Rainer Jung wrote:
On 06.03.2009 13:32, Mladen Turk wrote:
For the rest it's simply too much to cope in a single email ;)
I put the force recovery fix and the "else" suggestion in a patch at:
http://people.apache.org/~rjung/mod_jk-dev/patches/local_states.patch
Everything apart from Hunk num
Author: mturk
Date: Sat Mar 7 07:18:08 2009
New Revision: 751213
URL: http://svn.apache.org/viewvc?rev=751213&view=rev
Log:
Retun protocol error from ajp get message.
This allows to make difference weather we got something from the server or the
nothing at all.
Modified:
tomcat/connectors/tr
Author: mturk
Date: Sat Mar 7 06:46:30 2009
New Revision: 751204
URL: http://svn.apache.org/viewvc?rev=751204&view=rev
Log:
When logging, log the part of the receive that failed
Modified:
tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c
Modified: tomcat/connectors/trunk/jk/native/co
On Fri, 2009-03-06 at 23:32 +, r...@apache.org wrote:
> Author: remm
> Date: Fri Mar 6 23:32:40 2009
> New Revision: 751136
>
> URL: http://svn.apache.org/viewvc?rev=751136&view=rev
> Log:
> - Apache Tomcat 6.0.19.
>
> Added:
> tomcat/tc6.0.x/tags/TOMCAT_6_0_19/ (props changed)
>
Author: remm
Date: Fri Mar 6 23:32:40 2009
New Revision: 751136
URL: http://svn.apache.org/viewvc?rev=751136&view=rev
Log:
- Apache Tomcat 6.0.19.
Added:
tomcat/tc6.0.x/tags/TOMCAT_6_0_19/ (props changed)
- copied from r751135, tomcat/tc6.0.x/trunk/
Propchange: tomcat/tc6.0.x/tags/T
https://issues.apache.org/bugzilla/show_bug.cgi?id=36976
Ian Springer changed:
What|Removed |Added
CC||ian_sprin...@yahoo.com
--
Conf
On 06.03.2009 13:32, Mladen Turk wrote:
For the rest it's simply too much to cope in a single email ;)
I put the force recovery fix and the "else" suggestion in a patch at:
http://people.apache.org/~rjung/mod_jk-dev/patches/local_states.patch
Everything apart from Hunk number 3 and the small
https://issues.apache.org/bugzilla/show_bug.cgi?id=46816
Summary: /status/all fails if using PersistentManager
Product: Tomcat 6
Version: 6.0.18
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Prior
Please take me off this email list
-Original Message-
From: ma...@apache.org [mailto:ma...@apache.org]
Sent: Friday, March 06, 2009 9:29 AM
To: dev@tomcat.apache.org
Subject: svn commit: r750992 - in /tomcat/trunk/java/org/apache/el: ./ lang/
parser/ util/
Author: markt
Date: Fri Mar
Author: markt
Date: Fri Mar 6 17:28:47 2009
New Revision: 750992
URL: http://svn.apache.org/viewvc?rev=750992&view=rev
Log:
Fix svn keywords
Modified:
tomcat/trunk/java/org/apache/el/ExpressionFactoryImpl.java
tomcat/trunk/java/org/apache/el/MethodExpressionImpl.java
tomcat/trunk/jav
On 06.03.2009 18:08, Mark Thomas wrote:
Rainer Jung wrote:
On 06.03.2009 16:24, bugzi...@apache.org wrote:
Mark Thomas changed:
--- Comment #1 from Mark Thomas2009-03-06
07:23:59 PST ---
This is configurable and has been discussed several times on the users
list.
Actually if no one reall
Rainer Jung wrote:
> On 06.03.2009 16:24, bugzi...@apache.org wrote:
>> Mark Thomas changed:
>> --- Comment #1 from Mark Thomas 2009-03-06
>> 07:23:59 PST ---
>> This is configurable and has been discussed several times on the users
>> list.
>
> Actually if no one really knows why this read and
On 06.03.2009 16:24, bugzi...@apache.org wrote:
Mark Thomas changed:
--- Comment #1 from Mark Thomas 2009-03-06 07:23:59 PST ---
This is configurable and has been discussed several times on the users list.
Actually if no one really knows why this read and write back normalized
is useful, ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.0 to 6.0.18
Tomcat 5.5.0 to 5.5.27
Tomcat 4.1.0 to 4.1.39
Description:
The calendar application in th
Author: markt
Date: Fri Mar 6 15:46:49 2009
New Revision: 750947
URL: http://svn.apache.org/viewvc?rev=750947&view=rev
Log:
Updates for CVE-2009-0781
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tom
https://issues.apache.org/bugzilla/show_bug.cgi?id=46815
Petr Sumbera changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALI
https://issues.apache.org/bugzilla/show_bug.cgi?id=46815
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=4
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=39396
--- Comment #6 from Mark Thomas 2009-03-06 07:21:40 PST ---
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receivi
https://issues.apache.org/bugzilla/show_bug.cgi?id=39013
--- Comment #5 from Mark Thomas 2009-03-06 07:21:19 PST ---
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receivi
sounds pretty straight forward to me, remove most of the test
basically
1. set regular soTimeout (connectionTimeout)
-- loop starts here--
2. read the request line and headers
3. check disableupload, if set to true, increase soTimeout to what ever
we use
4. At the end of the request, if user sp
Author: markt
Date: Fri Mar 6 14:57:04 2009
New Revision: 750928
URL: http://svn.apache.org/viewvc?rev=750928&view=rev
Log:
Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.
Modified:
tomcat/container/tc5.5.x/webapps/docs/cha
Author: markt
Date: Fri Mar 6 14:55:45 2009
New Revision: 750927
URL: http://svn.apache.org/viewvc?rev=750927&view=rev
Log:
Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.
Modified:
tomcat/container/branches/tc4.1.x/RELEASE
Author: markt
Date: Fri Mar 6 14:49:58 2009
New Revision: 750924
URL: http://svn.apache.org/viewvc?rev=750924&view=rev
Log:
Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
https://issues.apache.org/bugzilla/show_bug.cgi?id=38570
--- Comment #6 from Mark Thomas 2009-03-06 06:47:54 PST ---
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receivi
Author: markt
Date: Fri Mar 6 14:46:47 2009
New Revision: 750921
URL: http://svn.apache.org/viewvc?rev=750921&view=rev
Log:
Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.
Modified:
tomcat/trunk/webapps/examples/jsp/cal/cal
Author: markt
Date: Fri Mar 6 14:43:19 2009
New Revision: 750920
URL: http://svn.apache.org/viewvc?rev=750920&view=rev
Log:
Make logging easier to configure
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/bin/catalina.bat
tom
Rainer Jung wrote:
On 06.03.2009 14:19, Mladen Turk wrote:
JkMount /foo aw
JkMount /bar aw
Now, if /bar is slow and gets timeout it would mean that
/foo will be banned as well (although it might work perfectly)
But I see your point. Since configured it should be banned
immediately. However th
Author: markt
Date: Fri Mar 6 14:35:11 2009
New Revision: 750919
URL: http://svn.apache.org/viewvc?rev=750919&view=rev
Log:
Vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=750919&
Author: markt
Date: Fri Mar 6 14:34:44 2009
New Revision: 750918
URL: http://svn.apache.org/viewvc?rev=750918&view=rev
Log:
UseHttpOnly is a cookie attribute. Our Manager is cookie agnostic, hence the
attribute might serve a better purpose being implemented at the Context level.
This also allow
Author: markt
Date: Fri Mar 6 14:27:56 2009
New Revision: 750916
URL: http://svn.apache.org/viewvc?rev=750916&view=rev
Log:
Fix error in 2.5 web.xml XSD
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/javax/servlet/resources
Author: markt
Date: Fri Mar 6 14:25:36 2009
New Revision: 750915
URL: http://svn.apache.org/viewvc?rev=750915&view=rev
Log:
Fix spelling errors
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/javax/servlet/resources/web-app_
Folks,
https://issues.apache.org/bugzilla/show_bug.cgi?id=4 highlighted
some issues that have now been fixed. In commenting on the fix, Bill said:
The original was an optimization to not keep setting the timeout to the
same value if we haven't changed it. Of course it is broken, but a
bette
https://issues.apache.org/bugzilla/show_bug.cgi?id=46815
Summary: Tomcat user database file - permission problem on Unix
systems
Product: Tomcat 6
Version: 6.0.18
Platform: All
OS/Version: Solaris
Status: NEW
Author: markt
Date: Fri Mar 6 14:13:05 2009
New Revision: 750911
URL: http://svn.apache.org/viewvc?rev=750911&view=rev
Log:
Use ThreadLocal rather than syncs for DateFormat to prevent potential
bottleneck in cookie creation
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.
Author: markt
Date: Fri Mar 6 14:10:06 2009
New Revision: 750909
URL: http://svn.apache.org/viewvc?rev=750909&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4
keepAliveTimeout should be used regardless of setting of disableUploadTimeout
Discussion on best long term solut
Author: markt
Date: Fri Mar 6 14:04:54 2009
New Revision: 750908
URL: http://svn.apache.org/viewvc?rev=750908&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39396
Don't include TRACEE in OPTIONS response unless we know it hasn't been disabled
in the connector
Modified:
Author: markt
Date: Fri Mar 6 14:01:51 2009
New Revision: 750905
URL: http://svn.apache.org/viewvc?rev=750905&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39013
When testing for invalid docBase, test for an exact match with the appBase dir
Modified:
tomcat/tc6.0.x/tru
Author: markt
Date: Fri Mar 6 13:59:14 2009
New Revision: 750901
URL: http://svn.apache.org/viewvc?rev=750901&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38570
When checking docBase against appBase, make sure we check for an exact match
against the appBase
Modified:
Author: rjung
Date: Fri Mar 6 13:58:41 2009
New Revision: 750900
URL: http://svn.apache.org/viewvc?rev=750900&view=rev
Log:
Set global worker state of an lb member to error
when we reach max_reply_timeouts, or
fail_on_status triggered a hard error.
Modified:
tomcat/connectors/trunk/jk/native
Author: markt
Date: Fri Mar 6 13:56:37 2009
New Revision: 750899
URL: http://svn.apache.org/viewvc?rev=750899&view=rev
Log:
Backport jfclere's NCDFE fix from trunk
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/t
On 06.03.2009 14:19, Mladen Turk wrote:
Rainer Jung wrote:
On 06.03.2009 13:32, Mladen Turk wrote:
Rainer Jung wrote:
All this should never touch the global state
if there are live connections.
Let the live connection decides for itself when it gets serviced.
Anything else is just plain 'gue
Author: markt
Date: Fri Mar 6 13:51:53 2009
New Revision: 750895
URL: http://svn.apache.org/viewvc?rev=750895&view=rev
Log:
Handle session suffix rewrite at JvmRouteBinderValve with parallel requests
from same client.
Port of pero's change in trunk.
Modified:
tomcat/tc6.0.x/trunk/ (props
On 06.03.2009 14:19, Mladen Turk wrote:
Rainer Jung wrote:
On 06.03.2009 13:32, Mladen Turk wrote:
Huge one Rainer ;)
I know, but I went through it in depth.
Rainer Jung wrote:
We have three busy counters:
a) one for the lb in total
b) one for each lb sub
c) one for each ajp worker
In s
Author: jim
Date: Fri Mar 6 13:31:55 2009
New Revision: 750888
URL: http://svn.apache.org/viewvc?rev=750888&view=rev
Log:
Some backlogged (some significantly backlogged) votes
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/vie
Rainer Jung wrote:
On 06.03.2009 13:32, Mladen Turk wrote:
Huge one Rainer ;)
I know, but I went through it in depth.
Rainer Jung wrote:
We have three busy counters:
a) one for the lb in total
b) one for each lb sub
c) one for each ajp worker
In status worker we use only a) and c). In lb
On 06.03.2009 13:32, Mladen Turk wrote:
Huge one Rainer ;)
I know, but I went through it in depth.
Rainer Jung wrote:
We have three busy counters:
a) one for the lb in total
b) one for each lb sub
c) one for each ajp worker
In status worker we use only a) and c). In lb we use a) and b). Y
Huge one Rainer ;)
Rainer Jung wrote:
We have three busy counters:
a) one for the lb in total
b) one for each lb sub
c) one for each ajp worker
In status worker we use only a) and c). In lb we use a) and b). Your
comment to BZ 46808 seems to indicate, that using c) instead ob b) in lb
would
https://issues.apache.org/bugzilla/show_bug.cgi?id=46808
--- Comment #5 from Rainer Jung 2009-03-06 03:56:54
PST ---
Did you actually use prepose cping/cpong and socket_connect_timeout to keep
latency of error detection low for the two cases "already connected" and "new
connection"? If so,
On 06.03.2009 09:22, Mladen Turk wrote:
BZ 46808 is valid but it brings us back where we were before.
It solves (well doesn't actually) one thing,
but breaks the sticky sessions.
Unless the patch reliably detects the cause of failure
I'm -1 for committing that. The problem is that returned
codes
I'll bring that to dev list ...
bugzi...@apache.org wrote:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46808
--- Comment #4 from Rainer Jung 2009-03-06 00:13:55
PST ---
So having the "new" busy in shm is on purpose, and we have three of those:
a) one for the lb in total
b) one fo
Rainer Jung wrote:
On 06.03.2009 08:39, Mladen Turk wrote:
Can you cc the dist files to your people's dir as well
Did that:
http://people.apache.org/~rjung/mod_jk-dev/
OK, I'll build the bins from there
But as described above, it would be nice to first check BZ 46808 before
building bi
https://issues.apache.org/bugzilla/show_bug.cgi?id=46808
--- Comment #4 from Rainer Jung 2009-03-06 00:13:55
PST ---
So having the "new" busy in shm is on purpose, and we have three of those:
a) one for the lb in total
b) one for each lb sub
c) one for each ajp worker
b) and c) are very l
https://issues.apache.org/bugzilla/show_bug.cgi?id=46808
--- Comment #3 from Mladen Turk 2009-03-06 00:06:07 PST ---
Right the problem here is that we don't know weather
the failed connection to backend was caused by Tomcat
rejecting the connection because too busy or someone pulled
the cabl
54 matches
Mail list logo
