Re: CVE-2013-1571, VU#225657

On 19/06/2013 00:42, Nick Williams wrote: Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java 7 < 7u25 is vulnerable to a frame injection attack. Oracle has provided a repair-in-place tool for Javadoc that cannot b

Re: CVE-2013-1571, VU#225657

On 19/06/2013 09:15, Mark Thomas wrote: On 19/06/2013 00:42, Nick Williams wrote: Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java 7 < 7u25 is vulnerable to a frame injection attack. Oracle has provided a repai

svn commit: r1494493 [2/2] - in /tomcat/site/trunk/docs: maven-plugin-2.0-beta-1/apidocs/ maven-plugin-2.0-beta-1/common-tomcat-maven-plugin/apidocs/ maven-plugin-2.0-beta-1/testapidocs/ maven-plugin-

Modified: tomcat/site/trunk/docs/maven-plugin-2.0/tomcat7-war-runner/apidocs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/maven-plugin-2.0/tomcat7-war-runner/apidocs/index.html?rev=1494493&r1=1494492&r2=1494493&view=diff =

Re: CVE-2013-1571, VU#225657

On 19 June 2013 09:15, Mark Thomas wrote: > On 19/06/2013 00:42, Nick Williams wrote: >> >> Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], >> VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java >> 7 < 7u25 is vulnerable to a frame injection attack. Oracle has >>

svn commit: r1494527 - in /tomcat/trunk/java/org/apache/catalina/tribes: group/interceptors/MessageDispatch15Interceptor.java util/ExecutorFactory.java

Author: kfujino Date: Wed Jun 19 09:59:56 2013 New Revision: 1494527 URL: http://svn.apache.org/r1494527 Log: Replace Tribes's TaskQueue as executor's workQueue in order to ensure that executor's maxThread works correctly. Modified: tomcat/trunk/java/org/apache/catalina/tribes/group/interce

svn commit: r1494528 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.java java/org/apache/catalina/tribes/util/ExecutorFactory.java webapps/

Author: kfujino Date: Wed Jun 19 10:03:51 2013 New Revision: 1494528 URL: http://svn.apache.org/r1494528 Log: Replace Tribes's TaskQueue as executor's workQueue in order to ensure that executor's maxThread works correctly. Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/group

[Bug 55120] New: ISA exception is thrown during application start when there is annotated ServerEndpoint POJO

https://issues.apache.org/bugzilla/show_bug.cgi?id=55120 Bug ID: 55120 Summary: ISA exception is thrown during application start when there is annotated ServerEndpoint POJO Product: Tomcat 8 Version: trunk Hardware: PC

[Bug 55120] ISA exception is thrown during application start when there is annotated ServerEndpoint POJO

https://issues.apache.org/bugzilla/show_bug.cgi?id=55120 Niki Dokovski changed: What|Removed |Added Attachment #30462|0 |1 is patch|

Re: CVE-2013-1571, VU#225657

2013/6/19 Mark Thomas : > On 19/06/2013 09:15, Mark Thomas wrote: >> >> On 19/06/2013 00:42, Nick Williams wrote: >>> >>> Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], >>> VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java >>> 7 < 7u25 is vulnerable to a frame

[Bug 55120] ISA exception is thrown during application start when there is annotated ServerEndpoint POJO

https://issues.apache.org/bugzilla/show_bug.cgi?id=55120 Niki Dokovski changed: What|Removed |Added OS||All --- Comment #1 from Niki Dokov

[Bug 55120] ISA exception is thrown during application start when there is annotated ServerEndpoint POJO

https://issues.apache.org/bugzilla/show_bug.cgi?id=55120 --- Comment #2 from Niki Dokovski --- Created attachment 30463 --> https://issues.apache.org/bugzilla/attachment.cgi?id=30463&action=edit handling of EndpointConfig param changes in PojoEndpointBase PojoMethodMapping and TestPojoEndpoint

Re: CVE-2013-1571, VU#225657

On Jun 19, 2013, at 3:15 AM, Mark Thomas wrote: > On 19/06/2013 00:42, Nick Williams wrote: >> Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], >> VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java >> 7 < 7u25 is vulnerable to a frame injection attack. Oracle ha

Re: CVE-2013-1571, VU#225657

On 19 June 2013 13:03, Nick Williams wrote: > > On Jun 19, 2013, at 3:15 AM, Mark Thomas wrote: > >> On 19/06/2013 00:42, Nick Williams wrote: >>> Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], >>> VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java >>> 7 < 7u25

Re: CVE-2013-1571, VU#225657

On 19 June 2013 13:12, sebb wrote: > On 19 June 2013 13:03, Nick Williams wrote: >> >> On Jun 19, 2013, at 3:15 AM, Mark Thomas wrote: >> >>> On 19/06/2013 00:42, Nick Williams wrote: Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], VU#225657 [2]) whereby Javadoc generat

Re: CVE-2013-1571, VU#225657

2013/6/19 sebb : > On 19 June 2013 13:12, sebb wrote: >> On 19 June 2013 13:03, Nick Williams wrote: >>> >>> On Jun 19, 2013, at 3:15 AM, Mark Thomas wrote: >>> On 19/06/2013 00:42, Nick Williams wrote: > Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], > VU#225657 [2

Re: CVE-2013-1571, VU#225657

On 19 June 2013 14:12, Konstantin Kolinko wrote: > 2013/6/19 sebb : >> On 19 June 2013 13:12, sebb wrote: >>> On 19 June 2013 13:03, Nick Williams wrote: On Jun 19, 2013, at 3:15 AM, Mark Thomas wrote: > On 19/06/2013 00:42, Nick Williams wrote: >> Oracle has announced a J

Re: CVE-2013-1571, VU#225657

On 19/06/2013 15:12, sebb wrote: On 19 June 2013 14:12, Konstantin Kolinko wrote: 2013/6/19 sebb : On 19 June 2013 13:12, sebb wrote: On 19 June 2013 13:03, Nick Williams wrote: On Jun 19, 2013, at 3:15 AM, Mark Thomas wrote: On 19/06/2013 00:42, Nick Williams wrote: Oracle has announc

svn commit: r1494647 - /tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java

Author: markt Date: Wed Jun 19 14:53:02 2013 New Revision: 1494647 URL: http://svn.apache.org/r1494647 Log: Add test for additional language added to @HttpConstraint in section 13.4.1 in the 3.1 spec Modified: tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java Modified: tomcat/t

Re: CVE-2013-1571, VU#225657

On 19 June 2013 15:36, Mark Thomas wrote: > On 19/06/2013 15:12, sebb wrote: >> >> On 19 June 2013 14:12, Konstantin Kolinko wrote: >>> >>> 2013/6/19 sebb : On 19 June 2013 13:12, sebb wrote: > > On 19 June 2013 13:03, Nick Williams > wrote: >> >> >> On Jun 19,

HttpServletRequest.upgrade and HttpServletRequestWrapper.upgrade should throw ServletException

Hi, According to Servlet Spec 3.1 final javadoc: javax.servlet.http.HttpServletRequest.upgrade(Class) throws IOException, ServletException javax.servlet.http.HttpServletRequestWrapper.upgrade(Class) throws IOException, ServletException In our Servlet APIs these methods throw only IOException. W

svn commit: r1494779 - in /tomcat/trunk/java/org/apache/catalina/core: LocalStrings.properties StandardContext.java

Author: markt Date: Wed Jun 19 21:43:26 2013 New Revision: 1494779 URL: http://svn.apache.org/r1494779 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53987 Servlet 3.1. Log uncovered HTTP methods. Modified: tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties to

[Bug 53987] Log uncovered HTTP methods in combined security constraints

https://issues.apache.org/bugzilla/show_bug.cgi?id=53987 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 55122] New: GlobalRequestProcessor "bytesReceived" statistic always is zero

https://issues.apache.org/bugzilla/show_bug.cgi?id=55122 Bug ID: 55122 Summary: GlobalRequestProcessor "bytesReceived" statistic always is zero Product: Tomcat 7 Version: 7.0.41 Hardware: PC Status: NEW

[Bug 55122] GlobalRequestProcessor "bytesReceived" statistic always is zero

https://issues.apache.org/bugzilla/show_bug.cgi?id=55122 junedo changed: What|Removed |Added CC||jun...@qq.com OS|