https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
youweiwang changed:
What|Removed |Added
Version|5.5.27 |5.5.28
--
Configure bugmail: https:/
https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
youweiwang changed:
What|Removed |Added
Version|5.5.23 |5.5.27
--
Configure bugmail: https:/
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "PoweredBy" page has been changed by YoavShapira.
http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=209&rev2=210
--
{{http:
Author: kkolinko
Date: Fri Nov 13 00:50:08 2009
New Revision: 835681
URL: http://svn.apache.org/viewvc?rev=835681&view=rev
Log:
Propose two additional backports for JULI FileHandler series of patches
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
ht
Author: kkolinko
Date: Fri Nov 13 00:19:07 2009
New Revision: 835657
URL: http://svn.apache.org/viewvc?rev=835657&view=rev
Log:
proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=
Try asking this on the Tomcat Users List.
p
On 12/11/2009 23:40, foampile wrote:
i would like to load a singleton type resource WHEN TOMCAT STARTS.
currently, the way i do it, the resource is initialized when it is first
looked up from the context by a client. i understand that i can make a
i would like to load a singleton type resource WHEN TOMCAT STARTS.
currently, the way i do it, the resource is initialized when it is first
looked up from the context by a client. i understand that i can make a
bastardized servlet, which does nothing related to http and is in web.xml
and it load
On Thu, 2009-11-12 at 16:03 -0500, Mark Thomas wrote:
> I've done some more digging and I think I have found what was causing this.
> I'll
> have a fix for trunk shortly and (after some testing) I'll re-propose.
No, what I meant is that, if you want to go the strict route and use '/'
as a separat
Author: kkolinko
Date: Thu Nov 12 22:59:52 2009
New Revision: 835625
URL: http://svn.apache.org/viewvc?rev=835625&view=rev
Log:
Remove svn:mergeinfo added in rev.833536
Modified:
tomcat/tc6.0.x/trunk/test/org/apache/catalina/valves/ (props changed)
tomcat/tc6.0.x/trunk/test/org/apache/c
Author: kkolinko
Revision: 833535
Modified property: svn:log
Modified: svn:log at Thu Nov 12 22:57:16 2009
--
--- svn:log (original)
+++ svn:log Thu Nov 12 22:57:16 2009
@@ -0,0 +1 @@
+Implement Remote IP Valve
-
Author: markt
Date: Thu Nov 12 21:36:49 2009
New Revision: 835567
URL: http://svn.apache.org/viewvc?rev=835567&view=rev
Log:
Fix NPEs on startup with relative ordering and provide somewhere to store
results of annotation scanning when that is implemented
Modified:
tomcat/trunk/java/org/apach
Author: markt
Revision: 835552
Modified property: svn:log
Modified: svn:log at Thu Nov 12 21:22:42 2009
--
--- svn:log (original)
+++ svn:log Thu Nov 12 21:22:42 2009
@@ -0,0 +1,2 @@
+Make handling of / as a separator cons
Author: markt
Date: Thu Nov 12 21:19:09 2009
New Revision: 835552
URL: http://svn.apache.org/viewvc?rev=835552&view=rev
Log: (empty)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
URL:
http:
On 12.11.2009 21:31, Mladen Turk wrote:
> On 12/11/09 21:17, Rainer Jung wrote:
>> On 12.11.2009 17:39, Mladen Turk wrote:
>>> Well even OpenSSL folks admitted that 0.9.8l wrongly approached
>>> dealing to that issue. They even removed the
>>> SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag from
Mark Thomas wrote:
> Remy Maucherat wrote:
>> On Wed, 2009-11-11 at 16:45 -0500, Mark Thomas wrote:
>>> I really do loath cookies right now. I've pulled the proposed patches for
>>> 5.5.x
>>> and 6.0.x until I (or someone else) can take a look at this.
>> I do too. v0 cookies is 15 years old stuff
On 12/11/09 21:17, Rainer Jung wrote:
On 12.11.2009 17:39, Mladen Turk wrote:
Well even OpenSSL folks admitted that 0.9.8l wrongly approached
dealing to that issue. They even removed the
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag from the 0.9.8 branch
and now they use SSL_OP_ALLOW_UNSAFE_
Remy Maucherat wrote:
> On Wed, 2009-11-11 at 16:45 -0500, Mark Thomas wrote:
>> I really do loath cookies right now. I've pulled the proposed patches for
>> 5.5.x
>> and 6.0.x until I (or someone else) can take a look at this.
>
> I do too. v0 cookies is 15 years old stuff that Netscape hacked o
Thomas,
please do not cross-post. The discussion is pretty well going on on your
post on the users list. See the latest answers you got on your posted
test case and logs, which show that for this specific test your request
to JBoss didn't return a PDF document, but instead an html snippet.
Please
On 12.11.2009 17:39, Mladen Turk wrote:
> Well even OpenSSL folks admitted that 0.9.8l wrongly approached
> dealing to that issue. They even removed the
> SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag from the 0.9.8 branch
> and now they use SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION using
> diff
Author: markt
Date: Thu Nov 12 19:53:49 2009
New Revision: 835516
URL: http://svn.apache.org/viewvc?rev=835516&view=rev
Log:
Make TODO comments consistent to make them easier to find
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catali
https://issues.apache.org/bugzilla/show_bug.cgi?id=48097
Konstantin Kolinko changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|F
https://issues.apache.org/bugzilla/show_bug.cgi?id=48158
--- Comment #5 from Ralf Hauser 2009-11-12 09:52:53 UTC ---
(In reply to comment #3)
> > Couldn't you make this an optional server.xml attribute
> See the "clientAuth" connector attribute for options already available for
> limiting server
Author: markt
Date: Thu Nov 12 17:29:00 2009
New Revision: 835460
URL: http://svn.apache.org/viewvc?rev=835460&view=rev
Log:
Servlet 3 implementation.
- Add support for relative fragment ordering and some test cases
- Re-order fragment and annotation processing to match spec
- Implement login/logo
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "PoweredBy" page has been changed by ShadiSaba.
http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=208&rev2=209
--
[[http://
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "PoweredBy" page has been changed by ShadiSaba.
http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=207&rev2=208
--
{{http://
https://issues.apache.org/bugzilla/show_bug.cgi?id=48158
--- Comment #4 from Ralf Hauser 2009-11-12 08:59:24 UTC ---
see also http://marc.info/?t=12576133601&r=1&w=2
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because:
On 12/11/09 17:25, Filip Hanik - Dev Lists wrote:
Note. Don't use 0.9.8l for testing cause that bugger will
block on renegotiation until socket timeout.
This is actually not so bad. Since it's so easy to achieve the same DoS
by simply sending a partial POST body, or partial GET request, and you
On 11/12/2009 04:34 AM, Mladen Turk wrote:
Hi,
Just made the fix by modifying the mod_ssl patch
so that connection gets closed on R.
Problem with OpenSSL 0.9.8l that it has renegotiation
disabled and that it gets blocked in 'R' thus making
it a potential DoS (much worse then actual R) so
I'd su
Author: kkolinko
Date: Thu Nov 12 15:13:30 2009
New Revision: 835411
URL: http://svn.apache.org/viewvc?rev=835411&view=rev
Log:
vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=8354
Author: kkolinko
Date: Thu Nov 12 15:01:56 2009
New Revision: 835404
URL: http://svn.apache.org/viewvc?rev=835404&view=rev
Log:
vote and proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS
On 12/11/09 12:34, Mladen Turk wrote:
I'd suggest we don't use it and create immediate release
of 1.1.18 with the fix.
BTW, released 1.1.17 reports as 1.1.17-dev ;)
RM forgot to update the version before tagging
So yet another reason for 1.1.18
Regards
--
^TM
Author: mturk
Date: Thu Nov 12 13:46:19 2009
New Revision: 835381
URL: http://svn.apache.org/viewvc?rev=835381&view=rev
Log:
Current SVN version is 1.1.18-dev
Modified:
tomcat/native/branches/1.1.x/native/include/tcn_version.h
Modified: tomcat/native/branches/1.1.x/native/include/tcn_version
Author: kkolinko
Date: Thu Nov 12 11:51:56 2009
New Revision: 835351
URL: http://svn.apache.org/viewvc?rev=835351&view=rev
Log:
vote
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=8353
Author: kkolinko
Date: Thu Nov 12 11:45:10 2009
New Revision: 835349
URL: http://svn.apache.org/viewvc?rev=835349&view=rev
Log:
Try to correct Peter's changelog entry of r.834790
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.x
Hi,
Just made the fix by modifying the mod_ssl patch
so that connection gets closed on R.
Problem with OpenSSL 0.9.8l that it has renegotiation
disabled and that it gets blocked in 'R' thus making
it a potential DoS (much worse then actual R) so
I'd suggest we don't use it and create immediate r
I newly installed the mod_jk 1.2.28 and since then got problem (see below).
I have a web application which is deployed on Jboss. One of the function of
this web-app is: You can click a button (such as 'Generate Report') on
client to submit a request for generating a PDF-report. The generation of
Author: mturk
Date: Thu Nov 12 11:27:50 2009
New Revision: 835340
URL: http://svn.apache.org/viewvc?rev=835340&view=rev
Log:
Propose renegotiation fix backport
Modified:
tomcat/native/branches/1.1.x/STATUS.txt
Modified: tomcat/native/branches/1.1.x/STATUS.txt
URL:
http://svn.apache.org/view
Author: kkolinko
Date: Thu Nov 12 11:25:02 2009
New Revision: 835337
URL: http://svn.apache.org/viewvc?rev=835337&view=rev
Log:
votes
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=835
Author: kkolinko
Date: Thu Nov 12 11:20:43 2009
New Revision: 835336
URL: http://svn.apache.org/viewvc?rev=835336&view=rev
Log:
Followup to r.817822 and r.833545
You have to specify explicit encoding in a fixcrlf task
Modified:
tomcat/trunk/dist.xml
Modified: tomcat/trunk/dist.xml
URL:
http
Author: mturk
Date: Thu Nov 12 11:17:44 2009
New Revision: 835335
URL: http://svn.apache.org/viewvc?rev=835335&view=rev
Log:
Actually abort the connection in case of RENEG_ABORT.
Modified:
tomcat/native/trunk/native/src/sslnetwork.c
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL:
Author: mturk
Date: Thu Nov 12 10:29:34 2009
New Revision: 835322
URL: http://svn.apache.org/viewvc?rev=835322&view=rev
Log:
Port mod_ssl fix for CVE-2009-3555
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/na
https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
--- Comment #13 from youweiwang 2009-11-12 00:05:07
UTC ---
You can add this config option to the file "catalina.properties" which is in
the directory of "%tomcat_home%/conf",as follows:
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAP
42 matches
Mail list logo
