https://issues.apache.org/bugzilla/show_bug.cgi?id=48358
--- Comment #13 from Christian Brandel 2010-11-22 04:58:13
EST ---
Excellent, Rainer!
Excuse my ignorance, if this is somehow obvious from the patch itself (this'll
be my first patch): Against which version can this be applied? 6.0.29? 6.
Author: markt
Date: Mon Nov 22 10:16:37 2010
New Revision: 1037658
URL: http://svn.apache.org/viewvc?rev=1037658&view=rev
Log:
Fix ordering functionality for Manager app
Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Modified: tomcat/trunk/java/org/apache/cat
Author: markt
Date: Mon Nov 22 10:18:17 2010
New Revision: 1037659
URL: http://svn.apache.org/viewvc?rev=1037659&view=rev
Log:
Simplify escapeXml(Object)
Modified:
tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
Modified: tomcat/trunk/java/org/apache/catalina/manager/JspHelper.j
Author: markt
Date: Mon Nov 22 10:30:05 2010
New Revision: 1037661
URL: http://svn.apache.org/viewvc?rev=1037661&view=rev
Log:
Fix primary sessions not always treated as such by Manager app.
Modified:
tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
Modified: tomcat/trunk/webapps/m
Author: markt
Date: Mon Nov 22 10:32:12 2010
New Revision: 1037663
URL: http://svn.apache.org/viewvc?rev=1037663&view=rev
Log:
Fix manager app - attribute removed message was not being displayed
Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Modified: tomcat/
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312
Summary: Unable to start Tomcat6.0.18 after stopping, in
Solaris OS
Product: Tomcat 6
Version: 6.0.18
Platform: Sun
OS/Version: Solaris
Status: NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
Author: markt
Date: Mon Nov 22 11:05:28 2010
New Revision: 1037669
URL: http://svn.apache.org/viewvc?rev=1037669&view=rev
Log:
Add recent HTML manager app fixes
Modified:
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/vie
Author: markt
Date: Mon Nov 22 11:41:34 2010
New Revision: 1037677
URL: http://svn.apache.org/viewvc?rev=1037677&view=rev
Log:
Ensure MBean names are correct generated for version ROOT web applications.
Fix ContextResource case that was using old path=... rather than new context=...
Modified:
Author: markt
Date: Mon Nov 22 11:45:57 2010
New Revision: 1037681
URL: http://svn.apache.org/viewvc?rev=1037681&view=rev
Log:
Use correct MBean name for Mangers
Fix Eclipse niggle
Modified:
tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
Modified: tomcat/trunk/java/org/
Author: markt
Date: Mon Nov 22 11:46:46 2010
New Revision: 1037682
URL: http://svn.apache.org/viewvc?rev=1037682&view=rev
Log:
Update docs to new MBean names
Modified:
tomcat/trunk/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java
tomcat/trunk/java/org/apache/catalina/ant/jmx/JM
Author: markt
Date: Mon Nov 22 11:49:05 2010
New Revision: 1037683
URL: http://svn.apache.org/viewvc?rev=1037683&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50310
Ensure Servlet info is displayed in Manager application
Modified:
tomcat/trunk/java/org/apache/catalina/c
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312
chaitanyas...@gmail.com changed:
What|Removed |Added
Status|RESOLVED|REOPENED
https://issues.apache.org/bugzilla/show_bug.cgi?id=50310
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=50312
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|
See Commons Jexl 2.0 for an example.
On 21 November 2010 02:26, Jeremy Boynes wrote:
> Can we generate these during the build rather than checking in the generated
> source?
>
> On Nov 20, 2010, at 4:18 PM, kkoli...@apache.org wrote:
>
>> Author: kkolinko
>> Date: Sun Nov 21 00:18:14 2010
>> New
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
--- Comment #7 from Michael Osipov <1983-01...@gmx.net> 2010-11-22 07:40:03 EST
---
Mark,
now I get this:
INFO: Pausing Coyote HTTP/1.1 on http-8443
22.11.2010 13:30:21 org.apache.tomcat.util.net.AprEndpoint$Acceptor run
WARNUNG: Socket a
Hi, all!
The file /webapps/ROOT/border-radius.htc
in the current trunk does not have the ASL header, nor any other
explicit license.
I think that the origins are here:
[1] http://www.htmlremix.com/css/curved-corner-border-radius-cross-browser
[2] http://code.google.com/p/curved-corner/
[3]
http
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
--- Comment #8 from Mark Thomas 2010-11-22 08:26:06 EST ---
Thanks for your testing. This is good news. I'll get this fix into 7.0.x and
proposed for 6.0.x later today.
Yes the solution is a workaround but while HP-UX is returning this err
Author: markt
Date: Mon Nov 22 13:42:01 2010
New Revision: 1037715
URL: http://svn.apache.org/viewvc?rev=1037715&view=rev
Log:
Fix https://issues.apache.org/bugzilla/process_bug.cgi
Provide a workaround for an HP-UX issue that can result in large numbers of
SEVERE log messages appearing in the lo
Author: markt
Date: Mon Nov 22 13:43:30 2010
New Revision: 1037717
URL: http://svn.apache.org/viewvc?rev=1037717&view=rev
Log:
Proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1
Author: markt
Revision: 1037715
Modified property: svn:log
Modified: svn:log at Mon Nov 22 13:44:09 2010
--
--- svn:log (original)
+++ svn:log Mon Nov 22 13:44:09 2010
@@ -1,2 +1,2 @@
-Fix https://issues.apache.org/bugzill
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
--- Comment #9 from Mark Thomas 2010-11-22 08:45:45 EST ---
Fixed in 7.0.x and will be included in 7.0.5 onwards
Proposed for 6.0.x
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving
Author: kkolinko
Date: Mon Nov 22 13:57:10 2010
New Revision: 1037721
URL: http://svn.apache.org/viewvc?rev=1037721&view=rev
Log:
add patch URL and vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk
https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
--- Comment #10 from Michael Osipov <1983-01...@gmx.net> 2010-11-22 09:00:00
EST ---
Great news. Thanks for the quick help.
Do you think it is worth raising a ticket at APR with a link to this one?
--
Configure bugmail: https://issues.apa
This goes as CTR and was not applied to trunk.
If voting is needed, count me as +1 for this.
2010/11/19 :
> Author: markt
> Date: Fri Nov 19 19:01:34 2010
> New Revision: 1036981
>
> URL: http://svn.apache.org/viewvc?rev=1036981&view=rev
> Log:
> Additional info for https://issues.apache.org/bugz
On 22/11/2010 14:08, Konstantin Kolinko wrote:
> This goes as CTR and was not applied to trunk.
> If voting is needed, count me as +1 for this.
Sorry - that was my mistake. I committed to 6.0.x rather than trunk.
I'll fix trunk in a sec.
If it gets another quick +1 I'll leave it, else I'll revert
Author: markt
Date: Mon Nov 22 14:12:05 2010
New Revision: 1037728
URL: http://svn.apache.org/viewvc?rev=1037728&view=rev
Log:
Additional info for https://issues.apache.org/bugzilla/show_bug.cgi?id=50273
Add the error number to the message
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/Err
https://issues.apache.org/bugzilla/show_bug.cgi?id=50306
--- Comment #4 from Rainer Jung 2010-11-22 09:13:44
EST ---
I see basically two aspects that code inside Tomcat could add:
1) Extraction of relevant information
Since we know, which thread works on which request and we know a lot about t
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358
--- Comment #14 from Rainer Jung 2010-11-22 09:18:24
EST ---
As far as I remember it should apply cleanly to 6.0.29 and 6.0.x trunk (as of
now). Try it and shout if it doesn't work.
--
Configure bugmail: https://issues.apache.org/bugzill
On 22.11.2010 15:10, Mark Thomas wrote:
On 22/11/2010 14:08, Konstantin Kolinko wrote:
This goes as CTR and was not applied to trunk.
If voting is needed, count me as +1 for this.
Sorry - that was my mistake. I committed to 6.0.x rather than trunk.
I'll fix trunk in a sec.
If it gets another
On 22/11/2010 14:33, Rainer Jung wrote:
> On 22.11.2010 15:10, Mark Thomas wrote:
>> On 22/11/2010 14:08, Konstantin Kolinko wrote:
>>> This goes as CTR and was not applied to trunk.
>>> If voting is needed, count me as +1 for this.
>>
>> Sorry - that was my mistake. I committed to 6.0.x rather tha
Author: markt
Date: Mon Nov 22 14:35:51 2010
New Revision: 1037735
URL: http://svn.apache.org/viewvc?rev=1037735&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50308
Allow asynchronous request processing to call AsyncContext.dispatch() once the
asynchronous request has timed
https://issues.apache.org/bugzilla/show_bug.cgi?id=50308
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=50306
--- Comment #5 from Konstantin Kolinko 2010-11-22
09:52:30 EST ---
1) The manager webapp already has a list of requests being processed on the
"Server Status" page, as Mark mentioned.
One can make them as clickable, with more info display
https://issues.apache.org/bugzilla/show_bug.cgi?id=50316
Summary: Minor glitch with display of negative TTL on
sessionDetail.jsp
Product: Tomcat 6
Version: 6.0.29
Platform: PC
OS/Version: Windows XP
Status: NEW
Author: markt
Date: Mon Nov 22 17:19:07 2010
New Revision: 1037778
URL: http://svn.apache.org/viewvc?rev=1037778&view=rev
Log:
Fix CVE-2010-4172. Multiple XSS in Manager web application
Modified:
tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
tomcat/trunk/webapps/docs/change
Author: markt
Date: Mon Nov 22 17:20:10 2010
New Revision: 1037779
URL: http://svn.apache.org/viewvc?rev=1037779&view=rev
Log:
Fix CVE-2010-4172. Multiple XSS in Manager web application
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/JspHelper.java
tomcat/tc6.0.x/trunk/web
Author: markt
Date: Mon Nov 22 17:29:35 2010
New Revision: 1037784
URL: http://svn.apache.org/viewvc?rev=1037784&view=rev
Log:
Updates for CVE-2010-4172
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-6.xml
t
Author: kkolinko
Date: Mon Nov 22 17:40:09 2010
New Revision: 1037794
URL: http://svn.apache.org/viewvc?rev=1037794&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50228
Improve recycling of BodyContentImpl.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/BodyConten
Author: kkolinko
Date: Mon Nov 22 17:42:56 2010
New Revision: 1037797
URL: http://svn.apache.org/viewvc?rev=1037797&view=rev
Log:
proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?re
https://issues.apache.org/bugzilla/show_bug.cgi?id=50228
--- Comment #4 from Konstantin Kolinko 2010-11-22
12:45:17 EST ---
Fixed in trunk with r1037794 (will be in 7.0.5), proposed for 6.0.x.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are rece
Author: kkolinko
Date: Mon Nov 22 18:07:50 2010
New Revision: 1037808
URL: http://svn.apache.org/viewvc?rev=1037808&view=rev
Log:
proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
On behalf of the Tomcat committers I am pleased to announce that
Christopher Schultz (schultz) has been voted in as a new Tomcat committer.
Please join me in welcoming him.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.a
https://issues.apache.org/bugzilla/show_bug.cgi?id=50306
--- Comment #6 from Sylvain Laurent 2010-11-22
14:22:05 EST ---
My initial idea was : if a request takes too long, log a WARNING with the stack
trace of the thread processing the request.
I think that it is important to have this in log fi
Author: kkolinko
Date: Mon Nov 22 19:26:57 2010
New Revision: 1037846
URL: http://svn.apache.org/viewvc?rev=1037846&view=rev
Log:
proposal
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?re
2010/11/22 Mark Thomas :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
>
(...)
FYI:
The patches included in the announcement are hardly readable, because
the mailing software replaced '-' with '- -' and the start of lines,
Author: kkolinko
Date: Mon Nov 22 20:59:20 2010
New Revision: 1037887
URL: http://svn.apache.org/viewvc?rev=1037887&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50316
Fix display of negative values
Modified:
tomcat/trunk/java/org/apache/catalina/manager/JspHelper.java
Author: kkolinko
Date: Mon Nov 22 21:02:47 2010
New Revision: 1037888
URL: http://svn.apache.org/viewvc?rev=1037888&view=rev
Log:
proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?re
https://issues.apache.org/bugzilla/show_bug.cgi?id=50316
--- Comment #1 from Konstantin Kolinko 2010-11-22
16:04:47 EST ---
Fixed in trunk in r1037887 (will be in 7.0.5), proposed for 6.0
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by PidSter.
http://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=5&rev2=6
-
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by PidSter.
http://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=6&rev2=7
-
https://issues.apache.org/bugzilla/show_bug.cgi?id=50318
Summary: NPE when opening Session Details page for an expired
session
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by PidSter.
http://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=7&rev2=8
-
Author: kkolinko
Date: Mon Nov 22 22:43:51 2010
New Revision: 1037924
URL: http://svn.apache.org/viewvc?rev=1037924&view=rev
Log:
Impose a limit on the total length of the trailing headers.
Otherwise the ByteChunk buffer in the ChunkedInputFilter might grow unlimitedly.
Implemented as a system pr
Author: kkolinko
Date: Mon Nov 22 22:49:54 2010
New Revision: 1037927
URL: http://svn.apache.org/viewvc?rev=1037927&view=rev
Log:
proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?re
Author: kkolinko
Date: Mon Nov 22 22:54:51 2010
New Revision: 1037929
URL: http://svn.apache.org/viewvc?rev=1037929&view=rev
Log:
Remove border-radius.htc until issue with this file is clarified.
Removed:
tomcat/trunk/webapps/ROOT/border-radius.htc
Modified:
tomcat/trunk/webapps/ROOT/inde
2010/11/22 Konstantin Kolinko :
> Hi, all!
>
> The file /webapps/ROOT/border-radius.htc
> in the current trunk does not have the ASL header, nor any other
> explicit license.
>
I removed the file and a reference to it in r1037929
I do not want this to be a hindrance for 7.0.5.
Best regards,
Kon
The Buildbot has detected a new failure of tomcat-trunk on ASF Buildbot.
Full details are available at:
http://ci.apache.org/builders/tomcat-trunk/builds/841
Buildbot URL: http://ci.apache.org/
Buildslave for this Build: bb-vm_ubuntu
Build Reason:
Build Source Stamp: [branch tomcat/trunk] 1037
60 matches
Mail list logo
