Author: kfujino
Date: Fri Dec 18 06:22:42 2015
New Revision: 1720723
URL: http://svn.apache.org/viewvc?rev=1720723&view=rev
Log:
Remove the unnecessary shutdown flag.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/TcpFailureDetector.java
Modified:
tomcat/trunk/ja
Author: kkolinko
Date: Fri Dec 18 03:51:46 2015
New Revision: 1720717
URL: http://svn.apache.org/viewvc?rev=1720717&view=rev
Log:
Documentation: Followup to r1720444.
Remove an unexpectedly added line (it looks like a leftover from a resolved svn
merge conflict)
Modified:
tomcat/tc6.0.x/trun
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750
--- Comment #4 from Konstantin Kolinko ---
1. The place to patch is
org.apache.coyote.http11.Http11Processor.prepareResponse()
If this feature is enabled, then it means that
1) if none Server header is set by a web application, we should skip
Author: kkolinko
Date: Fri Dec 18 02:09:20 2015
New Revision: 1720713
URL: http://svn.apache.org/viewvc?rev=1720713&view=rev
Log:
Fix typo in a comment - followup to r1720657
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/opens
Author: kkolinko
Date: Fri Dec 18 02:03:15 2015
New Revision: 1720711
URL: http://svn.apache.org/viewvc?rev=1720711&view=rev
Log:
Fix typo in a comment - followup to r1720640
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
Mod
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750
--- Comment #3 from Rob Winch ---
Thank you for the responses.
> It is also worth noting that because many system admins fake the server
> header, most attackers try scanning for all known vulnerabilities anyway.
Some hackers may target spec
Author: markt
Date: Thu Dec 17 21:41:33 2015
New Revision: 1720672
URL: http://svn.apache.org/viewvc?rev=1720672&view=rev
Log:
Don't create sessions unnecessarily in the Host Manager application.
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/host-m
Author: markt
Date: Thu Dec 17 21:41:06 2015
New Revision: 1720671
URL: http://svn.apache.org/viewvc?rev=1720671&view=rev
Log:
Add a redirect to the web interface to the root of the Host Manager web
application.
Added:
tomcat/tc6.0.x/trunk/webapps/host-manager/index.jsp
- copied unchan
Author: markt
Date: Thu Dec 17 21:39:36 2015
New Revision: 1720669
URL: http://svn.apache.org/viewvc?rev=1720669&view=rev
Log:
Don't create sessions unnecessarily in the Manager application.
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/manager/WEB
Author: markt
Date: Thu Dec 17 21:36:51 2015
New Revision: 1720667
URL: http://svn.apache.org/viewvc?rev=1720667&view=rev
Log:
Add a redirect to the web interface to the root of the Manager web application.
Added:
tomcat/tc6.0.x/trunk/webapps/manager/index.jsp
- copied unchanged from r1
Author: markt
Date: Thu Dec 17 21:20:41 2015
New Revision: 1720663
URL: http://svn.apache.org/viewvc?rev=1720663&view=rev
Log:
Don't create sessions unnecessarily in the Host Manager application.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/docs/changelog
Author: markt
Date: Thu Dec 17 21:20:05 2015
New Revision: 1720662
URL: http://svn.apache.org/viewvc?rev=1720662&view=rev
Log:
Avoid a few more sessions and the whitespace these directives generate.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/manager/WEB
Author: markt
Date: Thu Dec 17 21:19:38 2015
New Revision: 1720661
URL: http://svn.apache.org/viewvc?rev=1720661&view=rev
Log:
Don't create sessions unnecessarily in the Manager application.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Author: markt
Revision: 1720658
Modified property: svn:log
Modified: svn:log at Thu Dec 17 21:18:22 2015
--
--- svn:log (original)
+++ svn:log Thu Dec 17 21:18:22 2015
@@ -1 +1 @@
-Don't create sessions unnecessarily in th
Author: markt
Date: Thu Dec 17 21:17:46 2015
New Revision: 1720660
URL: http://svn.apache.org/viewvc?rev=1720660&view=rev
Log:
Don't create sessions unnecessarily in the Host Manager application.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/webapps/docs/changelog
Author: markt
Date: Thu Dec 17 21:16:25 2015
New Revision: 1720659
URL: http://svn.apache.org/viewvc?rev=1720659&view=rev
Log:
Avoid a few more sessions and the whitespace these directives generate.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/webapps/manager/WEB
Author: markt
Date: Thu Dec 17 21:15:27 2015
New Revision: 1720658
URL: http://svn.apache.org/viewvc?rev=1720658&view=rev
Log:
Don't create sessions unnecessarily in the Host Manager application.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/webapps/docs/changelog
Author: markt
Date: Thu Dec 17 21:11:42 2015
New Revision: 1720657
URL: http://svn.apache.org/viewvc?rev=1720657&view=rev
Log:
New ciphers added to OpenSSL master
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
tomcat/tc8.0.x/trunk/java/org/apache
Author: markt
Date: Thu Dec 17 21:06:14 2015
New Revision: 1720655
URL: http://svn.apache.org/viewvc?rev=1720655&view=rev
Log:
Don't create session unnecessarily in the Host Manager application.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/host-manager/WEB-INF/js
Author: markt
Date: Thu Dec 17 21:04:25 2015
New Revision: 1720654
URL: http://svn.apache.org/viewvc?rev=1720654&view=rev
Log:
Avoid a few more sessions and the whitespace these directives generate.
Modified:
tomcat/trunk/webapps/manager/WEB-INF/jsp/401.jsp
tomcat/trunk/webapps/manager/WE
Author: markt
Date: Thu Dec 17 20:57:45 2015
New Revision: 1720652
URL: http://svn.apache.org/viewvc?rev=1720652&view=rev
Log:
Don't create session unnecessarily in the Manager application.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/manager/WEB-INF/web.xml
https://bz.apache.org/bugzilla/show_bug.cgi?id=58751
Bug ID: 58751
Summary: Strange behaviour after calling sendError when an
async request times out
Product: Tomcat 8
Version: 8.0.30
Hardware: PC
OS: Mac OS
Author: markt
Date: Thu Dec 17 20:45:24 2015
New Revision: 1720649
URL: http://svn.apache.org/viewvc?rev=1720649&view=rev
Log:
New ciphers for 1.1.0
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/
Author: markt
Date: Thu Dec 17 20:45:03 2015
New Revision: 1720648
URL: http://svn.apache.org/viewvc?rev=1720648&view=rev
Log:
More refactoring to take account of OpenSSL giving equal preference to some
ciphers.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpen
Author: markt
Date: Thu Dec 17 20:09:25 2015
New Revision: 1720640
URL: http://svn.apache.org/viewvc?rev=1720640&view=rev
Log:
Refactor testing to take account of OpenSSL giving equal preference to some
ciphers.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpen
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750
--- Comment #2 from Mark Thomas ---
I don't see any significant information leakage here, even if the exact Tomcat
version is provided.
Assume you have a Tomcat instance running 8.0.30 (no known vulnerabilities as I
type this). How does it mak
On 17/12/2015 19:23, Mark Thomas wrote:
> On 17/12/2015 18:36, Konstantin Kolinko wrote:
>> 2015-12-17 18:30 GMT+03:00 :
>>> Author: markt
>>> Date: Thu Dec 17 15:30:11 2015
>>> New Revision: 1720604
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1720604&view=rev
>>> Log:
>>> Align cipher names wit
Author: markt
Date: Thu Dec 17 19:26:23 2015
New Revision: 1720633
URL: http://svn.apache.org/viewvc?rev=1720633&view=rev
Log:
Fix typo
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/cip
Author: markt
Date: Thu Dec 17 19:26:10 2015
New Revision: 1720632
URL: http://svn.apache.org/viewvc?rev=1720632&view=rev
Log:
Better reference
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/c
On 17/12/2015 18:36, Konstantin Kolinko wrote:
> 2015-12-17 18:30 GMT+03:00 :
>> Author: markt
>> Date: Thu Dec 17 15:30:11 2015
>> New Revision: 1720604
>>
>> URL: http://svn.apache.org/viewvc?rev=1720604&view=rev
>> Log:
>> Align cipher names with proposed names for registry
>>
>> Modified:
>>
2015-12-17 18:30 GMT+03:00 :
> Author: markt
> Date: Thu Dec 17 15:30:11 2015
> New Revision: 1720604
>
> URL: http://svn.apache.org/viewvc?rev=1720604&view=rev
> Log:
> Align cipher names with proposed names for registry
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/cip
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750
Remy Maucherat changed:
What|Removed |Added
Severity|normal |enhancement
--- Comment #1 from Remy
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750
Bug ID: 58750
Summary: Provide way to disable Server header completely
Product: Tomcat 8
Version: 8.0.30
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Seve
Each AsyncChannelWrapperSecure creates two threads, and
WsWebSocketContainer creates an AsyncChannelWrapperSecure for each secure
connection.
Is this behaviour intended or is this a bug?
I initially posted this as a bug because:
1. The behaviour is not mentioned in the Websocket How-To
2. The beh
Author: markt
Date: Thu Dec 17 15:30:11 2015
New Revision: 1720604
URL: http://svn.apache.org/viewvc?rev=1720604&view=rev
Log:
Align cipher names with proposed names for registry
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
Modified:
tomcat/trunk/java/o
Author: markt
Date: Thu Dec 17 15:27:50 2015
New Revision: 1720603
URL: http://svn.apache.org/viewvc?rev=1720603&view=rev
Log:
Add the draft names to the list of registered names
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
Modified:
tomcat/trunk/te
Author: markt
Date: Thu Dec 17 15:20:04 2015
New Revision: 1720602
URL: http://svn.apache.org/viewvc?rev=1720602&view=rev
Log:
New ciphers added to OpenSSL master
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
tomcat/trunk/java/org/apache/tomcat/util/ne
GitHub user ukari opened a pull request:
https://github.com/apache/tomcat/pull/25
Change response character encoding
It seems that encoding was forgotten to be changed in function doFilter().
When I set AddDefaultCharsetFilter in web.xml, like the following:
===
Author: violetagg
Date: Thu Dec 17 15:11:43 2015
New Revision: 1720598
URL: http://svn.apache.org/viewvc?rev=1720598&view=rev
Log:
Close streams.
This is not needed for later versions as there these issues are fixed.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java
tomcat/t
https://bz.apache.org/bugzilla/show_bug.cgi?id=57906
Konstantin Kolinko changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
Author: kkolinko
Date: Thu Dec 17 14:53:21 2015
New Revision: 1720568
URL: http://svn.apache.org/viewvc?rev=1720568&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57906
Suppress log messages when running with a security manager on Java 6,
caused by java.beans.Introspector.findExp
https://bz.apache.org/bugzilla/show_bug.cgi?id=57906
--- Comment #5 from Konstantin Kolinko ---
4. Tomcat 6 does not log any INFO message with Java 6u45.
The reason for this though is an unexpected one.
The reason is in the following block of code:
[[[
try {
clazz = system.l
https://bz.apache.org/bugzilla/show_bug.cgi?id=58749
Mark Thomas changed:
What|Removed |Added
OS||All
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=57906
--- Comment #4 from Konstantin Kolinko ---
1. This issue was not visible with 7.0.57 because EL evaluation was performed
with elevated privileges (CVE-2014-7810, fixed in 7.0.58 onwards)
2. The differences between versions of Java
> at java.b
https://bz.apache.org/bugzilla/show_bug.cgi?id=57906
--- Comment #3 from Konstantin Kolinko ---
Created attachment 33358
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33358&action=edit
test57905.jsp - simple page to test/demonstrate this issue
Updating status of this issue, with current
https://bz.apache.org/bugzilla/show_bug.cgi?id=58749
Bug ID: 58749
Summary: connectToServer() creates two threads for each
connection when used with SSL
Product: Tomcat 8
Version: trunk
Hardware: PC
Status: NEW
Author: violetagg
Date: Thu Dec 17 13:16:37 2015
New Revision: 1720546
URL: http://svn.apache.org/viewvc?rev=1720546&view=rev
Log:
Merged revision 1720506 from tomcat/trunk:
Fixed findbugs issues:
- Do not invoke toString() method on a String
- Do not invoke inefficient Boolean constructor; use Bo
Author: violetagg
Date: Thu Dec 17 13:03:59 2015
New Revision: 1720540
URL: http://svn.apache.org/viewvc?rev=1720540&view=rev
Log:
Merged revision 1720506 from tomcat/trunk:
Fixed findbugs issues:
- Do not invoke toString() method on a String
- Do not invoke inefficient Boolean constructor; use Bo
Author: violetagg
Date: Thu Dec 17 10:21:32 2015
New Revision: 1720506
URL: http://svn.apache.org/viewvc?rev=1720506&view=rev
Log:
Fixed findbugs issues:
- Do not invoke toString() method on a String
- Do not invoke inefficient Boolean constructor; use Boolean.valueOf(...)
instead
- Close Stream
https://bz.apache.org/bugzilla/show_bug.cgi?id=58741
--- Comment #7 from Remy Maucherat ---
The policy is to not do user support in BZ, so as to not attract support issues
there and having to provide direct support. Now, you're free to handle things
the way you'd like :)
The truststore handling
50 matches
Mail list logo
