[Bug 51698] ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability?

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698 李智 <13813399...@139.com> changed: What|Removed |Added CC||13813399...@139.com --

[GUMP@vmgump]: Project tomcat-trunk (in module tomcat-trunk) failed

To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk has an issue affecting its community integration. This issue

[GUMP@vmgump]: Project tomcat-trunk-validate-eoln (in module tomcat-trunk) failed

To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-validate-eoln has an issue affecting its community integrati

svn commit: r1636781 - in /tomcat/trunk/java/org/apache/tomcat/util/net: DefaultServerSocketFactory.java SSLImplementation.java ServerSocketFactory.java jsse/JSSEImplementation.java jsse/JSSESocketFac

Author: markt Date: Tue Nov 4 23:41:30 2014 New Revision: 1636781 URL: http://svn.apache.org/r1636781 Log: Remove BIo specific JSSE code Removed: tomcat/trunk/java/org/apache/tomcat/util/net/DefaultServerSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/ServerSocketFactory.

svn commit: r1636780 - in /tomcat/trunk/java/org/apache/coyote/http11: Http11AprProtocol.java Http11Nio2Protocol.java Http11NioProtocol.java

Author: markt Date: Tue Nov 4 23:41:24 2014 New Revision: 1636780 URL: http://svn.apache.org/r1636780 Log: Tweak connector names to make it clearer if SSL has been enabled. Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java tomcat/trunk/java/org/apache/coyote/htt

svn commit: r1636779 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java

Author: markt Date: Tue Nov 4 23:41:19 2014 New Revision: 1636779 URL: http://svn.apache.org/r1636779 Log: Switch to testing the NIO/NIO2 approach to using JSSEImplementation Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java Modified: tomcat/trunk/test/

svn commit: r1636778 - /tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java

Author: markt Date: Tue Nov 4 23:41:15 2014 New Revision: 1636778 URL: http://svn.apache.org/r1636778 Log: Reduce the default client timeout and make it easier to configure Modified: tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java Modified: tomcat/trunk/test/org/apache/cat

Re: [VOTE] Release Apache Tomcat 8.0.15

Mark, On 11/3/14 4:51 AM, Mark Thomas wrote: > The proposed Apache Tomcat 8.0.15 release is now available for voting. > > The main changes since 8.0.14 are: > - Add support for RFC6265 cookie parsing and generation. This is > currently disabled by default and may be enabled via the > CookiePr

[Bug 57142] JSP 2.3 & EL 3.0 - %page import directive & EL ImportHandler

https://issues.apache.org/bugzilla/show_bug.cgi?id=57142 --- Comment #6 from Arthur Fiedler --- Thanks Mark. I'll add them tonight -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-m

svn commit: r1636751 - /tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

Author: markt Date: Tue Nov 4 22:00:50 2014 New Revision: 1636751 URL: http://svn.apache.org/r1636751 Log: s/cometNotify/callBackNotify/ since this is not Comet specific Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Modified: tomcat/trunk/java/org/apache/tomcat/uti

svn commit: r1636748 - /tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

Author: markt Date: Tue Nov 4 21:59:03 2014 New Revision: 1636748 URL: http://svn.apache.org/r1636748 Log: Restore "cometNotify" that is part of the callback mechanism used in the async code as well as Comet Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Modified:

svn commit: r1636730 - /tomcat/trunk/java/org/apache/catalina/startup/Tomcat.java

Author: markt Date: Tue Nov 4 20:49:52 2014 New Revision: 1636730 URL: http://svn.apache.org/r1636730 Log: Remove commented out code Modified: tomcat/trunk/java/org/apache/catalina/startup/Tomcat.java Modified: tomcat/trunk/java/org/apache/catalina/startup/Tomcat.java URL: http://svn.apach

[Bug 54618] Add filter implementing HTTP Strict Transport Security (HSTS) [PATCH]

https://issues.apache.org/bugzilla/show_bug.cgi?id=54618 Matafagafo changed: What|Removed |Added CC||matafag...@yahoo.com -- You are rece

svn commit: r1636631 - in /tomcat/trunk/java/org/apache: coyote/http11/ tomcat/util/net/

Author: markt Date: Tue Nov 4 16:13:55 2014 New Revision: 1636631 URL: http://svn.apache.org/r1636631 Log: With removal of BIO, all endpoints support polling Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java tomcat/trunk/java/org/apache/coyote/http11/Abstr

Re: Tomcat 9 work started

Filip, On 11/3/14 10:15 PM, Filip Hanik wrote: > I honestly don't see the value of keeping BIO around. At this point in > time, there can be little else other than an emotional attachment to it. As > mentioned in this thread, the APIs and need for more functionality in the > connectors have render

svn commit: r1636618 - in /tomcat/trunk: ./ java/org/apache/catalina/connector/ java/org/apache/coyote/ java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/ java/org/apache/coyote/http11/upgrade

Author: markt Date: Tue Nov 4 15:53:34 2014 New Revision: 1636618 URL: http://svn.apache.org/r1636618 Log: First pass at removing the BIO code. Some unused/unnecessary code remains and will be removed next. Removed: tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java tomcat/trunk/

svn commit: r1636606 - in /tomcat/trunk/test/org/apache/coyote/http11/filters: TestGzipOutputFilter.java TesterOutputBuffer.java

Author: markt Date: Tue Nov 4 15:25:23 2014 New Revision: 1636606 URL: http://svn.apache.org/r1636606 Log: Simplify Modified: tomcat/trunk/test/org/apache/coyote/http11/filters/TestGzipOutputFilter.java tomcat/trunk/test/org/apache/coyote/http11/filters/TesterOutputBuffer.java Modified:

svn commit: r1636600 - in /tomcat/trunk/test/org/apache/coyote/http11: TestGzipOutputFilter.java filters/TestGzipOutputFilter.java filters/TesterOutputBuffer.java

Author: markt Date: Tue Nov 4 15:10:50 2014 New Revision: 1636600 URL: http://svn.apache.org/r1636600 Log: Remove dependency on BIO OutputBuffer impl Added: tomcat/trunk/test/org/apache/coyote/http11/filters/TestGzipOutputFilter.java - copied, changed from r1636598, tomcat/trunk/test/

svn commit: r1636594 - /tomcat/trunk/test/org/apache/coyote/http11/TestGzipOutputFilter.java

Author: markt Date: Tue Nov 4 14:49:02 2014 New Revision: 1636594 URL: http://svn.apache.org/r1636594 Log: Fix comment typos Modified: tomcat/trunk/test/org/apache/coyote/http11/TestGzipOutputFilter.java Modified: tomcat/trunk/test/org/apache/coyote/http11/TestGzipOutputFilter.java URL: ht

Re: Tomcat 9 work started

On 03/11/2014 22:08, Mark Thomas wrote: > I've been spending the last hour or so looking at our current SPDY > implementation. We are going to have issues there as well. It targets > SPDY/2 which most browsers no longer support. Servlet 4.0 is targeting > HTTP/2 which is going to be roughly SPDY

svn commit: r1636588 - /tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.java

Author: markt Date: Tue Nov 4 14:34:29 2014 New Revision: 1636588 URL: http://svn.apache.org/r1636588 Log: Untested (since SPDY/2 is obsolete and unsupported by current browsers) migration of SPDY proxy from BIO to NIO. Modified: tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.ja

Re: [VOTE] Release Apache Tomcat 8.0.15

[X] Stable - go ahead and release as 8.0.15 Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Tue, Nov 4, 2014 at 3:54 PM, Rémy Maucherat wrote: > 2014-11-03 10:51 GMT+01:00 Mark Thomas : > > > The proposed 8.0.15 release is: > > [ ] Broken - do not release > > [X

svn commit: r1636582 - in /tomcat/trunk: java/org/apache/catalina/session/ManagerBase.java webapps/docs/config/cluster-manager.xml webapps/docs/config/manager.xml

Author: markt Date: Tue Nov 4 14:08:11 2014 New Revision: 1636582 URL: http://svn.apache.org/r1636582 Log: Follow-up to 1636534 Remove additional references to setting session ID length on the Manager. Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java tomcat/trunk/

Re: svn commit: r1636565 - /tomcat/trunk/TOMCAT-NEXT.txt

On 04/11/2014 13:34, Rémy Maucherat wrote: > 2014-11-04 13:48 GMT+01:00 : > >> +11. Reduce instances of setters and getters for the same property >> existing on an >> +object and its parent. This may require new objects to be exposed via >> JMX. > > This sounds like changing the management int

Re: [VOTE] Release Apache Tomcat 8.0.15

2014-11-03 10:51 GMT+01:00 Mark Thomas : > The proposed 8.0.15 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.0.15 > > Rémy

Re: [VOTE] Release Apache Tomcat 8.0.15

On Mon, Nov 3, 2014 at 4:51 AM, Mark Thomas wrote: ... > The proposed 8.0.15 release is: > [ ] Broken - do not release > [ X ] Stable - go ahead and release as 8.0.14 Yee-haw. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apa

Re: svn commit: r1636565 - /tomcat/trunk/TOMCAT-NEXT.txt

2014-11-04 13:48 GMT+01:00 : > +11. Reduce instances of setters and getters for the same property > existing on an > +object and its parent. This may require new objects to be exposed via > JMX. > > This sounds like changing the management interface for a very trivial reason. Rémy

svn commit: r1636565 - /tomcat/trunk/TOMCAT-NEXT.txt

Author: markt Date: Tue Nov 4 12:48:34 2014 New Revision: 1636565 URL: http://svn.apache.org/r1636565 Log: Something else that struck me while looking through the code Modified: tomcat/trunk/TOMCAT-NEXT.txt Modified: tomcat/trunk/TOMCAT-NEXT.txt URL: http://svn.apache.org/viewvc/tomcat/tru

svn commit: r1636563 - /tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java

Author: markt Date: Tue Nov 4 12:40:06 2014 New Revision: 1636563 URL: http://svn.apache.org/r1636563 Log: Remove unused code identified by the UCDetector Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Constants.j

svn commit: r1636558 - /tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java

Author: markt Date: Tue Nov 4 12:27:41 2014 New Revision: 1636558 URL: http://svn.apache.org/r1636558 Log: Remove unused methods identified by the UCDetector Modified: tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java Modified: tomcat/trunk/java/org/apache

svn commit: r1636556 - /tomcat/trunk/java/org/apache/catalina/connector/Request.java

Author: markt Date: Tue Nov 4 12:16:31 2014 New Revision: 1636556 URL: http://svn.apache.org/r1636556 Log: Remove unused methods identified by the UCDetector Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java Modified: tomcat/trunk/java/org/apache/catalina/connector/Requ

svn commit: r1636553 - in /tomcat/trunk: java/org/apache/catalina/comet/ test/org/apache/catalina/comet/ webapps/examples/WEB-INF/classes/chat/ webapps/examples/servlets/chat/

Author: markt Date: Tue Nov 4 12:13:13 2014 New Revision: 1636553 URL: http://svn.apache.org/r1636553 Log: Remove some empty directories git left behind Removed: tomcat/trunk/java/org/apache/catalina/comet/ tomcat/trunk/test/org/apache/catalina/comet/ tomcat/trunk/webapps/examples/WE

svn commit: r1636547 [1/2] - in /tomcat/trunk: ./ conf/ java/org/apache/catalina/ java/org/apache/catalina/comet/ java/org/apache/catalina/connector/ java/org/apache/catalina/core/ java/org/apache/cat

Author: markt Date: Tue Nov 4 11:54:58 2014 New Revision: 1636547 URL: http://svn.apache.org/r1636547 Log: Remove Comet Removed: tomcat/trunk/java/org/apache/catalina/comet/CometEvent.java tomcat/trunk/java/org/apache/catalina/comet/CometFilter.java tomcat/trunk/java/org/apache/catal

svn commit: r1636547 [2/2] - in /tomcat/trunk: ./ conf/ java/org/apache/catalina/ java/org/apache/catalina/comet/ java/org/apache/catalina/connector/ java/org/apache/catalina/core/ java/org/apache/cat

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1636547&r1=1636546&r2=1636547&view=diff =

Re: svn commit: r1636347 - /tomcat/trunk/TOMCAT-NEXT.txt

On 04/11/2014 11:08, Rémy Maucherat wrote: > 2014-11-03 14:16 GMT+01:00 : > >> + 3. Remove Comet support. >> > > Are you actively working on it right now, or is there room for > participation for this item ? I have a commit sat in my local git repo that removes all the Comet stuff. Let me commit

Re: svn commit: r1636347 - /tomcat/trunk/TOMCAT-NEXT.txt

2014-11-03 14:16 GMT+01:00 : > + 3. Remove Comet support. > Are you actively working on it right now, or is there room for participation for this item ? Rémy

svn commit: r1636541 - /tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java

Author: markt Date: Tue Nov 4 11:06:12 2014 New Revision: 1636541 URL: http://svn.apache.org/r1636541 Log: Add getters. Improve Javadoc. Modified: tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java Modified: tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBa

svn commit: r1636537 - /tomcat/trunk/java/org/apache/catalina/Manager.java

Author: markt Date: Tue Nov 4 10:46:57 2014 New Revision: 1636537 URL: http://svn.apache.org/r1636537 Log: Clean-up. No functional change - whitespace fixes - Java8 Javadoc fixes Modified: tomcat/trunk/java/org/apache/catalina/Manager.java Modified: tomcat/trunk/java/org/apache/catalina/M

svn commit: r1636534 - in /tomcat/trunk/java/org/apache/catalina: Manager.java session/ManagerBase.java

Author: markt Date: Tue Nov 4 10:27:47 2014 New Revision: 1636534 URL: http://svn.apache.org/r1636534 Log: Remove deprecated code from Manager interface Modified: tomcat/trunk/java/org/apache/catalina/Manager.java tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Modified:

svn commit: r1636533 - /tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java

Author: markt Date: Tue Nov 4 10:04:32 2014 New Revision: 1636533 URL: http://svn.apache.org/r1636533 Log: Fix a typo Modified: tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java Modified: tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java URL: http://svn.apac

[Bug 57142] JSP 2.3 & EL 3.0 - %page import directive & EL ImportHandler

https://issues.apache.org/bugzilla/show_bug.cgi?id=57142 --- Comment #5 from Mark Thomas --- Those are all good points. Please can you add them to https://java.net/jira/browse/JSP-44 ? -- You are receiving this mail because: You are the assignee for the bug. ---

svn commit: r1636525 - in /tomcat/tc8.0.x/trunk: ./ test/org/apache/tomcat/util/buf/TestUtf8.java

Author: markt Date: Tue Nov 4 09:16:29 2014 New Revision: 1636525 URL: http://svn.apache.org/r1636525 Log: Update UTF-8 test to take account of recent(ish) Java 8 fixes for UTF-8. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/buf/TestU

svn commit: r1636524 - /tomcat/trunk/test/org/apache/tomcat/util/buf/TestUtf8.java

Author: markt Date: Tue Nov 4 09:14:22 2014 New Revision: 1636524 URL: http://svn.apache.org/r1636524 Log: Update UTF-8 test to take account of recent(ish) Java 8 fixes for UTF-8. Modified: tomcat/trunk/test/org/apache/tomcat/util/buf/TestUtf8.java Modified: tomcat/trunk/test/org/apache/tom