java.util.logging.LogRecord;
*/
public class JsonFormatter extends OneLineFormatter {
+private static final String DEFAULT_TIME_FORMAT =
"-MM-dd'T'HH:mm:ss.SSSX";
+
+public JsonFormatter() {
+String timeFormat =
LogManager.getLogManager().getProperty(JsonFormatter.class.getName() +
".timeFormat");
+if (timeFormat == null) {
+timeFormat = DEFAULT_TIME_FORMAT;
+}
+setTimeFormat(timeFormat);
+}
+
@Override
public String format(LogRecord record) {
StringBuilder sb = new StringBuilder();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Use JSON style format for the instant by default
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new b0fb9a867d Use JSON style format for the instant by default
b0fb9a867d is described below
commit b0fb9a867d3c04bf26bbf57c075457d221c559df
Author: remm
AuthorDate: Mon Feb 10 23:11:06 2025 +0100
Use JSON style format for the instant by default
---
java/org/apache/juli/JsonFormatter.java | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/juli/JsonFormatter.java
b/java/org/apache/juli/JsonFormatter.java
index b0ae7e9576..5947e8ce46 100644
--- a/java/org/apache/juli/JsonFormatter.java
+++ b/java/org/apache/juli/JsonFormatter.java
@@ -16,6 +16,7 @@
*/
package org.apache.juli;
+import java.util.logging.LogManager;
import java.util.logging.LogRecord;
/**
@@ -25,7 +26,7 @@ import java.util.logging.LogRecord;
*
* The LogRecord is mapped as attributes:
*
- * time: the log record timestamp
+ * time: the log record timestamp, with the default format as {@code
-MM-dd'T'HH:mm:ss.SSSX}
* level: the log level
* thread: the current on which the log occurred
* class: the class from which the log originated
@@ -39,6 +40,16 @@ import java.util.logging.LogRecord;
*/
public class JsonFormatter extends OneLineFormatter {
+private static final String DEFAULT_TIME_FORMAT =
"-MM-dd'T'HH:mm:ss.SSSX";
+
+public JsonFormatter() {
+String timeFormat =
LogManager.getLogManager().getProperty(JsonFormatter.class.getName() +
".timeFormat");
+if (timeFormat == null) {
+timeFormat = DEFAULT_TIME_FORMAT;
+}
+setTimeFormat(timeFormat);
+}
+
@Override
public String format(LogRecord record) {
StringBuilder sb = new StringBuilder();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Use JSON style format for the instant by default
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 10b3ff9c35 Use JSON style format for the instant by default
10b3ff9c35 is described below
commit 10b3ff9c357607a76e6af0951dfa63f7219e65d3
Author: remm
AuthorDate: Mon Feb 10 23:11:06 2025 +0100
Use JSON style format for the instant by default
---
java/org/apache/juli/JsonFormatter.java | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/juli/JsonFormatter.java
b/java/org/apache/juli/JsonFormatter.java
index b0ae7e9576..5947e8ce46 100644
--- a/java/org/apache/juli/JsonFormatter.java
+++ b/java/org/apache/juli/JsonFormatter.java
@@ -16,6 +16,7 @@
*/
package org.apache.juli;
+import java.util.logging.LogManager;
import java.util.logging.LogRecord;
/**
@@ -25,7 +26,7 @@ import java.util.logging.LogRecord;
*
* The LogRecord is mapped as attributes:
*
- * time: the log record timestamp
+ * time: the log record timestamp, with the default format as {@code
-MM-dd'T'HH:mm:ss.SSSX}
* level: the log level
* thread: the current on which the log occurred
* class: the class from which the log originated
@@ -39,6 +40,16 @@ import java.util.logging.LogRecord;
*/
public class JsonFormatter extends OneLineFormatter {
+private static final String DEFAULT_TIME_FORMAT =
"-MM-dd'T'HH:mm:ss.SSSX";
+
+public JsonFormatter() {
+String timeFormat =
LogManager.getLogManager().getProperty(JsonFormatter.class.getName() +
".timeFormat");
+if (timeFormat == null) {
+timeFormat = DEFAULT_TIME_FORMAT;
+}
+setTimeFormat(timeFormat);
+}
+
@Override
public String format(LogRecord record) {
StringBuilder sb = new StringBuilder();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Choosing an official language for Tomcat release builds
Rainer,
On 2/10/25 11:11 AM, Rainer Jung wrote:
Am 10.02.25 um 17:02 schrieb Mark Thomas:
On 10/02/2025 13:55, Christopher Schultz wrote:
Assuming we agree that the official releases of Tomcat should have
documentation in English, then I have a further proposal:
+1
- Add "locale" attribute to the tasks in the build with
an explicit locale
+1
For release-managers, I will update the pre-release target to include
javadoc-locale=en_US (or en_GB or just 'en' if we like).
I don't think it matters. Anything that varies (e.g. date format) we
already use an unambiguous form anyway.
In build.properties.default, I will set javadoc-locale to
${user.language}.
I think that is fine since .release takes priority over .default
This should allow anyone downstream to build javadocs in their own
language (either via git clone or pulling the source and removing the
javadoc-locale in build.properties.release) and also users in non-
English default locales to verify a release build.
Now that I've written the above paragraph, it does mean that it's not
trivial for a user to build the javadocs in their own language. I'd
love to hear some suggestions for how to do that with an official
source package. Maybe the "release" target can set the locale
somehow. ATM, the tasks that set up all the properties are
outside any target and apply before any targets get to run, so they
cannot be conditional. We could change that if we want to, though...
build.properties always takes priority so they just need to set a
locale in there.
II agree with everything but note that IMHO at least on Linux the
environment variable LANG takes precedence. I could not build english
javadocs with the javascript locale attribute or user.lang or whatever
Java properties when LANG pointed to a german locale.
Thanks for the clarification.
I'm sorry if you've answered this already, but if you add locale="en" to
the javadoc task:
When I did this with "export LANG=de" on MacOS, I was able to get
English-language javadoc UI. But... I was NOT able to get
German-language javadoc by setting "export LANG=de" and not-specifying
the locale in .
But that might be handled by a build docs notice.
I will retry the experiment when the new props are in.
Try the above and let me know if it works. If LANG continues to take
precedence then we need some other solution.
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 44116] Multiple JSESSIONID handling with overlapping domains does not work
https://bz.apache.org/bugzilla/show_bug.cgi?id=44116 Christopher Schultz changed: What|Removed |Added CC|david.ramblewski@atosorigin | |.com| -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] Replace wine by makensis for Linux and use finalization to sign (un)installer [tomcat]
rainerjung opened a new pull request, #825: URL: https://github.com/apache/tomcat/pull/825 Nullsoft installers for Windows can be produced on Linux using the same NSIS scripts. Of course one needs to install makensis. The other reason for using wine in build.xml was running the temporary installer used to create the uninstaller in order to be able to sign it. But NSIS now allows to define a callback used to sign installer and uninstaller files while creating the installer. So the temporary installer is not needed any more. First tests look good for me, but I am not using the official signing service used by release managers. What is not very nice is, that in tomcat.nsi we are calling ant from inside the tomcat.dist directory. So we have to point it to the directory with the build.xml. I am using ../.. which will break if someone uses a non-default tomcat.dist. Since tomcat.nsi is produced by the version filter, in principal we could patch the path to build.xml into tomcat.nsi, but I didn't find a property containing the absolute basedir path. It would be nice if release managers could test this. I can provide it for the other release branches as well (the patch needs some simple adjustments, because the jsign task uses different attributes in the other branches). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
