Re: Java 8 compatibility for Tomcat 7

Le 11/04/2014 01:19, Mark Thomas a écrit : > I spoke with Filip at ApacheCon. This is meant to be an internal API > so the refactoring should be safe. > > I've done the back-port and fixed a handful of IDE warnings while I > was at it. Thank you Mark. Do you think this could be backported to Tom

svn commit: r1586578 - /tomcat/jk/trunk/native/common/jk_connect.c

Author: mturk Date: Fri Apr 11 05:56:38 2014 New Revision: 1586578 URL: http://svn.apache.org/r1586578 Log: Ensure that we use port buffer with getaddrinfo call Modified: tomcat/jk/trunk/native/common/jk_connect.c Modified: tomcat/jk/trunk/native/common/jk_connect.c URL: http://svn.apache.o

Re: svn commit: r1585657 - /tomcat/jk/trunk/native/common/jk_connect.c

On 04/10/2014 09:57 PM, Konstantin Kolinko wrote: 2014-04-08 11:52 GMT+04:00 : Author: mturk Date: Tue Apr 8 07:52:56 2014 New Revision: 1585657 URL: http://svn.apache.org/r1585657 Log: Use port when calling getaddrinfo and skip bogus addresses Modified: tomcat/jk/trunk/native/common/jk

[Bug 56383] Securing ErrorReportValve

https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Nick Bunn changed: What|Removed |Added Attachment #31507|0 |1 is obsolete|

Re: Tomcat 6 timing of next release

2014-04-11 3:57 GMT+04:00 Mark Thomas : > The various backports have now been applied. It makes sense to wait for > the 1.1.30 release to pick up the OpenSSL fix for Windows users so I'm > currently planning on tagging this early next week (assuming 1.1.30 is > released). > There is one more Jaspe

Tomcat 6 timing of next release

The various backports have now been applied. It makes sense to wait for the 1.1.30 release to pick up the OpenSSL fix for Windows users so I'm currently planning on tagging this early next week (assuming 1.1.30 is released). Mark ---

svn commit: r1586512 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java

Author: markt Date: Thu Apr 10 23:50:16 2014 New Revision: 1586512 URL: http://svn.apache.org/r1586512 Log: CTR Javadoc Fix warning Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java URL:

svn commit: r1586510 - /tomcat/tc6.0.x/trunk/java/org/apache/el/ValueExpressionImpl.java

Author: markt Date: Thu Apr 10 23:49:00 2014 New Revision: 1586510 URL: http://svn.apache.org/r1586510 Log: CTR Javadoc Fix warning Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/ValueExpressionImpl.java Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/ValueExpressionImpl.java URL: http

svn commit: r1586509 - /tomcat/tc6.0.x/trunk/java/org/apache/el/MethodExpressionImpl.java

Author: markt Date: Thu Apr 10 23:48:33 2014 New Revision: 1586509 URL: http://svn.apache.org/r1586509 Log: CTR Javadoc Fix warning Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/MethodExpressionImpl.java Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/MethodExpressionImpl.java URL: ht

svn commit: r1586501 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/tomcat/util/descriptor/LocalResolver.java java/org/apache/tomcat/util/descriptor/XmlIdentifiers.java webapps/docs/changelog.

Author: markt Date: Thu Apr 10 23:25:06 2014 New Revision: 1586501 URL: http://svn.apache.org/r1586501 Log: Add a work around for validating XML documents (often TLDs) that use just the file name to refer to refer to the JavaEE schema on which they are based. Modified: tomcat/tc6.0.x/trunk/S

svn commit: r1586500 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/ha/context/ java/org/apache/catalina/ha/session/ java/org/apache/catalina/tribes/tipis/ test/org/apache/catalina/tribes/dem

Author: markt Date: Thu Apr 10 23:21:19 2014 New Revision: 1586500 URL: http://svn.apache.org/r1586500 Log: Backport refactoring of AbstractReplicatedMap to implement Map rather than extend ConcurrentHashMap to enable Tomcat 7 to be built with Java 8. Modified: tomcat/tc7.0.x/trunk/ (prop

Re: Java 8 compatibility for Tomcat 7

On 10/04/2014 02:34, Christopher Schultz wrote: > Mark, > > On 4/8/14, 10:55 AM, Mark Thomas wrote: >> On 08/04/2014 06:32, Emmanuel Bourg wrote: >>> Le 08/04/2014 14:03, Mark Thomas a écrit : >>> Can you provide the details of the failure. That might help ID a solution. >>> >>> Thank

[Tomcat Wiki] Update of "summit-na-2014" by KeiichiFujino

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "summit-na-2014" page has been changed by KeiichiFujino: https://wiki.apache.org/tomcat/summit-na-2014?action=diff&rev1=11&rev2=12 * Arquillian tests * Additions to authentica

[Tomcat Wiki] Update of "summit-na-2014" by KeiichiFujino

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "summit-na-2014" page has been changed by KeiichiFujino: https://wiki.apache.org/tomcat/summit-na-2014?action=diff&rev1=10&rev2=11 * mavenization of build * Arquillian tests

svn commit: r1586478 - in /tomcat/trunk: java/org/apache/catalina/webresources/CachedResource.java webapps/docs/changelog.xml

Author: markt Date: Thu Apr 10 22:02:14 2014 New Revision: 1586478 URL: http://svn.apache.org/r1586478 Log: Ensure that the static resource cache is able to detect when a cache entry is invalidated by being overridden by a new resource in a different WebResourceSet Modified: tomcat/trunk/jav

[Tomcat Wiki] Update of "ContributorsGroup" by markt

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by markt: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=19&rev2=20 * PierreJean * GaryBriggs * JeanFredericCle

Re: Please add to ContributorsGroup.

On 10/04/2014 15:43, Keiichi Fujino wrote: > HI > > Please add to the ContributorsGroup in order to edit the Tomcat wiki. > > name: KeiichiFujino > > Done. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For

Please add to ContributorsGroup.

HI Please add to the ContributorsGroup in order to edit the Tomcat wiki. name: KeiichiFujino -- Keiichi.Fujino

Re: svn commit: r1585657 - /tomcat/jk/trunk/native/common/jk_connect.c

2014-04-08 11:52 GMT+04:00 : > Author: mturk > Date: Tue Apr 8 07:52:56 2014 > New Revision: 1585657 > > URL: http://svn.apache.org/r1585657 > Log: > Use port when calling getaddrinfo and skip bogus addresses > > Modified: > tomcat/jk/trunk/native/common/jk_connect.c > > Modified: tomcat/jk/t

Re: [VOTE] Release Apache Tomcat Native 1.1.30

On 04/10/2014 01:50 PM, Mladen Turk wrote: The Apache Tomcat Native 1.1.30 is [X] Stable, go ahead and release [ ] Broken because of ... My vote, FTR. Regards -- ^TM - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apa

NIO2 connector status

Hi, With some fixes in, I think the status is now better than what the "welcome" message says, which is: The NIO2 connector is currently EXPERIMENTAL and should not be used in production In preparation for the next build, I would like to update it to: The NIO2 connector is currently BETA and shou

[Bug 56383] Securing ErrorReportValve

https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 --- Comment #1 from Konstantin Kolinko --- Comment on attachment 31507 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31507 Patch for ErrorReportValve 1. Add getter methods? 2. Expose new attributes via JMX? (Update mbeans-de

[Bug 56383] Securing ErrorReportValve

https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Konstantin Kolinko changed: What|Removed |Added Attachment #31507|0 |1 is patch|

[Bug 56382] Add logging of deployment time

https://issues.apache.org/bugzilla/show_bug.cgi?id=56382 --- Comment #2 from Konstantin Kolinko --- Comment on attachment 31506 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31506 Proposed patch In reply to attachment 31506 > if( log.isInfoEnabled() ) > +startTi

[Bug 55943] Provide a way prevent looking at the System classloader before the webapp classloaders

https://issues.apache.org/bugzilla/show_bug.cgi?id=55943 --- Comment #12 from hifisoftw...@gmail.com --- I was able to figure out the fix. When I added the following line to context.xml file, class loader behaviour was restored: Thanks -- You are receiving this mail because: You are the assign

Re: [VOTE] Release Apache Tomcat Native 1.1.30

On 04/10/2014 05:55 PM, Christopher Schultz wrote: Mladen, On 4/10/14, 9:29 AM, Mladen Turk wrote: On 04/10/2014 03:15 PM, Robert Sanders wrote: Is the TCN portion of BZ 56027 address completely or partially with this release? Nope. This issue was not fixed with this release. The primary t

RE: [VOTE] Release Apache Tomcat Native 1.1.30

I'll concur with Chris for release. WRT BZ 56027 there is no regression. The exposure of the fipsModeGet will be useful moving forward to have the main Tomcat code avoid a double call to initialize SSL, but some one with more understanding of the FIPS requirements that I do should look at how

Re: [VOTE] Release Apache Tomcat Native 1.1.30

On 04/10/2014 05:55 PM, Christopher Schultz wrote: Mladen, On 4/10/14, 9:29 AM, Mladen Turk wrote: On 04/10/2014 03:15 PM, Robert Sanders wrote: Is the TCN portion of BZ 56027 address completely or partially with this release? Nope. This issue was not fixed with this release. The primary t

Re: [VOTE] Release Apache Tomcat Native 1.1.30

2014-04-10 15:50 GMT+04:00 Mladen Turk : > Version 1.1.30 is bug fixing release with added ECDH > if supported by OpenSSL library. > The proposed release artefacts can be found at [1], > and the build was done using tag [2]. > > The VOTE will remain open for at least 48 hours. > > The Apache Tomcat

Re: [VOTE] Release Apache Tomcat Native 1.1.30

Mladen, On 4/10/14, 5:50 AM, Mladen Turk wrote: > Version 1.1.30 is bug fixing release with added ECDH > if supported by OpenSSL library. > The proposed release artefacts can be found at [1], > and the build was done using tag [2]. > > The VOTE will remain open for at least 48 hours. > > The Apa

Re: [VOTE] Release Apache Tomcat Native 1.1.30

Mladen, On 4/10/14, 9:29 AM, Mladen Turk wrote: > On 04/10/2014 03:15 PM, Robert Sanders wrote: >> Is the TCN portion of BZ 56027 address completely or partially with >> this release? > > Nope. This issue was not fixed with this release. The primary tcnative bit was in svn. Did you build 1.1/tru

[Bug 56381] ServletRequest can be modified by Multiple Threads

https://issues.apache.org/bugzilla/show_bug.cgi?id=56381 --- Comment #2 from Remy Maucherat --- Yes, sync if needed + clear the facade objects. This is a long running topic that is well suited for the user list. -- You are receiving this mail because: You are the assignee for the bug.

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #10 from Mladen Turk --- I'll update the BUILDING with windows section since everyone are so concerned of my health :) It's very simple. The biggest problem is compiling apr and openssl. OpenSSL needs to be patched to allow /MD

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #9 from jeffrey.jan...@polydyne.com --- (In reply to Konstantin Kolinko from comment #7) > (In reply to Jeffrey.Janner from comment #6) > > However, the Windows version is statically linked, so we had to wait for > > Mladen to wo

Re: [VOTE] Release Apache Tomcat Native 1.1.30

On 04/10/2014 03:15 PM, Robert Sanders wrote: Is the TCN portion of BZ 56027 address completely or partially with this release? Nope. This issue was not fixed with this release. Regards -- ^TM - To unsubscribe, e-mail: dev-

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #8 from Mike Noordermeer --- (In reply to Konstantin Kolinko from comment #7) > 2. Nobody here works for Microsoft. > > Providing windows binaries is a courtesy and may stop at any random moment. That's good to know, and may b

Re: CVE-2014-0160

Thanks for the response, both of you. On Thu, Apr 10, 2014 at 4:30 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Andrew, > > On 4/8/14, 5:43 PM, Andrew Carr wrote: > > http://www.openssl.org/news/secadv_20140407.txt > > > > Hi Tomcat Devs, > > > > I have been on the dev list f

Re: Tagging Tomcat Native 1.1.30

Nice. On Thu, Apr 10, 2014 at 4:09 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Mladen, > > On 4/9/14, 11:42 PM, Mladen Turk wrote: > > I plan to tag 1.1.30 either later today or tomorrow and > > push for a quick release vote. > > > > Comments? > > Go for it. No bugs in it ca

[Bug 56383] Securing ErrorReportValve

https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Nick Bunn changed: What|Removed |Added CC||thrain...@gmail.com -- You are receiv

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #7 from Konstantin Kolinko --- (In reply to Mike Noordermeer from comment #4) 1. The timing is unfortunate. There is a conference going on right now. Key people are there. http://www.apachecon.com/ Also this bug is where I lea

[Bug 55915] Add ECDHE support to tcnative-1.dll

https://issues.apache.org/bugzilla/show_bug.cgi?id=55915 --- Comment #5 from jeffrey.jan...@polydyne.com --- Wanted to report that the Qualys SSL Labs' SSl test tool is now reporting that, with this version, the ECDHE ciphers are available and will be used by the IE releases that support them (not

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #6 from jeffrey.jan...@polydyne.com --- Thanks to Mladen for his effort on getting this out as fast as he has. The ease with which this problem was addressable on the *NIX platforms leads me to ask if there is a better way of add

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 Mike Noordermeer changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #5 from Mike No

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #4 from Mike Noordermeer --- While I understand that the disclosure process of this bug has been far from optimal, and really appreciate all effort the maintainer(s) spend on this project, a turnaround time of 3 days for such a

RE: [VOTE] Release Apache Tomcat Native 1.1.30

Just tested against a CentOS 6 box configured to be in FIPS mode at boot as per RH's directions and TCN will not start, tossing the same error I saw before in catalina.out: Apr 10, 2014 9:01:19 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to initialize the SSLE

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 Luke Hall changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #3 from Luke Hall

Re: ErrorValve enhancement

Chris, Done (Bug 56383 ). I didn't know if we needed to talk about it first since it was a enhancement. On another note do i need to make another bug for Tomcat 8 or if this one gets excepted it will be ported over? What about documentation?

[Bug 56383] New: Securing ErrorReportValve

https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Bug ID: 56383 Summary: Securing ErrorReportValve Product: Tomcat 7 Version: trunk Hardware: All OS: All Status: NEW Severity: enhancement

svn commit: r1586306 - /tomcat/native/branches/1.1.x/xdocs/news/2014.xml

Author: kkolinko Date: Thu Apr 10 14:01:13 2014 New Revision: 1586306 URL: http://svn.apache.org/r1586306 Log: Followup to r1586254: correct title. Modified: tomcat/native/branches/1.1.x/xdocs/news/2014.xml Modified: tomcat/native/branches/1.1.x/xdocs/news/2014.xml URL: http://svn.apache.or

[Bug 56381] ServletRequest can be modified by Multiple Threads

https://issues.apache.org/bugzilla/show_bug.cgi?id=56381 --- Comment #1 from Jess Holle --- I am perfectly aware that the servlet API makes no guarantees about thread safety of the [Http]ServletRequest interface or implementations thereof. I also understand that providing general thread-safety i

RE: [VOTE] Release Apache Tomcat Native 1.1.30

Is the TCN portion of BZ 56027 address completely or partially with this release? I see the exposure of the FIPS_mode setting, but it looks like the temporary 512 bit RSA key is still being done in the SSL_TMP_KEYS_INIT macro (line 77). When I hacked my workaround eariier this year I had to ma

Re: [VOTE] Release Apache Tomcat Native 1.1.30

On 04/10/2014 02:56 PM, Ognjen Blagojevic wrote: Tested with Tomcat 8.0.5, Oracle Java 1.7.0_51 on Windows 7 64-bit. - Filippo.io [1] reports it is not vulnerable to Heartbleed bug. - SSLLabs [2] reports it is not vulnerable to Heartbleed bug. - SSLLabs reports that Forward secrecy is enabled

Re: [VOTE] Release Apache Tomcat Native 1.1.30

Mladen, On 10.4.2014 13:50, Mladen Turk wrote: The Apache Tomcat Native 1.1.30 is [X] Stable, go ahead and release [ ] Broken because of ... (non-binding) Tested with Tomcat 8.0.5, Oracle Java 1.7.0_51 on Windows 7 64-bit. - Filippo.io [1] reports it is not vulnerable to Heartbleed bug.

[Bug 56382] Add logging of deployment time

https://issues.apache.org/bugzilla/show_bug.cgi?id=56382 --- Comment #1 from Danila Galimov --- Created attachment 31506 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31506&action=edit Proposed patch -- You are receiving this mail because: You are the assignee for the bug. ---

[Bug 56382] New: Add logging of deployment time

https://issues.apache.org/bugzilla/show_bug.cgi?id=56382 Bug ID: 56382 Summary: Add logging of deployment time Product: Tomcat 7 Version: trunk Hardware: All Status: NEW Severity: enhancement Priority: P2

svn commit: r1586282 - /tomcat/jk/trunk/native/common/jk_ajp_common.c

Author: rjung Date: Thu Apr 10 12:37:18 2014 New Revision: 1586282 URL: http://svn.apache.org/r1586282 Log: Followup for r1586044 (broken request chunking). Modified: tomcat/jk/trunk/native/common/jk_ajp_common.c Modified: tomcat/jk/trunk/native/common/jk_ajp_common.c URL: http://svn.apache

Re: [VOTE] Release Apache Tomcat Native 1.1.30

2014-04-10 13:50 GMT+02:00 Mladen Turk : > The Apache Tomcat Native 1.1.30 is > [X] Stable, go ahead and release > [ ] Broken because of ... > Rémy

[Bug 56381] ServletRequest can be modified by Multiple Threads

https://issues.apache.org/bugzilla/show_bug.cgi?id=56381 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[VOTE] Release Apache Tomcat Native 1.1.30

Version 1.1.30 is bug fixing release with added ECDH if supported by OpenSSL library. The proposed release artefacts can be found at [1], and the build was done using tag [2]. The VOTE will remain open for at least 48 hours. The Apache Tomcat Native 1.1.30 is [ ] Stable, go ahead and release [

[Bug 56381] New: ServletRequest can be modified by Multiple Threads

https://issues.apache.org/bugzilla/show_bug.cgi?id=56381 Bug ID: 56381 Summary: ServletRequest can be modified by Multiple Threads Product: Tomcat 8 Version: trunk Hardware: PC Status: NEW Severity: normal Prior

svn commit: r1586266 - /tomcat/native/tags/TOMCAT_NATIVE_1_1_30/

Author: mturk Date: Thu Apr 10 10:36:32 2014 New Revision: 1586266 URL: http://svn.apache.org/r1586266 Log: Tag 1.1.30 Added: tomcat/native/tags/TOMCAT_NATIVE_1_1_30/ (props changed) - copied from r1586265, tomcat/native/branches/1.1.x/ Propchange: tomcat/native/tags/TOMCAT_NATIVE_1_

svn commit: r1586263 - in /tomcat/native/branches/1.1.x: build.properties.default build.xml native/include/tcn_version.h

Author: mturk Date: Thu Apr 10 10:27:08 2014 New Revision: 1586263 URL: http://svn.apache.org/r1586263 Log: Prepare versions for 1.1.30 release Modified: tomcat/native/branches/1.1.x/build.properties.default tomcat/native/branches/1.1.x/build.xml tomcat/native/branches/1.1.x/native/in

svn commit: r1586258 - /tomcat/native/branches/1.1.x/jnirelease.sh

Author: mturk Date: Thu Apr 10 10:19:54 2014 New Revision: 1586258 URL: http://svn.apache.org/r1586258 Log: No more docs/printer files Modified: tomcat/native/branches/1.1.x/jnirelease.sh Modified: tomcat/native/branches/1.1.x/jnirelease.sh URL: http://svn.apache.org/viewvc/tomcat/native/br

svn commit: r1586254 - in /tomcat/native/branches/1.1.x/xdocs: miscellaneous/project.xml news/2014.xml news/project.xml project.xml

Author: mturk Date: Thu Apr 10 10:00:23 2014 New Revision: 1586254 URL: http://svn.apache.org/r1586254 Log: Add year 2014 news section Added: tomcat/native/branches/1.1.x/xdocs/news/2014.xml (with props) Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/project.xml tomcat/n

svn commit: r1586252 - /tomcat/native/branches/1.1.x/java/org/apache/tomcat/

Author: mturk Date: Thu Apr 10 09:47:07 2014 New Revision: 1586252 URL: http://svn.apache.org/r1586252 Log: Update externals Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/ (props changed) Propchange: tomcat/native/branches/1.1.x/java/org/apache/tomcat/ -

[Bug 55399] Request English but Response Spanish Language (Default Locale)

https://issues.apache.org/bugzilla/show_bug.cgi?id=55399 Konstantin Kolinko changed: What|Removed |Added CC||st...@rkbb.co.uk --- Comment

[Bug 56374] Page in wrong language - getting lower rank Accept-Language in request header

https://issues.apache.org/bugzilla/show_bug.cgi?id=56374 Konstantin Kolinko changed: What|Removed |Added Resolution|INVALID |DUPLICATE --- Comment #10 fro

Re: Java 8 compatibility for Tomcat 7

Mark, On 4/8/14, 10:55 AM, Mark Thomas wrote: > On 08/04/2014 06:32, Emmanuel Bourg wrote: >> Le 08/04/2014 14:03, Mark Thomas a écrit : >> >>> Can you provide the details of the failure. That might help ID a solution. >> >> Thank you, here is the build log on Debian: >> >> http://87.98.165.193/de

Re: CVE-2014-0160

Andrew, On 4/8/14, 5:43 PM, Andrew Carr wrote: > http://www.openssl.org/news/secadv_20140407.txt > > Hi Tomcat Devs, > > I have been on the dev list for a few years, and a tomcat developer longer > than that. While I haven't contributed yet, I was curious if this cve > needs a contribution. As

Re: ErrorValve enhancement

Nick, Please file a Bugzilla bug and attach your patch to it. -chris On 4/9/14, 10:36 AM, Nick Bunn wrote: > Good Day, > As i'm sure you are all aware when the default error valve returns its > report it publishes the tomcat version and some other troubleshooting > data. This of course breaks on

Re: Tagging Tomcat Native 1.1.30

Mladen, On 4/9/14, 11:42 PM, Mladen Turk wrote: > I plan to tag 1.1.30 either later today or tomorrow and > push for a quick release vote. > > Comments? Go for it. No bugs in it can be worse than this week's OpenSSL vulnerability. -chris signature.asc Description: OpenPGP digital signature

[Bug 56374] Page in wrong language - getting lower rank Accept-Language in request header

https://issues.apache.org/bugzilla/show_bug.cgi?id=56374 Christopher Schultz changed: What|Removed |Added Resolution|FIXED |INVALID --- Comment #9 from

[Bug 56363] OpenSSL security advisory - Heartbleed bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 --- Comment #2 from Mladen Turk --- Update done and tested. We'll start release process today or tomorrow and new version containing OpenSSL 1.0.1g will be available after VOTE finishes and we create ANN message. I'll close this issue when