Re: DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

Hi, I think turning them on is already in the FAQ, thankfully ;) Maybe we'll do a 5.5.13 release next week? Yoav --- Tim Funk <[EMAIL PROTECTED]> wrote: > Turning off directory listings by default is a good security practice. I only > > wait for the all the tomcat user questions of how to turn

Re: DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

Turning off directory listings by default is a good security practice. I only wait for the all the tomcat user questions of how to turn it on instead of off ;) -Tim Mark Thomas wrote: --- Additional Comments From [EMAIL PROTECTED] 2005-11-08 23:45 --- (In reply to comment #5) The ab

DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

Mark Thomas wrote: Looking at the profiler output, I agree that this will always be slow. Closer inspection shows that at best I could reduce the time spent generating the listing by about a third. Not enough to make a major difference to this case. Therefore, a warning in the docs is called

Re: DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

--- Additional Comments From [EMAIL PROTECTED] 2005-11-08 23:45 --- (In reply to comment #5) The abstraction layer will make directory listings expensive (actually, directory listings in Java are going to be expensive regardless), so I don't see how this can be optimized. Looking at the

DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: svn commit: r331870 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java

Mark Thomas wrote: Remy Maucherat wrote: It's a directory listing, how can this be fast, or even useful besides for casual users ? At the moment, directory listings with large numbers of entries = DOS threat. Whatever we do, this is a valid security issue and we need to deal with it. Ver

Re: svn commit: r331870 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java

Remy Maucherat wrote: It's a directory listing, how can this be fast, or even useful besides for casual users ? At the moment, directory listings with large numbers of entries = DOS threat. Whatever we do, this is a valid security issue and we need to deal with it. I think I can optimise th

DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: svn commit: r331870 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java

Mark Thomas wrote: Remy Maucherat wrote: [EMAIL PROTECTED] wrote: Author: markt Date: Tue Nov 8 11:32:28 2005 New Revision: 331870 URL: http://svn.apache.org/viewcvs?rev=331870&view=rev Log: Simple part of fix for bug 37150 based on profiler output. Doesn't fix the major culprit. Needs mor

DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: svn commit: r331870 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: Author: markt Date: Tue Nov 8 11:32:28 2005 New Revision: 331870 URL: http://svn.apache.org/viewcvs?rev=331870&view=rev Log: Simple part of fix for bug 37150 based on profiler output. Doesn't fix the major culprit. Needs more work. This bug r

Re: svn commit: r331870 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java

[EMAIL PROTECTED] wrote: Author: markt Date: Tue Nov 8 11:32:28 2005 New Revision: 331870 URL: http://svn.apache.org/viewcvs?rev=331870&view=rev Log: Simple part of fix for bug 37150 based on profiler output. Doesn't fix the major culprit. Needs more work. This bug report is nonsense ... Ré

DO NOT REPLY [Bug 37150] - denial of service on many and long requests on v5.5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r331870 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java

Author: markt Date: Tue Nov 8 11:32:28 2005 New Revision: 331870 URL: http://svn.apache.org/viewcvs?rev=331870&view=rev Log: Simple part of fix for bug 37150 based on profiler output. Doesn't fix the major culprit. Needs more work. Modified: tomcat/container/tc5.5.x/catalina/src/share/org/

svn commit: r331869 - /tomcat/container/tc5.5.x/webapps/docs/building.xml

Author: markt Date: Tue Nov 8 11:29:05 2005 New Revision: 331869 URL: http://svn.apache.org/viewcvs?rev=331869&view=rev Log: Update building docs for SVN. Modified: tomcat/container/tc5.5.x/webapps/docs/building.xml Modified: tomcat/container/tc5.5.x/webapps/docs/building.xml URL: http://s

DO NOT REPLY [Bug 37410] New: - jsp: implicit object pageContext not AVAILABLE in scriptlet

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 37407] New: - file descriptor leak in jasper

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 27371] - java.lang.ThreadDeath caused by log4j when reloading Tomcat app

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

[ANN] Apache Tomcat mod_jk 1.2.15 Web Server Connector released

The Apache Tomcat team is pleased to announce the release of version 1.2.15 of the Apache Tomcat mod_jk web server connector. Tomcat is the reference implementation of a web application server which implements the Java Servlet and JavaServer Pages specifications. mod_jk is a connector which allo

svn commit: r331756 - in /tomcat/connectors/trunk/jk/xdocs: index.xml news/20050101.xml

Author: mturk Date: Tue Nov 8 01:40:10 2005 New Revision: 331756 URL: http://svn.apache.org/viewcvs?rev=331756&view=rev Log: Update docc to 1.2.15 release Modified: tomcat/connectors/trunk/jk/xdocs/index.xml tomcat/connectors/trunk/jk/xdocs/news/20050101.xml Modified: tomcat/connectors/

svn commit: r331751 - in /tomcat/site/trunk: docs/download-connectors.html xdocs/download-connectors.xml

Author: mturk Date: Tue Nov 8 01:20:51 2005 New Revision: 331751 URL: http://svn.apache.org/viewcvs?rev=331751&view=rev Log: Update download-connectors for 1.2.15 release. Modified: tomcat/site/trunk/docs/download-connectors.html tomcat/site/trunk/xdocs/download-connectors.xml Modified: