[Bug 69815] New: Feature request: support device bound session credentials (DBSC)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69815 Bug ID: 69815 Summary: Feature request: support device bound session credentials (DBSC) Product: Tomcat 11 Version: unspecified Hardware: Other OS: Linux

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 Remy Maucherat changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 69814] HttpSession.isNew() may return true on an existing session due to a race condition

https://bz.apache.org/bugzilla/show_bug.cgi?id=69814 Sammy Chan changed: What|Removed |Added OS||All --- Comment #2 from Sammy Chan

[Bug 69814] HttpSession.isNew() may return true on an existing session due to a race condition

https://bz.apache.org/bugzilla/show_bug.cgi?id=69814 --- Comment #1 from Sammy Chan --- Created attachment 40098 --> https://bz.apache.org/bugzilla/attachment.cgi?id=40098&action=edit demo source, app, video -- You are receiving this mail because: You are the assignee for

[Bug 69814] New: HttpSession.isNew() may return true on an existing session due to a race condition

https://bz.apache.org/bugzilla/show_bug.cgi?id=69814 Bug ID: 69814 Summary: HttpSession.isNew() may return true on an existing session due to a race condition Product: Tomcat 10 Version: 10.1.44 Hardware: PC

[Bug 69803] HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH

https://bz.apache.org/bugzilla/show_bug.cgi?id=69803 --- Comment #5 from Mark Thomas --- Insufficient information has been provided for the Tomcat team to provide a definitive answer. The change log comment explicitly states it applies only when a Writer is being used. Your code example is

[Bug 69803] HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH

https://bz.apache.org/bugzilla/show_bug.cgi?id=69803 --- Comment #4 from gnirmalkuma...@gmail.com --- I wanted to add some more details from our application code in case it helps narrow this down. We use a custom GZIPFilter that buffers the response, compresses it, and then explicitly sets the

[Bug 69803] HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH

https://bz.apache.org/bugzilla/show_bug.cgi?id=69803 --- Comment #3 from gnirmalkuma...@gmail.com --- Hi Mark, thanks for your response. I reviewed the Tomcat 9.0.107 release notes and noticed the following change: Fix: Allow the default servlet to set the content length when the content

[Bug 69810] ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock

https://bz.apache.org/bugzilla/show_bug.cgi?id=69810 --- Comment #2 from David Connard --- Can we get some kind of warning or something in the public changelog? https://tomcat.apache.org/tomcat-9.0-doc/changelog.html doesn't currently note that 9.0.109 is a bad release, and doesn'

[Bug 69810] ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock

https://bz.apache.org/bugzilla/show_bug.cgi?id=69810 David Connard changed: What|Removed |Added CC||dconnar...@gmail.com -- You are

[Bug 69810] ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock

https://bz.apache.org/bugzilla/show_bug.cgi?id=69810 R. Oosterholt changed: What|Removed |Added CC||r.oosterh...@gmail.com -- You are

[Bug 69810] ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock

https://bz.apache.org/bugzilla/show_bug.cgi?id=69810 --- Comment #1 from Mark Thomas --- Known issue with 9.0.109 and 10.1.45. New releases are in progress / will be in progress soon that fix that. I'd expect them to be complete early next week. -- You are receiving this mail because: Yo

[Bug 69810] New: ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock

https://bz.apache.org/bugzilla/show_bug.cgi?id=69810 Bug ID: 69810 Summary: ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWr iteLock Product: Tomcat 9 Version: 9.0.109

[Bug 69803] HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH

https://bz.apache.org/bugzilla/show_bug.cgi?id=69803 Mark Thomas changed: What|Removed |Added Severity|blocker |normal --- Comment #2 from Mark Thomas

[Bug 69806] SPAM SPAM SPAM SPAM

https://bz.apache.org/bugzilla/show_bug.cgi?id=69806 Chuck Caldarale changed: What|Removed |Added Summary|Ilmalämpöpumppu Tampere |SPAM SPAM SPAM SPAM

[Bug 69805] SPAM SPAM SPAM SPAM

https://bz.apache.org/bugzilla/show_bug.cgi?id=69805 Chuck Caldarale changed: What|Removed |Added Status|NEW |RESOLVED URL|https

[Bug 69806] New: Ilmalämpöpumppu Tampere

https://bz.apache.org/bugzilla/show_bug.cgi?id=69806 Bug ID: 69806 Summary: Ilmalämpöpumppu Tampere Product: Tomcat Native Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2

[Bug 69806] Ilmalämpöpumppu Tampere

https://bz.apache.org/bugzilla/show_bug.cgi?id=69806 AJK Oy changed: What|Removed |Added URL||https://www.ajk-oy.fi/ilmal

[Bug 69805] Putkimies Tampere

https://bz.apache.org/bugzilla/show_bug.cgi?id=69805 AJK Oy changed: What|Removed |Added URL||https://www.ajk-oy.fi/putki

[Bug 69805] New: Putkimies Tampere

https://bz.apache.org/bugzilla/show_bug.cgi?id=69805 Bug ID: 69805 Summary: Putkimies Tampere Product: Tomcat Native Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2

[Bug 69801] SIGSEGV during shutdown when using tomcat-native and certificate client auth

https://bz.apache.org/bugzilla/show_bug.cgi?id=69801 --- Comment #2 from Martin Fúsek --- Hi because it hapend when i reboot tomcat, whole standard output from tomcat 12:18:58.482 INFO {main} [o.a.c.h.Http11NioProtocol] : Starting ProtocolHandler ["https-openssl-nio-8453"] 12:42:4

[Bug 69801] SIGSEGV during shutdown when using tomcat-native and certificate client auth

https://bz.apache.org/bugzilla/show_bug.cgi?id=69801 Christopher Schultz changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from

[Bug 69803] HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH

https://bz.apache.org/bugzilla/show_bug.cgi?id=69803 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Mark

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #8 from Christopher Schultz --- I think it would be rare for someone to want to customize the named groups based upon the certificate itself. Sure, some certificate types narrow-down the list of named groups available for the

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #7 from Mark Thomas --- Yes, I would prefer Jre20Compat for consistency :) I think merging JreCompat implementations to just the LTS versions would be worth a discussion on the dev@ list. -- You are receiving this mail because

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #6 from Remy Maucherat --- Mark likes precision now, so definitely Jre20Compat. In theory I think it is better to add it to Certificate, but since some groups are already hybrid (it means there are two expected certificates of

[Bug 69803] New: HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH

https://bz.apache.org/bugzilla/show_bug.cgi?id=69803 Bug ID: 69803 Summary: HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH Product: Tomcat 9

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #5 from Christopher Schultz --- I think it makes sense to have "namedGroups" on the element, alongside the "ciphers". Rémy, do you think it makes more sense to add it to the ? If we do only this bit: >

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #4 from Matt Porter --- Hey Remmy, Apologies, I wasn't quite following. I was picturing something like this: https://github.com/matthew-js-porter/spring-boot-named-groups-testing/tree/main/named-groups-tomcat-server

[Bug 69770] ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 --- Comment #5 from Mark Thomas --- Again, unless and until a test case is provided that demonstrates this issue, there is nothing the Tomcat team can do. If no test case is provided, this will get resolved as "WORKSFORME". -

[Bug 69802] New: optional certificateVerification with TLS 1.3 gives a warning but it should work fine

https://bz.apache.org/bugzilla/show_bug.cgi?id=69802 Bug ID: 69802 Summary: optional certificateVerification with TLS 1.3 gives a warning but it should work fine Product: Tomcat 11 Version: 11.0.10 Hardware: PC

[Bug 69770] ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 --- Comment #4 from gnirmalkuma...@gmail.com --- We are facing the exact same issue after upgrading our base image from Tomcat 9.0.106 to 9.0.107. Our UI pages stopped loading, and we were forced to downgrade back to 9.0.106. The problem

[Bug 69801] New: SIGSEGV during shutdown when using tomcat-native and certificate client auth

https://bz.apache.org/bugzilla/show_bug.cgi?id=69801 Bug ID: 69801 Summary: SIGSEGV during shutdown when using tomcat-native and certificate client auth Product: Tomcat 10 Version: 10.1.44 Hardware: PC OS

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #3 from Remy Maucherat --- https://tls13.xargs.org/#client-hello/annotated The client hello has info on the client supported groups, which is probably what we need. As a result, with TLS 1.3, it would be a good idea to use that

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #2 from Matt Porter --- Apologies, I wasn't suggesting anything custom for Bouncy Castle's JSSE provider, my point there is that they released a version with PQC resistant key exchange algorithms so I think we'll se

[Bug 69800] Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 --- Comment #1 from Remy Maucherat --- Tomcat's focus is on OpenSSL (and clones) support for newer TLS features, and (plain) JSSE for more established ones. I am not in favor of adding anything dedicated to custom JSSE providers. So

[Bug 69800] New: Enhancement: Support for configuring TLS named groups

https://bz.apache.org/bugzilla/show_bug.cgi?id=69800 Bug ID: 69800 Summary: Enhancement: Support for configuring TLS named groups Product: Tomcat 11 Version: unspecified Hardware: PC OS: Mac OS X 10.1 Status: NEW

[Bug 69799] Please remove from the taglib moderator's list

https://bz.apache.org/bugzilla/show_bug.cgi?id=69799 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 69799] New: Please remove from the taglib moderator's list

https://bz.apache.org/bugzilla/show_bug.cgi?id=69799 Bug ID: 69799 Summary: Please remove from the taglib moderator's list Product: Taglibs Version: unspecified Hardware: PC OS: Mac OS X 10.1 Status

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #8 from Remy Maucherat --- (In reply to Mark Thomas from comment #7) > I'm not sure it does. The database operations should be atomic. +1, let's assume that then and avoid preemptively adding stuff, we'll see i

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #7 from Mark Thomas --- I'm not sure it does. The database operations should be atomic. -- You are receiving this mail because: You are the assignee for th

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #6 from Remy Maucherat --- I suppose DataSourceStore needs the same addition of per key locking ? It uses getObjectInputStream the same way as FileStore (no surprise there). I will do the changes. I will not update JDBCStore

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 69770] ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 --- Comment #3 from Mark Thomas --- If the requested information is not provided, this issue will be resolved as WORKSFORME. -- You are receiving this mail because: You are the assignee for the bug

[Bug 69792] New: LOVE678 – Platform Hot Live Streaming Terpanas Di Indonesia

https://bz.apache.org/bugzilla/show_bug.cgi?id=69792 Bug ID: 69792 Summary: LOVE678 – Platform Hot Live Streaming Terpanas Di Indonesia Product: Tomcat Native Version: unspecified Hardware: PC Status: NEW

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #4 from Mark Thomas --- I've added a test case for this to main (12.0.x). I haven't looked at the proposed solution yet. -- You are receiving this mail because: You are the assignee f

[Bug 69611] Unable to add a network path to the UNCList for an alias

https://bz.apache.org/bugzilla/show_bug.cgi?id=69611 Mark Thomas changed: What|Removed |Added Assignee|dev@tomcat.apache.org |b...@httpd.apache.org

[Bug 69611] Doris\Unable to add a network path to the UNCList for an alias

https://bz.apache.org/bugzilla/show_bug.cgi?id=69611 Daniel changed: What|Removed |Added Version|2.4.63 |unspecified Product|Apache httpd

[Bug 69788] New: shadowdb

https://bz.apache.org/bugzilla/show_bug.cgi?id=69788 Bug ID: 69788 Summary: shadowdb Product: Tomcat Modules Version: unspecified Hardware: Macintosh OS: Mac OS X 10.3 Status: NEW Severity: major

[Bug 69788] 7777

https://bz.apache.org/bugzilla/show_bug.cgi?id=69788 Daniel changed: What|Removed |Added Summary|shadowdb| -- You are receiving this mail because

[Bug 69785] Custom Lucite Deal Toys & M&A Tombstones | DealToys.shop

https://bz.apache.org/bugzilla/show_bug.cgi?id=69785 Azat changed: What|Removed |Added Resolution|--- |INVALID Status|NEW

[Bug 69786] New: reporter:us...@company.com

https://bz.apache.org/bugzilla/show_bug.cgi?id=69786 Bug ID: 69786 Summary: reporter:us...@company.com Product: Tomcat Modules Version: unspecified Hardware: Other OS: Mac OS X 10.3 Status: NEW Severity

[Bug 69785] Custom Lucite Deal Toys & M&A Tombstones | DealToys.shop

https://bz.apache.org/bugzilla/show_bug.cgi?id=69785 Deal Toys Shop changed: What|Removed |Added URL||https://dealtoys.shop

[Bug 69785] New: Custom Lucite Deal Toys & M&A Tombstones | DealToys.shop

https://bz.apache.org/bugzilla/show_bug.cgi?id=69785 Bug ID: 69785 Summary: Custom Lucite Deal Toys & M&A Tombstones | DealToys.shop Product: Tomcat Native Version: unspecified Hardware: PC Sta

[Bug 69783] https://pacexgrowth.com/us-staffing-and-recruiting/

https://bz.apache.org/bugzilla/show_bug.cgi?id=69783 olivia changed: What|Removed |Added CC||oliviabennett0...@gmail.com --- Comment #1

[Bug 69783] New: https://pacexgrowth.com/us-staffing-and-recruiting/

https://bz.apache.org/bugzilla/show_bug.cgi?id=69783 Bug ID: 69783 Summary: https://pacexgrowth.com/us-staffing-and-recruiting/ Product: Tomcat Native Version: unspecified Hardware: PC OS: Windows XP Status: NEW

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #3 from Aaron Ogburn --- (In reply to Aaron Ogburn from comment #2) > https://github.com/apache/tomcat/pull/882 is an example with sessionid > specific read/write locks that addresses this in my tests. Note this fix does a s

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #2 from Aaron Ogburn --- https://github.com/apache/tomcat/pull/882 is an example with sessionid specific read/write locks that addresses this in my tests. -- You are receiving this mail because: You are the assignee for the bug

[Bug 69781] FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 --- Comment #1 from Aaron Ogburn --- Created attachment 40082 --> https://bz.apache.org/bugzilla/attachment.cgi?id=40082&action=edit bz-69781-reproducer.zip -- You are receiving this mail because: You are the assignee for

[Bug 69781] New: FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session

https://bz.apache.org/bugzilla/show_bug.cgi?id=69781 Bug ID: 69781 Summary: FileStore used with PersistentValve can cause EOFException during session expiration checks and dropped session Product: Tomcat 10

[Bug 69780] SPAM SPAM SPAM SPAM

https://bz.apache.org/bugzilla/show_bug.cgi?id=69780 Chuck Caldarale changed: What|Removed |Added Status|NEW |RESOLVED Severity|blocker

[Bug 69780] New: Assignee

https://bz.apache.org/bugzilla/show_bug.cgi?id=69780 Bug ID: 69780 Summary: Assignee Product: Tomcat Native Version: unspecified Hardware: Other OS: All Status: NEW Severity: blocker Priority

[Bug 69778] Travelsmart24 Group of Company

https://bz.apache.org/bugzilla/show_bug.cgi?id=69778 travelsmart24 group changed: What|Removed |Added OS|All |Windows 10 -- You are

[Bug 69778] Travelsmart24 Group of Company

https://bz.apache.org/bugzilla/show_bug.cgi?id=69778 travelsmart24 group changed: What|Removed |Added URL||https://travelsmart24.org

[Bug 69778] New: Travelsmart24 Group of Company

https://bz.apache.org/bugzilla/show_bug.cgi?id=69778 Bug ID: 69778 Summary: Travelsmart24 Group of Company Product: Tomcat Native Version: 2.0.8 Hardware: PC Status: NEW Severity: normal Priority: P2

[Bug 69770] ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 Mark Thomas changed: What|Removed |Added Severity|critical|major --- Comment #2 from Mark Thomas

[Bug 56148] support (multiple) ocsp stapling

https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #26 from Christopher Schultz --- (In reply to logo from comment #25) > Indeed I use CRL to check client certs. > > And so far I have only the "old" CRL functionality provided by openssl. So it sounds like you

[Bug 56148] support (multiple) ocsp stapling

https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #25 from logo --- Indeed I use CRL to check client certs. And so far I have only the "old" CRL functionality provided by openssl. -- You are receiving this mail because: You are the assignee f

[Bug 69770] ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 Matafagafo changed: What|Removed |Added CC||matafag...@gmail.com -- You are

[Bug 69770] ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Mark

[Bug 69713] HTTP/2 DATA frame with padding cause error when HEADERS contains content-length field.

https://bz.apache.org/bugzilla/show_bug.cgi?id=69713 --- Comment #7 from Nirbhay --- I have raised this bug https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 -- You are receiving this mail because: You are the assignee for the bug

[Bug 69770] New: ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69770 Bug ID: 69770 Summary: ERR_HTTP2_PROTOCOL_ERROR regression in Tomcat 10.1.43 (similar to fixed Bug 69320) Product: Tomcat 10 Version: 10.1.43 Hardware: All

[Bug 69766] SPAM SPAM SPAM SPAM

https://bz.apache.org/bugzilla/show_bug.cgi?id=69766 Chuck Caldarale changed: What|Removed |Added Summary|Acceligize B2B |SPAM SPAM SPAM SPAM

[Bug 69766] Acceligize B2B

https://bz.apache.org/bugzilla/show_bug.cgi?id=69766 akash.pan...@acceligize.in changed: What|Removed |Added OS||All --- Comment #1 from

[Bug 69766] New: Acceligize B2B

https://bz.apache.org/bugzilla/show_bug.cgi?id=69766 Bug ID: 69766 Summary: Acceligize B2B Product: Tomcat Native Version: 2.0.7 Hardware: PC Status: NEW Severity: normal Priority: P2 Component

[Bug 69713] HTTP/2 DATA frame with padding cause error when HEADERS contains content-length field.

https://bz.apache.org/bugzilla/show_bug.cgi?id=69713 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution

[Bug 69713] HTTP/2 DATA frame with padding cause error when HEADERS contains content-length field.

https://bz.apache.org/bugzilla/show_bug.cgi?id=69713 Nirbhay changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED

[Bug 69765] SPAM SPAM SPAM SPAM

https://bz.apache.org/bugzilla/show_bug.cgi?id=69765 Chuck Caldarale changed: What|Removed |Added Resolution|--- |INVALID OS

[Bug 69765] x

https://bz.apache.org/bugzilla/show_bug.cgi?id=69765 --- Comment #2 from Chuck Caldarale --- The content of attachment 40078 has been deleted for the following reason: Spam -- You are receiving this mail because: You are the assignee for the bug

[Bug 69765] x

https://bz.apache.org/bugzilla/show_bug.cgi?id=69765 --- Comment #1 from exploit --- Comment on attachment 40078 --> https://bz.apache.org/bugzilla/attachment.cgi?id=40078 x ESX -- You are receiving this mail because: You are the assignee for the

[Bug 69765] New: x

https://bz.apache.org/bugzilla/show_bug.cgi?id=69765 Bug ID: 69765 Summary: x Product: Tomcat Connectors Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2 Component

[Bug 69762] Integer overflow in HPACK integer decoding

https://bz.apache.org/bugzilla/show_bug.cgi?id=69762 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 69762] Integer overflow in HPACK integer decoding

https://bz.apache.org/bugzilla/show_bug.cgi?id=69762 --- Comment #1 from Mark Thomas --- Please don't report potential security issues to the public bug tracker. Instructions for correctly reporting security vulnerabilities can be found at: https://tomcat.apache.org/security.html The T

[Bug 69762] Integer overflow in HPACK integer decoding

https://bz.apache.org/bugzilla/show_bug.cgi?id=69762 Jeppe Weikop changed: What|Removed |Added Priority|P2 |P3 Severity|normal

[Bug 69762] New: Integer overflow in HPACK integer decoding

https://bz.apache.org/bugzilla/show_bug.cgi?id=69762 Bug ID: 69762 Summary: Integer overflow in HPACK integer decoding Product: Tomcat 9 Version: 9.0.107 Hardware: PC OS: Linux Status: NEW Severity

[Bug 69167] Is tomcat10.1 impacted with these vulnerabilities (CVE-2024-5535, CVE-2024-4603, CVE-2024-2511)

https://bz.apache.org/bugzilla/show_bug.cgi?id=69167 --- Comment #2 from Mariah Carey --- (In reply to Mark Thomas from comment #1) > Bugzilla is not a support forum. Please direct you question to the Tomcat > users mailing list. > > https://yoplay.io https://tomcat.apache.org/lists

[Bug 56148] support (multiple) ocsp stapling

https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #24 from Christopher Schultz --- (In reply to logo from comment #22) > @Chris: while this may be true for LE, I haven't read anything about > terminating OCSP in browsers or any other CA. In July 2023, the CAB forum

[Bug 69504] CoyoteAdapter recycle request/response objects in "log()" method even if they are came from outside.

https://bz.apache.org/bugzilla/show_bug.cgi?id=69504 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution

[Bug 69665] getRequestURI() mutates MessageBytes state

https://bz.apache.org/bugzilla/show_bug.cgi?id=69665 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution

[Bug 56148] support (multiple) ocsp stapling

https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #23 from logo --- Oh, i just recognized that for client certs I do need the CRLs anyway as there is no OCSP for client auth. -- You are receiving this mail because: You are the assignee for the bug

[Bug 56148] support (multiple) ocsp stapling

https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #22 from logo --- @Chris: while this may be true for LE, I haven't read anything about terminating OCSP in browsers or any other CA. For myself I use OCSP for my internal CA (SmallStep) and I'm far more comfortable with

[Bug 69758] java.lang.NullPointerException

https://bz.apache.org/bugzilla/show_bug.cgi?id=69758 Remy Maucherat changed: What|Removed |Added Resolution|--- |INVALID Status|NEEDINFO

[Bug 69758] java.lang.NullPointerException

https://bz.apache.org/bugzilla/show_bug.cgi?id=69758 --- Comment #2 from Min Li <15135113...@163.com> --- Thanks for your kindly reply.I found this issue caused by the code written by one of my colleague. I has fixed it.Thanks for your reply again. -- You are receiving this mail becaus

[Bug 69758] java.lang.NullPointerException

https://bz.apache.org/bugzilla/show_bug.cgi?id=69758 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Mark

[Bug 69758] New: java.lang.NullPointerException

https://bz.apache.org/bugzilla/show_bug.cgi?id=69758 Bug ID: 69758 Summary: java.lang.NullPointerException Product: Tomcat 9 Version: 9.0.83 Hardware: PC OS: Linux Status: NEW Severity: normal

[Bug 69752] HOST appBase = "" accepted as valid option

https://bz.apache.org/bugzilla/show_bug.cgi?id=69752 --- Comment #8 from Christopher Schultz --- (In reply to Mark Thomas from comment #6) > (In reply to Christopher Schultz from comment #5) > > > This seems like a reasonable "secure by default" hardening maneuver. > &

[Bug 69752] HOST appBase = "" accepted as valid option

https://bz.apache.org/bugzilla/show_bug.cgi?id=69752 --- Comment #7 from Don't show my email --- To make my POV clear: This is foolish, but an expression of will: appBase="/usr/java/apache-tomcat-9.0.106/conf" appBase="/usr/java/apache-tomcat-9.0.106/" appBase=&qu

[Bug 69752] HOST appBase = "" accepted as valid option

https://bz.apache.org/bugzilla/show_bug.cgi?id=69752 --- Comment #6 from Mark Thomas --- (In reply to Christopher Schultz from comment #5) > This seems like a reasonable "secure by default" hardening maneuver. Tomcat is already secure by default in this case. The default is &q

[Bug 69752] HOST appBase = "" accepted as valid option

https://bz.apache.org/bugzilla/show_bug.cgi?id=69752 --- Comment #5 from Christopher Schultz --- (In reply to Mark Thomas from comment #2) > I might be persuaded to support logging a waring if appBase == $CATALINA_BASE I would highly recommend that we should do this. It's almost unt

[Bug 69748] keep-alive value is not being honoured in async servlet

https://bz.apache.org/bugzilla/show_bug.cgi?id=69748 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution

  1   2   3   4   5   6   7   8   9   10   >