[GUMP@vmgump]: Project tomcat-native-trunk-make (in module tomcat-native-trunk) failed

To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-native-trunk-make has an issue affecting its community integration

r1731030 and 1731035 release timeline

Hi there, I’ve run into the WebappClassLoader jar scanning memory leak resolved by r1731030 and r1731035 in Tomcat 7 trunk. It appears those changes made it separately into both 8.0.36 and 8.5.3, but are missing from 7.0.69 and 7.0.70. Any idea on the timeline of when those would be released in

Re: [VOTE] Release Apache Tomcat 7.0.70

2016-06-15 22:47 GMT+03:00 Violeta Georgieva : > > The proposed Apache Tomcat 7.0.70 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/

svn commit: r1748720 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

Author: markt Date: Thu Jun 16 13:02:31 2016 New Revision: 1748720 URL: http://svn.apache.org/viewvc?rev=1748720&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705 Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch

[Bug 57705] RemoteAddrValve: no log message no explanation when valve rejects request

https://bz.apache.org/bugzilla/show_bug.cgi?id=57705 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

svn commit: r1748718 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

Author: markt Date: Thu Jun 16 12:55:35 2016 New Revision: 1748718 URL: http://svn.apache.org/viewvc?rev=1748718&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705 Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch

svn commit: r1748716 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

Author: markt Date: Thu Jun 16 12:52:37 2016 New Revision: 1748716 URL: http://svn.apache.org/viewvc?rev=1748716&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705 Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch

svn commit: r1748715 - in /tomcat/trunk: java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

Author: markt Date: Thu Jun 16 12:48:16 2016 New Revision: 1748715 URL: http://svn.apache.org/viewvc?rev=1748715&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705 Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch

Re: Avoid use of SecureRandom during server startup

On Thu, Jun 16, 2016 at 1:03 PM, Mark Thomas wrote: So, while I can't guarantee the signature > isn't going to change, I can say I am reasonably sure it won't change. > Good enough for me. Thanks, Mark. Andy

Re: Avoid use of SecureRandom during server startup

On 16/06/2016 12:53, Andy Wilkinson wrote: > On Thu, Jun 16, 2016 at 12:42 PM, Mark Thomas wrote: > >> What if Boot created a custom ID generator by extending >> StandardSessionIdGenerator and overriding startInternal() so it sets the >> state but doesn't call getSessionId() ? >> >> That should o

Re: Avoid use of SecureRandom during server startup

On Thu, Jun 16, 2016 at 12:42 PM, Mark Thomas wrote: > What if Boot created a custom ID generator by extending > StandardSessionIdGenerator and overriding startInternal() so it sets the > state but doesn't call getSessionId() ? > > That should only be a few lines of code for the custom generator

Re: Avoid use of SecureRandom during server startup

On 16/06/2016 11:11, Andy Wilkinson wrote: > I would be quite happy if Tomcat made it easy for an embedder to configure > it in such a way that the use of SecureRandom during startup could be > disabled. Spring Boot could enable this option by default thereby allowing > users, without them configu

Re: Avoid use of SecureRandom during server startup

2016-06-16 12:48 GMT+02:00 Emmanuel Bourg : > Le 16/06/2016 à 11:52, Rémy Maucherat a écrit : > > > Tomcat's > > strategy avoids any risk to delay user requests, so is not effectively > > worse than the other strategy. > > Maybe the SecureRandom instance could be initialized asynchronously and > d

svn commit: r1748685 - in /tomcat/tc7.0.x/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml

Author: violetagg Date: Thu Jun 16 11:10:59 2016 New Revision: 1748685 URL: http://svn.apache.org/viewvc?rev=1748685&view=rev Log: Prep for next version Modified: tomcat/tc7.0.x/trunk/build.properties.default tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default tomcat/tc7.0.x/trunk/w

[Bug 59655] The CookieNameValidator has issue that related to the consistency

https://bz.apache.org/bugzilla/show_bug.cgi?id=59655 --- Comment #2 from Kyohei Nakamura --- Created attachment 33955 --> https://bz.apache.org/bugzilla/attachment.cgi?id=33955&action=edit patch against trunk Hi Mark, Thank you for the fix. I think this fix of changing the default to the RFC6

Re: Avoid use of SecureRandom during server startup

Le 16/06/2016 à 11:52, Rémy Maucherat a écrit : > Tomcat's > strategy avoids any risk to delay user requests, so is not effectively > worse than the other strategy. Maybe the SecureRandom instance could be initialized asynchronously and delivered through a java.util.concurrent.Future? This way it

Re: Avoid use of SecureRandom during server startup

On Thu, Jun 16, 2016 at 10:52 AM, Rémy Maucherat wrote: You're basically asking for all products to > behave the same because it would be nicer for your own product. I can assure you I'm not. I simply wanted to explore the possibility of Tomcat behaving the same way. I didn't want to prescribe

svn commit: r1748677 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/connector/Request.java

Author: markt Date: Thu Jun 16 10:03:57 2016 New Revision: 1748677 URL: http://svn.apache.org/viewvc?rev=1748677&view=rev Log: Remove unused code Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java Propchange: tomcat/tc8.

svn commit: r1748676 - /tomcat/trunk/java/org/apache/catalina/connector/Request.java

Author: markt Date: Thu Jun 16 10:02:29 2016 New Revision: 1748676 URL: http://svn.apache.org/viewvc?rev=1748676&view=rev Log: Remove unused code Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java URL:

Re: Avoid use of SecureRandom during server startup

2016-06-16 11:25 GMT+02:00 Andy Wilkinson : > On Thu, Jun 16, 2016 at 10:21 AM, Rémy Maucherat wrote: > > > -1, I am against fake improvements. > > > > Do you consider the improvement for applications that do not use HTTP > sessions at all to also be fake? > > This does not sound very realistic o

Re: Avoid use of SecureRandom during server startup

On Thu, Jun 16, 2016 at 10:23 AM, Romain Manni-Bucau wrote: > @Andy: you can use FastNonSecureRandom to disable it, should be enough for > applications not using the session > Thanks for the suggestion. That's certainly an option, but it requires some configuration that I'd like to be unnecessar

Re: Avoid use of SecureRandom during server startup

On Thu, Jun 16, 2016 at 10:21 AM, Rémy Maucherat wrote: > -1, I am against fake improvements. > Do you consider the improvement for applications that do not use HTTP sessions at all to also be fake? Andy

Re: Avoid use of SecureRandom during server startup

@Andy: you can use FastNonSecureRandom to disable it, should be enough for applications not using the session Romain Manni-Bucau @rmannibucau | Blog | Old Wordpress Blog | Github

Re: Avoid use of SecureRandom during server startup

2016-06-16 11:15 GMT+02:00 Andy Wilkinson : > I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an > embedded servlet container. We've seen a number of complaints from users > that their application hangs during startup, most often on a newly booted > VPS. The root cause is a lack

Avoid use of SecureRandom during server startup

I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an embedded servlet container. We've seen a number of complaints from users that their application hangs during startup, most often on a newly booted VPS. The root cause is a lack of entropy which causes Tomcat's use of SecureRandom