[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 --- Comment #4 from Nick Williams --- Excellent! Thanks! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 --- Comment #2 from Mark Thomas --- Using Tomcat via web start is so far away from normal usage I view this as an enhancement. The patch may be trivial but I think some time needs to be spent thinking about the security aspects of this cha

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 --- Comment #1 from Nick Williams --- I disagree with categorizing this as an enhancement. I believe this is a major bug. The facts are very simple: In an environment in which Tomcat otherwise runs without issue, JAR scanning incorrectly ex

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Mark Thomas changed: What|Removed |Added Severity|major |enhancement -- You are receiving th

Re: JarScanning

On Mar 29, 2013, at 12:57 PM, Konstantin Kolinko wrote: > 2013/3/29 Nick Williams : >> >> >> (..) Note that Log4j2 is going to have a log4j-taglib artifact that >> (naturally) will have a TLD in its META-INF. Since Tomcat by default >> excludes log4j*.jar, that has to be removed from catalina

Re: JarScanning

2013/3/29 Nick Williams : > > > (..) Note that Log4j2 is going to have a log4j-taglib artifact that > (naturally) will have a TLD in its META-INF. Since Tomcat by default excludes > log4j*.jar, that has to be removed from catalina.properties in order to make > it work. It would be great for Tomc

Re: JarScanning

On Feb 26, 2013, at 11:21 AM, Christopher Schultz wrote: > Mark, > > On 2/21/13 8:34 AM, Mark Thomas wrote: >> JRE JARs. >> I think scanning of these should be made optional and disabled by >> default. This will reduce the list of JARs we have to maintain in >> jarsToSkip. I intend to implement

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Nick Williams changed: What|Removed |Added Attachment #30097|0 |1 is patch|

[Bug 54745] New: Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Bug ID: 54745 Summary: Tomcat JarScanning does not work when Tomcat started with Java Web Start Product: Tomcat 8 Version: trunk Hardware: All OS

Re: JarScanning

Mark, On 2/21/13 8:34 AM, Mark Thomas wrote: > JRE JARs. > I think scanning of these should be made optional and disabled by > default. This will reduce the list of JARs we have to maintain in > jarsToSkip. I intend to implement this unless there are any objections. +1 Will you be checking the C

Re: JarScanning

2013/2/21 Mark Thomas : > An issue at work prompted me to take another look at this thread: > http://markmail.org/thread/qanw2psjsx32feek > > There are some useful things there that I think it is worth following up on. > >(..) > > jarsToScan > This is a little more complicated. > First of all, how

Re: JarScanning

the settings that only apply to an application and don't apply globally should be in a separate file, not in /META-INF/context.xml. Like I said, just my $0.02. [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52924 > > > > 2013/2/21 Caldarale, Charles R > &

Re: JarScanning

On 21.02.2013 17:34, Mark Thomas wrote: > An issue at work prompted me to take another look at this thread: > http://markmail.org/thread/qanw2psjsx32feek > > There are some useful things there that I think it is worth following up on. > > JRE JARs. > I think scanning of these should be made optio

RE: JarScanning

> From: Mark Thomas [mailto:ma...@apache.org] > Subject: Re: JarScanning > > From the above, it looks like the only purpose of jarsToScan is to > > avoid checking the jarsToSkip list. Unless such checking is > > expensive, this seems like an unnecessary complication.

Re: JarScanning

On 21/02/2013 16:39, Caldarale, Charles R wrote: >> From: Mark Thomas [mailto:ma...@apache.org] Subject: JarScanning > >> jarsToScan This is a little more complicated. First of all, how >> does it work? The suggestion is: - If jarsToScan matches, scan it - >> else if

Re: JarScanning

tter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2013/2/21 Caldarale, Charles R > > From: Mark Thomas [mailto:ma...@apache.org] &

RE: JarScanning

> From: Mark Thomas [mailto:ma...@apache.org] > Subject: JarScanning > jarsToScan > This is a little more complicated. > First of all, how does it work? The suggestion is: > - If jarsToScan matches, scan it > - else if jarsToSkip matches, skip it > - else scan it >Fr

JarScanning

An issue at work prompted me to take another look at this thread: http://markmail.org/thread/qanw2psjsx32feek There are some useful things there that I think it is worth following up on. JRE JARs. I think scanning of these should be made optional and disabled by default. This will reduce the list