Author: violetagg
Date: Wed Sep 28 06:59:07 2016
New Revision: 1762610
URL: http://svn.apache.org/viewvc?rev=1762610&view=rev
Log:
Remove extra trailing space
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.0.x/trun
Author: violetagg
Date: Wed Sep 28 06:57:58 2016
New Revision: 1762609
URL: http://svn.apache.org/viewvc?rev=1762609&view=rev
Log:
Remove extra traling space
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.5.x/trunk
Author: violetagg
Date: Wed Sep 28 06:56:50 2016
New Revision: 1762608
URL: http://svn.apache.org/viewvc?rev=1762608&view=rev
Log:
Remove extra traling space
Modified:
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-trunk-validate has an issue affecting its community integration.
Th
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-tc8.0.x-validate has an issue affecting its community
integration.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60164
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
Author: markt
Date: Tue Sep 27 19:11:57 2016
New Revision: 1762543
URL: http://svn.apache.org/viewvc?rev=1762543&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60164
Replace log4j-core*.jar with log4j-web*.jar since it is log4j-web*.jar that
contains the ServletContainerInitiali
Author: markt
Date: Tue Sep 27 19:11:30 2016
New Revision: 1762542
URL: http://svn.apache.org/viewvc?rev=1762542&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60164
Replace log4j-core*.jar with log4j-web*.jar since it is log4j-web*.jar that
contains the ServletContainerInitiali
Author: markt
Date: Tue Sep 27 19:10:47 2016
New Revision: 1762541
URL: http://svn.apache.org/viewvc?rev=1762541&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60164
Replace log4j-core*.jar with log4j-web*.jar since it is log4j-web*.jar that
contains the ServletContainerInitiali
https://bz.apache.org/bugzilla/show_bug.cgi?id=60164
--- Comment #2 from Mark Thomas ---
I've checked the 2.0 release and it is consistent with the latest version so
the proposed change makes sense.
--
You are receiving this mail because:
You are the assignee for the bug.
-
Author: markt
Date: Tue Sep 27 19:00:58 2016
New Revision: 1762540
URL: http://svn.apache.org/viewvc?rev=1762540&view=rev
Log:
Align make files for x86 and x64
Modified:
tomcat/jk/trunk/native/iis/Makefile.amd64
tomcat/jk/trunk/native/iis/Makefile.x86
tomcat/jk/trunk/xdocs/miscellaneo
https://bz.apache.org/bugzilla/show_bug.cgi?id=60173
--- Comment #7 from Matt ---
ditto, thanks
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60173
--- Comment #6 from patrick mcmanus ---
awesome. thank you. I'll update the firefox bug with the release info so
anybody tripping over it will know what they need to update to.
can I ask what happens if a client advertises >64KB? I'm assuming
Author: remm
Date: Tue Sep 27 15:39:29 2016
New Revision: 1762506
URL: http://svn.apache.org/viewvc?rev=1762506&view=rev
Log:
Cleanup
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/ConnectionSettingsBase.java
Propchange: tomcat/tc8.5.
Author: remm
Date: Tue Sep 27 15:37:57 2016
New Revision: 1762505
URL: http://svn.apache.org/viewvc?rev=1762505&view=rev
Log:
Cleanup. 64*1024 ought to be enough for everybody.
Modified:
tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettingsBase.java
Modified: tomcat/trunk/java/org/apa
https://bz.apache.org/bugzilla/show_bug.cgi?id=60173
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
Author: remm
Date: Tue Sep 27 15:30:44 2016
New Revision: 1762504
URL: http://svn.apache.org/viewvc?rev=1762504&view=rev
Log:
60173: Allow up to 64kB header table size.
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/ConnectionSettingsB
Author: remm
Date: Tue Sep 27 15:26:16 2016
New Revision: 1762503
URL: http://svn.apache.org/viewvc?rev=1762503&view=rev
Log:
60173: Allow up to 64kB header table size. Hopefully this will not keep
increasing indefinitely.
Modified:
tomcat/trunk/java/org/apache/coyote/http2/ConnectionSetting
Tag:
http://svn.apache.org/viewvc/tomcat/jk/tags/JK_1_2_42/
Source:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/jk/
This is a maintenance release with a handful of bug fixes. It also
includes Windows binaries for IIS.
The proposed JK 1.2.42 release is:
[ ] Broken - do not rel
Author: violetagg
Date: Tue Sep 27 14:20:14 2016
New Revision: 1762492
URL: http://svn.apache.org/viewvc?rev=1762492&view=rev
Log:
Use ByteBuffer instead of byte array. Use the new method for writing the data -
SocketWrapperBase.write(boolean, ByteBuffer).
Modified:
tomcat/trunk/java/org/ap
Author: markt
Date: Tue Sep 27 13:50:04 2016
New Revision: 15756
Log:
Upload Tomcat connectors 1.4.2 for voting
Added:
dev/tomcat/tomcat-connectors/jk/binaries/
dev/tomcat/tomcat-connectors/jk/binaries/tomcat-connectors-1.2.42-windows-i386-iis.zip
(with props)
dev/tomcat/tomcat-c
https://bz.apache.org/bugzilla/show_bug.cgi?id=60161
--- Comment #11 from Santhana Preethi ---
Any update regarding writing RewriteValve logs based on Remy Maucherat's patch?
--
You are receiving this mail because:
You are the assignee for the bug.
-
Author: markt
Date: Tue Sep 27 11:05:11 2016
New Revision: 1762447
URL: http://svn.apache.org/viewvc?rev=1762447&view=rev
Log:
Tag 1.2.42
Added:
tomcat/jk/tags/JK_1_2_42/
- copied from r1762446, tomcat/jk/trunk/
Modified:
tomcat/jk/tags/JK_1_2_42/native/common/jk_version.h
Modified
Author: markt
Date: Tue Sep 27 11:03:05 2016
New Revision: 1762446
URL: http://svn.apache.org/viewvc?rev=1762446&view=rev
Log:
Version number updates prior to tagging
Modified:
tomcat/jk/trunk/native/iis/README
tomcat/jk/trunk/native/netscape/README
tomcat/jk/trunk/tools/dist/binaries
Author: markt
Date: Tue Sep 27 10:57:11 2016
New Revision: 1762443
URL: http://svn.apache.org/viewvc?rev=1762443&view=rev
Log:
Add release date for 1.2.41 release
Modified:
tomcat/jk/trunk/xdocs/news/20150101.xml
Modified: tomcat/jk/trunk/xdocs/news/20150101.xml
URL:
http://svn.apache.org/v
Author: markt
Date: Tue Sep 27 10:54:59 2016
New Revision: 1762442
URL: http://svn.apache.org/viewvc?rev=1762442&view=rev
Log:
Add preliminary info for 1.2.42 release
Added:
tomcat/jk/trunk/xdocs/news/20160901.xml (with props)
Modified:
tomcat/jk/trunk/xdocs/index.xml
Modified: tomcat/
On 14/09/2016 19:09, Mark Thomas wrote:
> On 13/09/2016 09:27, Mark Thomas wrote:
>> All,
>>
>> It has been over 12 months since the 1.2.41 release and the changelog
>> contains some important fixes. I think it is time to start thinking
>> about a 1.2.42 release.
>>
>> I took a first pass through t
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #8 from Mark Thomas ---
Debug logs may contain security sensitive data and should be used and protected
accordingly.
I am -1 on any form of filtering of debug logs. The whole point of debug
logging is to show you exactly what is go
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #7 from Markus ---
Would it be so bad to parse the parameters for known sensitive ones? In such
cases you could filter those out. Question is - is it easily recognizable that
it's a logon request? If so, you might call a specialized
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #6 from Remy Maucherat ---
For starters, the log you pointed out in your report is simply a full dump of
the unparsed parameters as bytes. As a result, it cannot be filtered without
parsing it first, so the only option if there's a
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #5 from Markus ---
Hi,
@Remy: didn't know that it is considered rude to re-open a bug, if I'm not
satisfied with the solution. But if it is like that I continue to discuss
without re-opening. Please excuse my wrong behavior.
I'm n
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
Remy Maucherat changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #3 from mgrigorov ---
The problem here is how to recognize that a request parameter contains
sensitive information.
'j_password' is name defined in specs, so it is easy to handle.
But an application is free to use any names for its
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
Markus changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|WONTFIX
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
Remy Maucherat changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
Bug ID: 60178
Summary: password is logged in clear text
Product: Tomcat 7
Version: 7.0.69
Hardware: PC
OS: Windows NT
Status: NEW
Severity: critical
target/objenesis-2.5-SNAPSHOT.jar
-Dtest.reports=output/logs-NIO2
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160927-native-src.tar.gz
-Dexamples.sources.skip=true
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs
-Djdt.ja
37 matches
Mail list logo
