[PR] for delete failure case, respond with SC_CONFLICT rather than SC_METHOD_NOT_ALLOWED [tomcat]

Chenjp opened a new pull request, #802: URL: https://github.com/apache/tomcat/pull/802 Since allowed methods check has been performed previously, failure status code switch to 409 / SC_CONFLICT. Root cause may be insufficient privileges, OS file locking, or already deleted by another

Re: [PR] prefer central repo, disable releases for asf-snapshots [tomcat-tck]

adoroszlai commented on PR #2: URL: https://github.com/apache/tomcat-tck/pull/2#issuecomment-2549076448 @markt-asf could you please help review this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go

(tomcat) branch 10.1.x updated: Update CDI information

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new d878912065 Update CDI information d878912065 is de

(tomcat) branch 11.0.x updated: Update CDI information

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new d93a14b4d8 Update CDI information d93a14b4d8 is de

(tomcat) branch main updated: Update CDI information

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new c1e0648e01 Update CDI information c1e0648e01 is descri

[SECURITY] CVE-2024-54677 Apache Tomcat - DoS in examples web application

CVE-2024-54677 Apache Tomcat - DoS in examples web application Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.1 Apache Tomcat 10.1.0-M1 to 10.1.33 Apache Tomcat 9.0.0.M1 to 9.0.97 Description: Numerous examples in the examples web applic

[SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet

CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.1 Apache Tomcat 10.1.0-M1 to 10.1.33 Apache Tomcat 9.0.0.M1 to 9.0.97 Description: If the default servlet is write

svn commit: r1922564 - in /tomcat/site/trunk: docs/security-10.html docs/security-11.html docs/security-9.html xdocs/security-10.xml xdocs/security-11.xml xdocs/security-9.xml

Author: markt Date: Tue Dec 17 12:25:38 2024 New Revision: 1922564 URL: http://svn.apache.org/viewvc?rev=1922564&view=rev Log: Add CVE-2024-50379 and CVE-2024-54677 Modified: tomcat/site/trunk/docs/security-10.html tomcat/site/trunk/docs/security-11.html tomcat/site/trunk/docs/securit

Re: [PR] enhancement: RateLimitFilter - Provides an exact rate limiting mechanism [tomcat]

Chenjp commented on PR #794: URL: https://github.com/apache/tomcat/pull/794#issuecomment-2548168272 > You can't remove methods from the `RateLimiter` interface as it been included in a stable release. Updated -- This is an automated message from the Apache Git Service. To respond

[Bug 69504] CoyoteAdapter recycle request/response objects in "log()" method even if they are came from outside.

https://bz.apache.org/bugzilla/show_bug.cgi?id=69504 --- Comment #2 from Chen Jp --- propose extract recycling ops on external request/response from CoyoteAdapter#log. e.g. supposed implementation of CoyoteAdapter#checkRecycled: 1. access logging; 2. explicitly make sure req/resp were recycled.