https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
Author: markt
Date: Thu Dec 8 22:20:26 2016
New Revision: 1773307
URL: http://svn.apache.org/viewvc?rev=1773307&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
Correctly handle HTTP/2 header values that contain characters with unicode code
points in the range 128 to 255. R
Author: markt
Date: Thu Dec 8 22:19:41 2016
New Revision: 1773306
URL: http://svn.apache.org/viewvc?rev=1773306&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
Correctly handle HTTP/2 header values that contain characters with unicode code
points in the range 128 to 255. R
On 08/12/2016 21:15, Victor Rodriguez wrote:
> THANKS IN ADVANCE FOR YOUR HELP!
Please stop shouting.
This question belongs on the users list.
Mark
>
> I have abc.war and I want both /abc and /xyz to work for it. I've tried
> adding aliases="/abc=abc.war,/xyz=abc.war" and aliases="/abc=abc,/
THANKS IN ADVANCE FOR YOUR HELP!
I have abc.war and I want both /abc and /xyz to work for it. I've tried
adding aliases="/abc=abc.war,/xyz=abc.war" and aliases="/abc=abc,/xyz=abc"
but neither of those worked. This is how my original context.xml looked
like.
WEB-INF/web.xml
Author: markt
Date: Thu Dec 8 20:50:30 2016
New Revision: 17334
Log:
Release 8.5.9
Added:
release/tomcat/tomcat-8/v8.5.9/
- copied from r17250, dev/tomcat/tomcat-8/v8.5.9/
Removed:
dev/tomcat/tomcat-8/v8.5.9/
-
T
The following votes were cast:
Binding:
+1 (stable): violetagg, remm, kfujino, fschumacher
Non-binding:
+1 (stable): ebourg, csutherl, huxing
The vote therefore passes. Thanks to everyone who contributed to this
this release
Mark
---
Author: markt
Date: Thu Dec 8 20:48:07 2016
New Revision: 17333
Log:
Release 9.0.0.M15
Added:
release/tomcat/tomcat-9/v9.0.0.M15/
- copied from r17237, dev/tomcat/tomcat-9/v9.0.0.M15/
Removed:
dev/tomcat/tomcat-9/v9.0.0.M15/
---
The following votes were cast:
Binding:
+1 (stable): markt, violetagg, remm, kfujino, fschumacher
Non-binding:
+1 (stable): huxing
The vote therefore passes. Thanks to everyone who contributed to this
this release
Mark
-
To un
https://bz.apache.org/bugzilla/show_bug.cgi?id=60372
--- Comment #18 from mgrigorov ---
8.5.9 is being voted at the moment.
If everything is OK it will be available in the next few days.
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=60372
--- Comment #17 from Jan Kostelansky ---
dear support
when can I expect the patch to be included in tomcat 8.5 or tomcat 9 release?
I have not found it in changelog of latest tomcat 8.5
Thank you, Jan
--
You are receiving this mail becaus
https://bz.apache.org/bugzilla/show_bug.cgi?id=60372
Violeta Georgieva changed:
What|Removed |Added
CC||jan.kostelansky@aerosoftsys
https://bz.apache.org/bugzilla/show_bug.cgi?id=60455
Violeta Georgieva changed:
What|Removed |Added
Resolution|--- |DUPLICATE
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=60455
Bug ID: 60455
Summary: java.nio.BufferOverflowException
Product: Tomcat 9
Version: 9.0.0.M11
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Hi,
The proposed 8.5.9 release is:
[ ] Broken - do not release
[ X ] Stable - go ahead and release as <8.5.8> (should be 8.5.9)
Test case pass.
Our test web app works fine.
--
From:Mark Thomas
Time:2016 Dec 6 (Tue) 04:45
To:dev@tom
Le 8/12/2016 à 11:49, Mark Thomas a écrit :
> Added.
Thank you Mark.
> The commits on the security pages are meant to be just those required to
> fix the vulnerability.
>
> Back-porters may need additional commits for various reasons:
> a) prior commits that aligned the code with later version
On 08/12/2016 09:54, Emmanuel Bourg wrote:
> [resending as a new message instead of a reply, sorry]
Thanks.
> I'm still working on the security backports in Debian and I have a
> question regarding CVE-2015-5345. On the Tomcat 7 security page the
> commits 1715213 and 1717212 are referenced. If I
https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
--- Comment #3 from Ludovic Pénet ---
Agreed. I left the bug opened because the exception raised was quite unclear to
me and having another error trace would be great.
--
You are receiving this mail because:
You are the assignee for the bug.
Author: markt
Date: Thu Dec 8 11:11:51 2016
New Revision: 1773214
URL: http://svn.apache.org/viewvc?rev=1773214&view=rev
Log:
Add additional commit that fix the broken config options
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat
Author: markt
Date: Thu Dec 8 10:58:28 2016
New Revision: 1773212
URL: http://svn.apache.org/viewvc?rev=1773212&view=rev
Log:
Fix typo
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://sv
https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
--- Comment #2 from Michael Osipov <1983-01...@gmx.net> ---
This one is worth reading: http://stackoverflow.com/a/30446122/696632
--
You are receiving this mail because:
You are the assignee for the bug.
---
On 08/12/2016 00:37, Emmanuel Bourg wrote:
> Hi,
>
> The security pages are missing another commit, this time for
> CVE-2016-6797. The newly added validateGlobalResourceAccess method in
> ResourceLinkFactory was later modified to iterate over the classloader
> hierarchy. Without this modification
Author: markt
Date: Thu Dec 8 10:41:54 2016
New Revision: 1773211
URL: http://svn.apache.org/viewvc?rev=1773211&view=rev
Log:
And regression fix to CVE-2016-6796 commits
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/sec
[resending as a new message instead of a reply, sorry]
Hi all,
I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be p
Hi all,
I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be part of the fix, otherwise the
mapper*RedirectEnabled att
On 08/12/2016 07:32, Violeta Georgieva wrote:
> 2016-12-08 3:48 GMT+02:00 Matthew Bellew :
>>
>> I have narrowed this down quite a lot. This bug is caused by the same
>> Http11Processor being pushed on to the recycledProcessors stack twice. I
>> discovered this by add a duplicates check in recycl
26 matches
Mail list logo
