DO NOT REPLY [Bug 45516] All Tomcat http threads stuck in java.net.SocketOutputStream.socketWrite0(Native Method)

https://issues.apache.org/bugzilla/show_bug.cgi?id=45516 --- Comment #1 from Ville Hartikainen <[EMAIL PROTECTED]> 2008-08-01 00:52:56 PST --- Version information of used JDK and Tomcat, as reported by "catalina.sh version" -- Using JRE_HOME: /usr/java/jdk1.5.0_13/ Serv

When will release 6.0.18 be published to maven?

When will release 6.0.18 be published to the maven repositories? Thanks, -Rob

svn commit: r681699 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

Author: markt Date: Fri Aug 1 07:05:44 2008 New Revision: 681699 URL: http://svn.apache.org/viewvc?rev=681699&view=rev Log: Update security pages. Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat

[CVE-2008-1232] Apache Tomcat XSS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-1232: Apache Tomcat XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be

[CVE-2008-2370] Apache Tomcat information disclosure vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x a

DO NOT REPLY [Bug 45516] All Tomcat http threads stuck in java.net.SocketOutputStream.socketWrite0(Native Method)

https://issues.apache.org/bugzilla/show_bug.cgi?id=45516 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED

DO NOT REPLY [Bug 45523] New: Setting outputBuffer in Connector has no effect

https://issues.apache.org/bugzilla/show_bug.cgi?id=45523 Summary: Setting outputBuffer in Connector has no effect Product: Tomcat 6 Version: 6.0.13 Platform: PC OS/Version: Windows Vista Status: NEW Severity: normal

DO NOT REPLY [Bug 45523] Setting outputBuffer in Connector has no effect

https://issues.apache.org/bugzilla/show_bug.cgi?id=45523 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED

svn commit: r681735 - /tomcat/trunk/java/org/apache/el/parser/ELParser.jjt

Author: markt Date: Fri Aug 1 09:05:47 2008 New Revision: 681735 URL: http://svn.apache.org/viewvc?rev=681735&view=rev Log: Revert fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=42565 since it caused https://issues.apache.org/bugzilla/show_bug.cgi?id=45511 A better fix for 42565 will

svn commit: r681736 - /tomcat/trunk/java/org/apache/el/parser/ELParser.jjt

Author: markt Date: Fri Aug 1 09:11:14 2008 New Revision: 681736 URL: http://svn.apache.org/viewvc?rev=681736&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42565 This patch: - limits the regexp for namespace to what is in the spec - removes the namespace token since the m

svn commit: r681737 - in /tomcat/trunk/java/org/apache/el/parser: ELParser.java ELParserConstants.java ELParserTokenManager.java

Author: markt Date: Fri Aug 1 09:20:14 2008 New Revision: 681737 URL: http://svn.apache.org/viewvc?rev=681737&view=rev Log: Update auto-generated code after recent jjt changes. Modified: tomcat/trunk/java/org/apache/el/parser/ELParser.java tomcat/trunk/java/org/apache/el/parser/ELParserC

svn commit: r681738 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt Date: Fri Aug 1 09:21:20 2008 New Revision: 681738 URL: http://svn.apache.org/viewvc?rev=681738&view=rev Log: Propose fix for 45511 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATU

DO NOT REPLY [Bug 45511] EL "empty" keyword does not work

https://issues.apache.org/bugzilla/show_bug.cgi?id=45511 --- Comment #2 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-01 09:21:06 PST --- I have applied a fix to trunk and proposed the fix for 6.0.x. My testing shows no issues with the new fix but additional testing is always welcome. -- C

DO NOT REPLY [Bug 45523] Setting outputBuffer in Connector has no effect

https://issues.apache.org/bugzilla/show_bug.cgi?id=45523 --- Comment #2 from Timo Kinnunen <[EMAIL PROTECTED]> 2008-08-01 09:59:55 PST --- Thanks, for posterity, the correct answer seems to be to do response.setBufferSize(128000); first thing in the Filter. Also, may I respectfully su

Re: svn commit: r681738 - /tomcat/tc6.0.x/trunk/STATUS.txt

[EMAIL PROTECTED] wrote: Author: markt Date: Fri Aug 1 09:21:20 2008 New Revision: 681738 URL: http://svn.apache.org/viewvc?rev=681738&view=rev Log: Propose fix for 45511 Just a heads-up. I am having new EL difficulties that could be related to this fix. I may be updating it / withdrawing it

svn commit: r681789 - /tomcat/trunk/java/org/apache/el/parser/ELParser.jjt

Author: markt Date: Fri Aug 1 12:23:25 2008 New Revision: 681789 URL: http://svn.apache.org/viewvc?rev=681789&view=rev Log: Needed to look ahead one more token to differentiate between a function call and an identifier. Modified: tomcat/trunk/java/org/apache/el/parser/ELParser.jjt Modified

svn commit: r681792 - /tomcat/trunk/java/org/apache/el/parser/ELParser.java

Author: markt Date: Fri Aug 1 12:25:41 2008 New Revision: 681792 URL: http://svn.apache.org/viewvc?rev=681792&view=rev Log: The surprisingly small update to the auto generate code to go with the update to the jjtree file Modified: tomcat/trunk/java/org/apache/el/parser/ELParser.java Modifi

Re: [CVE-2008-2370] Apache Tomcat information disclosure vulnerability

Mark Thomas wrote: Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locati