svn commit: r1822854 - /tomcat/tc8.5.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/jmx/JmxUtil.java

2018-01-31 Thread kfujino
Author: kfujino Date: Thu Feb 1 07:57:56 2018 New Revision: 1822854 URL: http://svn.apache.org/viewvc?rev=1822854&view=rev Log: format Modified: tomcat/tc8.5.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/jmx/JmxUtil.java Modified: tomcat/tc8.5.x/trunk/modules/jdbc-po

svn commit: r1822853 - /tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/jmx/JmxUtil.java

2018-01-31 Thread kfujino
Author: kfujino Date: Thu Feb 1 07:57:10 2018 New Revision: 1822853 URL: http://svn.apache.org/viewvc?rev=1822853&view=rev Log: format Modified: tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/jmx/JmxUtil.java Modified: tomcat/trunk/modules/jdbc-pool/src/main/java

svn commit: r1822851 - in /tomcat/tc8.5.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool: PooledConnectionMBean.java interceptor/StatementCacheMBean.java

2018-01-31 Thread kfujino
Author: kfujino Date: Thu Feb 1 07:52:52 2018 New Revision: 1822851 URL: http://svn.apache.org/viewvc?rev=1822851&view=rev Log: Add missing ALv2 header Modified: tomcat/tc8.5.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnectionMBean.java tomcat/tc8.5.x/t

svn commit: r1822841 - /tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 22:44:25 2018 New Revision: 1822841 URL: http://svn.apache.org/viewvc?rev=1822841&view=rev Log: SpotBugs Fix sync warning Modified: tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java Modified: tomcat/trunk/java/org/apache/catalina/ha/session/Del

[Bug 62048] Missing logout function in Manager and Host-Manager webapps

2018-01-31 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048 Mark Thomas changed: What|Removed |Added Severity|normal |enhancement -- You are receiving this m

svn commit: r1822809 - in /tomcat/trunk/java/org/apache: catalina/connector/Response.java coyote/Response.java

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 15:14:25 2018 New Revision: 1822809 URL: http://svn.apache.org/viewvc?rev=1822809&view=rev Log: Push the error state tracking down to the Coyote Response so it becomes accessible to the early stages of request processing. The intention is to use this to enable thos

[Bug 62067] New: HttpConstraint not applied when Servlet mapped ""

2018-01-31 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62067 Bug ID: 62067 Summary: HttpConstraint not applied when Servlet mapped "" Product: Tomcat 8 Version: 8.5.27 Hardware: PC Status: NEW Severity: normal Priority:

[Bug 57830] Add support for ProxyProtocol

2018-01-31 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830 asanc...@mga.es changed: What|Removed |Added CC|asanc...@mga.es | -- You are receiving this mail beca

[Bug 57830] Add support for ProxyProtocol

2018-01-31 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830 asanc...@mga.es changed: What|Removed |Added CC||asanc...@mga.es -- You are receiving

[SECURITY] CVE-2017-15706 Apache Tomcat Incorrectly documented CGI search algorithm

2018-01-31 Thread Mark Thomas
CVE-2017-15706 Apache Tomcat Incorrectly documented CGI search algorithm Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M22 to 9.0.1 Apache Tomcat 8.5.16 to 8.5.23 Apache Tomcat 8.0.45 to 8.0.47 Apache Tomcat 7.0.79 to 7.0.82 Description: As part of

[SECURITY] CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted

2018-01-31 Thread Mark Thomas
CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat Native 1.2.0 to 1.2.14 Apache Tomcat Native 1.1.23 to 1.1.34 Description: When parsing the AIA-Extension field of a client certificate, A

svn commit: r1822784 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html docs/security-native.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml xd

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 10:21:58 2018 New Revision: 1822784 URL: http://svn.apache.org/viewvc?rev=1822784&view=rev Log: Make CVE-2017-15698 and CVE-2017-15706 public Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/s

About BZ 58143

2018-01-31 Thread Rainer Jung
Just a short explanation why I reopened BZ 58143: All is well for TC 8.0-9.0, but for TC 7.0 Spring Load time Weaving is broken since 7.0.70. You might remember that we implemented an additional interface in the WebappClassLoader to make adding weavers more easy. That was backported to TC 7 ar

svn commit: r1822777 - /tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCacheMBean.java

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 09:12:20 2018 New Revision: 1822777 URL: http://svn.apache.org/viewvc?rev=1822777&view=rev Log: Add missing ALv2 header Modified: tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCacheMBean.java Modified: tomcat/tr

svn commit: r1822778 - in /tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool: interceptor/StatementCache.java jmx/JmxUtil.java

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 09:12:31 2018 New Revision: 1822778 URL: http://svn.apache.org/viewvc?rev=1822778&view=rev Log: ws police Modified: tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java tomcat/trunk/modules/jdbc-pool/src/

svn commit: r1822776 - /tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnectionMBean.java

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 09:11:46 2018 New Revision: 1822776 URL: http://svn.apache.org/viewvc?rev=1822776&view=rev Log: Add missing ALv2 header Modified: tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnectionMBean.java Modified: tomcat/trunk/module

Re: svn commit: r1822644 - in /tomcat/trunk: java/org/apache/coyote/ java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/ java/org/apache/coyote/http2/ java/org/apache/tomcat/util/http/parser/ w

2018-01-31 Thread Mark Thomas
On 30/01/18 19:24, Mark Thomas wrote: > On 30/01/18 15:25, Mark Thomas wrote: >> On 30/01/18 15:15, Konstantin Kolinko wrote: >>> -1. >>> >>> Reading the algorithm in Host.parse(Reader), I think that http://610.ru/en/ >>> and a number of popular Chinese web sites won't pass this validation. >>> htt

svn commit: r1822775 - in /tomcat/trunk: java/org/apache/tomcat/util/http/parser/HttpParser.java test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java webapps/docs/changelog.xml

2018-01-31 Thread markt
Author: markt Date: Wed Jan 31 09:01:40 2018 New Revision: 1822775 URL: http://svn.apache.org/viewvc?rev=1822775&view=rev Log: Update the host validation to permit host names and components of domain names (excluding top-level domains) to start with a number and to ensure that top-level domains