[Bug 60400] HttpServletRequest.getReader doesn't correctly read data

https://bz.apache.org/bugzilla/show_bug.cgi?id=60400 --- Comment #2 from clem...@guillaume.bzh --- Created attachment 34466 --> https://bz.apache.org/bugzilla/attachment.cgi?id=34466&action=edit server configuration Here is what I get: -rw-r--r-- 1 cguillaume cguillaume 12289 Nov 22 10:30 inpu

[Bug 60380] HttpServletRequest#logout() never calls TomcatPrincipal#logout()

https://bz.apache.org/bugzilla/show_bug.cgi?id=60380 --- Comment #5 from Mark Thomas --- The reason is java.lang.StackOverflowError and anything similar that may be added / discovered. -- You are receiving this mail because: You are the assignee for the bug.

svn propchange: r1767684 - svn:log

Author: markt Revision: 1767684 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:48:13 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:48:13 2016 @@ -1 +1,2 @@ Explicitly configure allowed credential

svn propchange: r1767676 - svn:log

Author: markt Revision: 1767676 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:47:56 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:47:56 2016 @@ -1 +1,2 @@ Explicitly configure allowed credential

svn propchange: r1767656 - svn:log

Author: markt Revision: 1767656 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:47:43 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:47:43 2016 @@ -1 +1,2 @@ Explicitly configure allowed credential

svn propchange: r1767646 - svn:log

Author: markt Revision: 1767646 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:47:30 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:47:30 2016 @@ -1 +1,2 @@ Explicitly configure allowed credential

svn propchange: r1765798 - svn:log

Author: markt Revision: 1765798 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:46:40 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:46:40 2016 @@ -1,3 +1,4 @@ Fix https://bz.apache.org/bugzilla/sh

svn propchange: r1767644 - svn:log

Author: markt Revision: 1767644 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:47:14 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:47:14 2016 @@ -1 +1,2 @@ Explicitly configure allowed credential

svn propchange: r1765794 - svn:log

Author: markt Revision: 1765794 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:46:21 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:46:21 2016 @@ -2,3 +2,4 @@ Fix https://bz.apache.org/bugzilla/sho

svn propchange: r1767683 - svn:log

Author: markt Revision: 1767683 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:45:43 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:45:43 2016 @@ -1,2 +1,3 @@ Add additional checks for valid chara

svn propchange: r1767675 - svn:log

Author: markt Revision: 1767675 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:45:22 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:45:22 2016 @@ -1,2 +1,3 @@ Add additional checks for valid chara

svn propchange: r1767653 - svn:log

Author: markt Revision: 1767653 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:44:39 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:44:39 2016 @@ -1,2 +1,3 @@ Add additional checks for valid chara

svn propchange: r1767645 - svn:log

Author: markt Revision: 1767645 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:45:07 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:45:07 2016 @@ -1,2 +1,3 @@ Add additional checks for valid chara

svn propchange: r1767641 - svn:log

Author: markt Revision: 1767641 Modified property: svn:log Modified: svn:log at Tue Nov 22 09:43:55 2016 -- --- svn:log (original) +++ svn:log Tue Nov 22 09:43:55 2016 @@ -1,2 +1,3 @@ Add additional checks for valid chara

svn commit: r1770815 - in /tomcat/site/trunk: docs/security-6.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-6.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/s

Author: markt Date: Tue Nov 22 09:42:06 2016 New Revision: 1770815 URL: http://svn.apache.org/viewvc?rev=1770815&view=rev Log: Publish: CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/d

[SECURITY] CVE-2016-6817 Apache Tomcat Denial of Service

CVE-2016-6817 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11 Apache Tomcat 8.5.0 to 8.5.6 Earlier versions are not affected. Description The HTTP/2 header parser entered an infinite loop if a

[SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure

CVE-2016-6816 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0.RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47 Earlier,

[SECURITY] CVE-2016-8735 Apache Tomcat Remote Code Execution

CVE-2016-8735 Apache Tomcat Remote Code Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0.RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47 Earlier,

[Bug 60381] Inconsistent toString() in ValveBase and RealmBase

https://bz.apache.org/bugzilla/show_bug.cgi?id=60381 --- Comment #3 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Mark Thomas from comment #2) > The toString() implementations have been pretty much unchanged since the > lifecycle refactoring in 7.0.x. While users shouldn't not be expec

[Bug 60400] HttpServletRequest.getReader doesn't correctly read data

https://bz.apache.org/bugzilla/show_bug.cgi?id=60400 --- Comment #1 from Violeta Georgieva --- Hi, I was not able to reproduce the issue with the provided example. I received: - input with size 12289 - output with size 12302. The output contains two rows: - the first one contains information f