DO NOT REPLY [Bug 47893] New: Use StringBuilder instead of StringBuffer

https://issues.apache.org/bugzilla/show_bug.cgi?id=47893 Summary: Use StringBuilder instead of StringBuffer Product: Tomcat 6 Version: unspecified Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority

DO NOT REPLY [Bug 47467] Deployment of the war file by URL when contextpath is not specified in Manager Application.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47467 Uwe Günther changed: What|Removed |Added Platform|PC |All OS/Version|Windows XP

DO NOT REPLY [Bug 47796] StandardContext's annotationProcessor field gets cached between webapp start/stop cycles

https://issues.apache.org/bugzilla/show_bug.cgi?id=47796 Uwe Günther changed: What|Removed |Added CC||u...@cscc.de -- Configure bugmail:

DO NOT REPLY [Bug 47467] Deployment of the war file by URL when contextpath is not specified in Manager Application.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47467 Uwe Günther changed: What|Removed |Added CC||u...@cscc.de -- Configure bugmail:

DO NOT REPLY [Bug 47796] StandardContext's annotationProcessor field gets cached between webapp start/stop cycles

https://issues.apache.org/bugzilla/show_bug.cgi?id=47796 Uwe Günther changed: What|Removed |Added CC|u...@cscc.de | -- Configure bugmail: https://iss

svn commit: r818040 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: rjung Date: Wed Sep 23 10:28:29 2009 New Revision: 818040 URL: http://svn.apache.org/viewvc?rev=818040&view=rev Log: Vote and comment. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.tx

svn commit: r818041 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: rjung Date: Wed Sep 23 10:30:34 2009 New Revision: 818041 URL: http://svn.apache.org/viewvc?rev=818041&view=rev Log: Add comment. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev

svn commit: r818043 - /tomcat/tc5.5.x/trunk/STATUS.txt

Author: rjung Date: Wed Sep 23 10:34:09 2009 New Revision: 818043 URL: http://svn.apache.org/viewvc?rev=818043&view=rev Log: Vote. Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=818043

Re: svn commit: r818040 - /tomcat/tc6.0.x/trunk/STATUS.txt

rj...@apache.org wrote: > * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47267 >http://svn.apache.org/viewvc?rev=817822&view=rev >+1: markt >-1: > + rjung: Our dreaded multi platform build system is a bit fragile > + w.r.t. fixcrlf. If you change the file to crlf in the ins

Re: svn commit: r818040 - /tomcat/tc6.0.x/trunk/STATUS.txt

On 23.09.2009 13:12, Mark Thomas wrote: > rj...@apache.org wrote: >> * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47267 >>http://svn.apache.org/viewvc?rev=817822&view=rev >>+1: markt >>-1: >> + rjung: Our dreaded multi platform build system is a bit fragile >> + w.r.t. fi

svn commit: r818061 - in /tomcat/tc5.5.x/trunk: ./ container/modules/cluster/src/share/org/apache/catalina/cluster/session/ container/webapps/docs/

Author: rjung Date: Wed Sep 23 11:24:22 2009 New Revision: 818061 URL: http://svn.apache.org/viewvc?rev=818061&view=rev Log: DeltaManager needs to replicate changed attributes even if session gets invalidated. Otherwise session listeners will not see the right data on the secondary nodes. Ported

svn commit: r818062 - in /tomcat/trunk/java/org/apache/catalina/ha/session: DeltaManager.java DeltaSession.java

Author: rjung Date: Wed Sep 23 11:28:14 2009 New Revision: 818062 URL: http://svn.apache.org/viewvc?rev=818062&view=rev Log: DeltaManager needs to replicate changed attributes even if session gets invalidated. Otherwise session listeners will not see the right data on the secondary nodes. Port of

svn commit: r818068 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: rjung Date: Wed Sep 23 12:00:46 2009 New Revision: 818068 URL: http://svn.apache.org/viewvc?rev=818068&view=rev Log: Proposal. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=81

Port r818062 to BackupManager?

Hi Filip, I think the below needs some kind of port to the BackupManager. Ideas? Regards, Rainer On 23.09.2009 13:28, rj...@apache.org wrote: > Author: rjung > Date: Wed Sep 23 11:28:14 2009 > New Revision: 818062 > > URL: http://svn.apache.org/viewvc?rev=818062&view=rev > Log: > DeltaManager

svn commit: r818074 - /tomcat/tc5.5.x/trunk/STATUS.txt

Author: rjung Date: Wed Sep 23 12:23:51 2009 New Revision: 818074 URL: http://svn.apache.org/viewvc?rev=818074&view=rev Log: Add proposal. Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?re

Re: svn commit: r818040 - /tomcat/tc6.0.x/trunk/STATUS.txt

Rainer Jung wrote: > On 23.09.2009 13:12, Mark Thomas wrote: >> rj...@apache.org wrote: >>> * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47267 >>>http://svn.apache.org/viewvc?rev=817822&view=rev >>>+1: markt >>>-1: >>> + rjung: Our dreaded multi platform build system is a

Re: svn commit: r818040 - /tomcat/tc6.0.x/trunk/STATUS.txt

On 23/09/2009, Mark Thomas wrote: > Rainer Jung wrote: > > On 23.09.2009 13:12, Mark Thomas wrote: > >> rj...@apache.org wrote: > >>> * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47267 > >>>http://svn.apache.org/viewvc?rev=817822&view=rev > >>>+1: markt > >>>-1: > >

Re: Port r818062 to BackupManager?

hi Rainer, DeltaManager needs to replicate changed attributes even if session gets invalidated. Otherwise session listeners will not see the right data on the secondary nodes. This is an interesting use case indeed. The fact that we would replicate changes on an invalidated session sounds awk

DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks

https://issues.apache.org/bugzilla/show_bug.cgi?id=45255 --- Comment #16 from Rejeev Divakaran 2009-09-23 09:47:24 PDT --- I think we have mis-understood Session fixation. disabling URL re-write will not solve session fixation. Please refer to http://www.owasp.org/index.php/Session_Fixation an

DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks

https://issues.apache.org/bugzilla/show_bug.cgi?id=45255 Rejeev Divakaran changed: What|Removed |Added CC||rej...@gmail.com -- Configure

DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks

https://issues.apache.org/bugzilla/show_bug.cgi?id=45255 --- Comment #17 from Mark Thomas 2009-09-23 18:20:36 BST --- Actually, preventing the use of the session ID in the URL goes a long way to preventing session fixation as it blocks the most easily exploited attack vectors. There would remain

Re: Port r818062 to BackupManager?

On 23.09.2009 16:17, Filip Hanik - Dev Lists wrote: > hi Rainer, > >> DeltaManager needs to replicate changed attributes even if session >> gets invalidated. Otherwise session listeners will not see the right >> data on the secondary nodes. > > This is an interesting use case indeed. The fact tha

Bypassing tomcat basic authentication

Is there a way to by pass tomcat authentication. We have an application that has BASIC authentication. But if the incoming URL has parameter say 'apikey' then we do not want tomcat to authenticate and instead perform our own authenticatin. Thanks. -- View this message in context: http://www.nab

[Tomcat Wiki] Update of "PoweredBy" by jasonzou

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "PoweredBy" page has been changed by jasonzou: http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=198&rev2=199 {{http://nexcess.net/banners/nexcess_468x60_1.gif}} [[http:/

Re: Bypassing tomcat basic authentication

cuccigucci wrote: > Is there a way to by pass tomcat authentication. > We have an application that has BASIC authentication. > But if the incoming URL has parameter say 'apikey' then we do not want > tomcat to authenticate and instead perform our own authenticatin. That would be a question for the