Re: [VOTE] Releasing Tomcat Connectors 1.2.26

Good work! Apache Tomcat Connectors 1.2.26 is: [x ] Stable - no major issues, no regressions [ ] Beta - at least one significant issue -- tell us what it is [ ] Alpha - multiple significant issues -- tell us what they are Merry Christmas Peter Am 21.12.2007 um 19:41 schrieb Rainer Jung:

svn commit: r606594 - /tomcat/trunk/conf/catalina.policy

Author: markt Date: Sun Dec 23 11:22:18 2007 New Revision: 606594 URL: http://svn.apache.org/viewvc?rev=606594&view=rev Log: Fix CVE-2007-5342. Limit JULI privs to just those required to prevent per web-app configurations having too many privs. Modified: tomcat/trunk/conf/catalina.policy Mo

svn commit: r606595 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt Date: Sun Dec 23 11:24:42 2007 New Revision: 606595 URL: http://svn.apache.org/viewvc?rev=606595&view=rev Log: Propose fix for CVE-2007-5342 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/tru

svn commit: r606596 - /tomcat/current/tc5.5.x/STATUS.txt

Author: markt Date: Sun Dec 23 11:24:55 2007 New Revision: 606596 URL: http://svn.apache.org/viewvc?rev=606596&view=rev Log: Propose fix for CVE-2007-5342 Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current

[CVE-2007-5342] Apache Tomcat's default security policy is too open

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-5342: Tomcat's default security policy is too open Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.9 to 5.5.25 Tomcat 6.0.0 to 6.0.15 Description: The JULI logging component allows web applications to pro

svn commit: r606598 - /tomcat/site/trunk/build.xml

Author: markt Date: Sun Dec 23 11:29:02 2007 New Revision: 606598 URL: http://svn.apache.org/viewvc?rev=606598&view=rev Log: Update the build script now the FAQ is on the wiki. Modified: tomcat/site/trunk/build.xml Modified: tomcat/site/trunk/build.xml URL: http://svn.apache.org/viewvc/tomc

svn commit: r606599 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

Author: markt Date: Sun Dec 23 11:31:11 2007 New Revision: 606599 URL: http://svn.apache.org/viewvc?rev=606599&view=rev Log: Add info for CVE-2007-5342 Modified: tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-5.xml to

svn commit: r606605 - in /tomcat/tc6.0.x/trunk: STATUS.txt webapps/docs/changelog.xml webapps/docs/config/context.xml

Author: markt Date: Sun Dec 23 12:04:45 2007 New Revision: 606605 URL: http://svn.apache.org/viewvc?rev=606605&view=rev Log: Fix bug 44094. Add note about side effects of privileged. Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml tomcat/tc6.0

DO NOT REPLY [Bug 44094] - privileged="true" causes ClassNotFound from shared\lib

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606606 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/core/ApplicationContext.java webapps/docs/changelog.xml

Author: markt Date: Sun Dec 23 12:09:23 2007 New Revision: 606606 URL: http://svn.apache.org/viewvc?rev=606606&view=rev Log: Fix bug 43241. Make ServletContext.getResourceAsStream() spec compliant Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/core

DO NOT REPLY [Bug 43241] - ServletContext.getResourceAsStream() does not follow API specs for Path

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606610 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/connector/Response.java webapps/docs/changelog.xml

Author: markt Date: Sun Dec 23 12:16:08 2007 New Revision: 606610 URL: http://svn.apache.org/viewvc?rev=606610&view=rev Log: Fix bug 43236. After resetting the response, allow the character set to be changed. Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/

DO NOT REPLY [Bug 43236] - Response.setCharacterEncoding() fails after Response.getWriter() and Response.reset()

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606612 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt Date: Sun Dec 23 12:25:00 2007 New Revision: 606612 URL: http://svn.apache.org/viewvc?rev=606612&view=rev Log: Add my vote. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev

svn commit: r606613 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

Author: markt Date: Sun Dec 23 12:48:49 2007 New Revision: 606613 URL: http://svn.apache.org/viewvc?rev=606613&view=rev Log: Align wording. Make it clear some (actually one) issue will not be fixed. Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/xdocs/security-4.xml M

DO NOT REPLY [Bug 44087] - tomcat-native-1.1.10 duplicate requests on tcp connection

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44117] - ProxyPass in Apache http server wipes session data

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606619 - /tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java

Author: markt Date: Sun Dec 23 13:32:23 2007 New Revision: 606619 URL: http://svn.apache.org/viewvc?rev=606619&view=rev Log: Tab police - a minor infraction ;) Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASRealm

svn commit: r606621 - /tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java

Author: markt Date: Sun Dec 23 13:55:38 2007 New Revision: 606621 URL: http://svn.apache.org/viewvc?rev=606621&view=rev Log: Fix 44084 with a patch provided by Noah Levitt. I also made a few additional fixes to line lengths etc. Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASRealm

svn commit: r606622 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt Date: Sun Dec 23 13:57:45 2007 New Revision: 606622 URL: http://svn.apache.org/viewvc?rev=606622&view=rev Log: Propose fix for 44084 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATU

svn commit: r606623 - /tomcat/current/tc5.5.x/STATUS.txt

Author: markt Date: Sun Dec 23 13:57:51 2007 New Revision: 606623 URL: http://svn.apache.org/viewvc?rev=606623&view=rev Log: Propose fix for 44084 Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x

DO NOT REPLY [Bug 44084] - JAASRealm useContextClassLoader has problems

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606624 - /tomcat/connectors/trunk/jni/CHANGELOG.txt

Author: markt Date: Sun Dec 23 14:00:52 2007 New Revision: 606624 URL: http://svn.apache.org/viewvc?rev=606624&view=rev Log: Set standard properties Modified: tomcat/connectors/trunk/jni/CHANGELOG.txt (props changed) Propchange: tomcat/connectors/trunk/jni/CHANGELOG.txt ---

svn commit: r606630 - /tomcat/connectors/trunk/jni/jnirelease.sh

Author: markt Date: Sun Dec 23 14:42:31 2007 New Revision: 606630 URL: http://svn.apache.org/viewvc?rev=606630&view=rev Log: Fix 44131. Include change log in dist. Patch by Ville Skyttä. Modified: tomcat/connectors/trunk/jni/jnirelease.sh Modified: tomcat/connectors/trunk/jni/jnirelease.sh U

DO NOT REPLY [Bug 44131] - [PATCH] Include CHANGELOG.txt in tomcat-native distributables

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44122] - Windows startup script problem

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44096] - Find invalid session object.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606633 - /tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java

Author: markt Date: Sun Dec 23 15:07:48 2007 New Revision: 606633 URL: http://svn.apache.org/viewvc?rev=606633&view=rev Log: Fix bug 44088. Expire button didn't work. Patch by Ben Short. Modified: tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Modified: tomcat/trunk/ja

svn commit: r606634 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt Date: Sun Dec 23 15:09:08 2007 New Revision: 606634 URL: http://svn.apache.org/viewvc?rev=606634&view=rev Log: Propose fix for 44088 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATU

DO NOT REPLY [Bug 44088] - Cannot expire session via html manager webapp

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44086] - Bad errror reporting for abstract class as servlet

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44040] - reproducible failure in TC 6.0.14 logging

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44017] - if an inesting host is mentioned in server.xml, warn!

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 44096] - Find invalid session object.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r606649 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: funkman Date: Sun Dec 23 17:21:10 2007 New Revision: 606649 URL: http://svn.apache.org/viewvc?rev=606649&view=rev Log: votes Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=6066

DO NOT REPLY [Bug 44122] - Windows startup script problem

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Denis LULLIER/Paris est absent(e).

Je serai absent(e) du 24/12/2007 au 31/12/2007. Je répondrai à votre message dès mon retour. En cas d'urgence, vous pouvez contacter Christine DUHAU

Bug report for Tomcat 3 [2007/12/23]

+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Watchdog [2007/12/23]

+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 5 [2007/12/23]

+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 4 [2007/12/23]

+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned