https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
--- Comment #5 from Konstantin Kolinko 2011-03-25
18:53:19 EDT ---
It must be reminded that bugzilla is an inappropriate place to report security
issues. See
http://tomcat.apache.org/security.html
--
Configure bugmail: https://issues.ap
https://issues.apache.org/bugzilla/show_bug.cgi?id=50975
Summary: IIS connector times out on Transfer Encoded content,
never sending the chunked content
Product: Tomcat Connectors
Version: unspecified
Platform: PC
Status: N
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
--- Comment #4 from Konstantin Kolinko 2011-03-25
18:45:16 EDT ---
(In reply to comment #3)
> You asked for the complete stack.
The stack trace is still incomplete. What calls the last line in your comment
(below)? - where the ObjectOutpu
Author: markt
Date: Fri Mar 25 21:59:07 2011
New Revision: 1085574
URL: http://svn.apache.org/viewvc?rev=1085574&view=rev
Log:
Don't register Contexts that fail to start with the Mapper.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/MapperListener.java
tomcat/trunk/webapps/doc
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #23 from Mark Thomas 2011-03-25 15:18:08 EDT ---
Doh. I missed the javadoc completely. My bad. I'll take a look over the weekend
and get back to you.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=e
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #22 from Michael Osipov <1983-01...@gmx.net> 2011-03-25 15:07:45
EDT ---
(In reply to comment #21)
> I'm looking at this now and currently trying to figure out the additional
> configuration required (JAAS, keytab, etc). Any not
Author: markt
Date: Fri Mar 25 18:18:35 2011
New Revision: 1085502
URL: http://svn.apache.org/viewvc?rev=1085502&view=rev
Log:
Add another non-Java J2SE package. This is required for SPNEGO support.
Modified:
tomcat/trunk/res/checkstyle/org-import-control.xml
Modified: tomcat/trunk/res/check
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #21 from Mark Thomas 2011-03-25 13:59:58 EDT ---
I'm looking at this now and currently trying to figure out the additional
configuration required (JAAS, keytab, etc). Any notes you can provide that
would save me from figuring st
That's really cool, Mark. I'm glad you're doing this.
I know we all have our doubts about scanning tools like this. But my
main issue with them is always so many false positives that it feels
hopeless. You seem to have fixed that.
Thanks,
Yoav
On Fri, Mar 25, 2011 at 8:22 AM, Mark Thomas
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
--- Comment #3 from Ronald Klop 2011-03-25 12:53:38 EDT ---
You asked for the complete stack.
Mar 25, 2011 5:35:17 PM org.apache.catalina.ha.session.DeltaManager
requestCompleted
SEVERE: Unable to serialize delta request for sessionid
[F9D6
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
Ronald Klop changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|WORKSFOR
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
--- Comment #2 from Ronald Klop 2011-03-25 12:51:55 EDT ---
Created an attachment (id=26798)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26798)
server.xml and context to reproduce the issue
If you set up a cluster and ask fo
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
--- Comment #4 from Volker Leidl 2011-03-25 12:50:50 EDT
---
I'm using 5.5, but that wasn't the point. Never mind, I'm obviously wasting my
time here.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
-
On 25 March 2011 11:20, wrote:
> Author: markt
> Date: Fri Mar 25 11:20:50 2011
> New Revision: 1085323
>
> URL: http://svn.apache.org/viewvc?rev=1085323&view=rev
> Log:
> Remove call to System.exit() reported by Veracode and related code clean-up
Again, I thought Findbugs checks for System.exit
On 25 March 2011 09:55, wrote:
> Author: markt
> Date: Fri Mar 25 09:55:29 2011
> New Revision: 1085303
>
> URL: http://svn.apache.org/viewvc?rev=1085303&view=rev
> Log:
> Fix string comparison - reported by Veracode
Findbugs does not catch that?
> Modified:
> tomcat/trunk/java/org/apache/ca
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
Volker Leidl changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
I received notification that Veracode had scanned Tomcat 7.0.11 today. I
thought folks would be interested in the results (committers can request
an account to get access to the full details).
Of the 33 flaws reported:
- 1 was a coding error (fixed in r1085303)
- 1 unnecessary call to System.exit(
Author: markt
Date: Fri Mar 25 12:20:39 2011
New Revision: 1085346
URL: http://svn.apache.org/viewvc?rev=1085346&view=rev
Log:
Securely seed the SecureRandom instance used for UUID generation and report
excessive creation time (greater than 100ms) at INFO level.
Added:
tomcat/trunk/java/org/
Author: markt
Date: Fri Mar 25 11:58:51 2011
New Revision: 1085340
URL: http://svn.apache.org/viewvc?rev=1085340&view=rev
Log:
No need to specify a default
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Author: markt
Date: Fri Mar 25 11:53:36 2011
New Revision: 1085338
URL: http://svn.apache.org/viewvc?rev=1085338&view=rev
Log:
No need to specify a default
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/n
Author: markt
Date: Fri Mar 25 11:50:27 2011
New Revision: 1085336
URL: http://svn.apache.org/viewvc?rev=1085336&view=rev
Log:
Include the seed time when calculating the time taken to create SecureRandom
instances for session ID generation, report excessive times (greater than
100ms) at INFO lev
Author: markt
Date: Fri Mar 25 11:20:50 2011
New Revision: 1085323
URL: http://svn.apache.org/viewvc?rev=1085323&view=rev
Log:
Remove call to System.exit() reported by Veracode and related code clean-up
Modified:
tomcat/trunk/java/org/apache/catalina/mbeans/GroupMBean.java
tomcat/trunk/ja
Author: markt
Date: Fri Mar 25 10:11:06 2011
New Revision: 1085304
URL: http://svn.apache.org/viewvc?rev=1085304&view=rev
Log:
Update ignores
Modified:
tomcat/taglibs/taglibs-parent/trunk/ (props changed)
Propchange: tomcat/taglibs/taglibs-parent/trunk/
Author: markt
Date: Fri Mar 25 09:55:29 2011
New Revision: 1085303
URL: http://svn.apache.org/viewvc?rev=1085303&view=rev
Log:
Fix string comparison - reported by Veracode
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified: tomcat/trunk/java/org/apache/catali
On 23/01/2011 20:41, Jeremy Boynes wrote:
> The only bug remaining that impact the JSTL libraries is #46052 (locale
> performance on 1.6). Henri suggested releasing in its current form which
> sounds reasonable. Should we release this as 1.2.0? Is this a good version
> number - should we use som
26 matches
Mail list logo
