Am 2. Dezember 2015 00:02:08 MEZ, schrieb Mark Thomas :
>The proposed Apache Tomcat 8.0.30 release is now available for voting.
>
>The main changes since 8.0.29 are:
>
>- Location headers for redirects now use relative URIs. This can
> be controlled by Context with the useRelativeRedirects attri
Give the recent OpenSSL vulnerability announcements [1], I was planning
on starting a tomcat-native 1.2.3 release to provide an updated Windows
binary.
There are a few fixes in trunk since 1.2.2. I'll get the changelog updated.
I'm currently planning on tagging this on Tuesday 8th Dec. We can
pro
I've been spending some time looking at the JASPIC implementation that
was started as part of GSoC.
To recap the history to save folks digging through the archives:
- JASPIC provides a standard API for pluggable authentication modules
- The most obvious use case is integration with one of the ma
Author: markt
Date: Fri Dec 4 11:51:10 2015
New Revision: 1717937
URL: http://svn.apache.org/viewvc?rev=1717937&view=rev
Log:
Update the changelog with additional fixes since 1.2.2
Modified:
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/trunk/xdocs/miscellane
2015-12-04 12:42 GMT+01:00 Mark Thomas :
> I've been spending some time looking at the JASPIC implementation that
> was started as part of GSoC.
>
> To recap the history to save folks digging through the archives:
>
> - JASPIC provides a standard API for pluggable authentication modules
>
> - The
2015-12-04 12:42 GMT+01:00 Mark Thomas :
> Give the recent OpenSSL vulnerability announcements [1], I was planning
> on starting a tomcat-native 1.2.3 release to provide an updated Windows
> binary.
>
> There are a few fixes in trunk since 1.2.2. I'll get the changelog updated.
>
Sorry, I guess e
2015-12-02 2:02 GMT+03:00 Mark Thomas :
> The proposed Apache Tomcat 8.0.30 release is now available for voting.
>
>
> The proposed 8.0.30 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.0.30
Units tests pass - all 4 connectors (BIO, NIO, NIO2, APR) x Java 7u80,
2015-12-02 1:02 GMT+02:00 Mark Thomas :
>
> The proposed Apache Tomcat 8.0.30 release is now available for voting.
>
> The main changes since 8.0.29 are:
>
> - Location headers for redirects now use relative URIs. This can
> be controlled by Context with the useRelativeRedirects attribute.
>
> -
Hi,
See you guys are making good progress with the JASPIC implementation in
Tomcat.
One commit that I noticed is the following:
https://github.com/apache/tomcat/commit/3e1b4931867a12a74e9e9fe7ff86484cc65a21e6
It says: "Remove the programmatic login/logout override, as I don't see how
JASPIC can
On 04/12/2015 12:38, Rémy Maucherat wrote:
> 2015-12-04 12:42 GMT+01:00 Mark Thomas :
>
>> Give the recent OpenSSL vulnerability announcements [1], I was planning
>> on starting a tomcat-native 1.2.3 release to provide an updated Windows
>> binary.
>>
>> There are a few fixes in trunk since 1.2.2.
On 04/12/2015 12:29, Rémy Maucherat wrote:
> 2015-12-04 12:42 GMT+01:00 Mark Thomas :
>> The DIGEST module does not disable the default
>> caching of the authenticated Principal in the session which renders the
>> security benefits of digest over http largely useless.
>
> Apologies for missing it
https://bz.apache.org/bugzilla/show_bug.cgi?id=57489
Mark Thomas changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment #21 from Mark Thomas --
Author: markt
Date: Fri Dec 4 14:05:49 2015
New Revision: 1717965
URL: http://svn.apache.org/viewvc?rev=1717965&view=rev
Log:
Add test cases, currently disabled because they don't all pass, for various
issues around WebSocket closing.
Patch by Barry Coughlan
Added:
tomcat/trunk/test/org/ap
Author: markt
Date: Fri Dec 4 14:06:33 2015
New Revision: 1717967
URL: http://svn.apache.org/viewvc?rev=1717967&view=rev
Log:
Static works for me for these test cases.
Modified:
tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java
Modified: tomcat/trunk/test/org/apache/tomcat
Author: markt
Date: Fri Dec 4 14:11:31 2015
New Revision: 1717968
URL: http://svn.apache.org/viewvc?rev=1717968&view=rev
Log:
Use a Log since that gives timestamps and thread info with minimal effort on my
part
Modified:
tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java
M
2015-12-04 14:41 GMT+01:00 Mark Thomas :
> On 04/12/2015 12:38, Rémy Maucherat wrote:
> > 2015-12-04 12:42 GMT+01:00 Mark Thomas :
> >
> >> Give the recent OpenSSL vulnerability announcements [1], I was planning
> >> on starting a tomcat-native 1.2.3 release to provide an updated Windows
> >> bina
Hi,
i am using Tomcat based on APR/OpenSSL and have observed that shutdown behavior
in bad case is not clean. For example if OpenSSL verify callback verify the
peer certificate(s) and verification is failed e.g. unknown_certificate,
revoked etc. OpenSSL sets a handshake error with an alert messa
Hi,
i am using Tomcat based on APR/OpenSSL and have observed that shutdown behavior
in bad case is not clean. For example if OpenSSL verify callback verify the
peer certificate(s) and verification is failed e.g. unknown_certificate,
revoked etc. OpenSSL sets a handshake error with an alert mess
Author: markt
Date: Fri Dec 4 15:13:17 2015
New Revision: 1717979
URL: http://svn.apache.org/viewvc?rev=1717979&view=rev
Log:
Fix a TODO (add explanatory comment as to why the test is correct)
Modified:
tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java
Modified: tomcat/tru
https://bz.apache.org/bugzilla/show_bug.cgi?id=58691
Bug ID: 58691
Summary: org.apache.naming.ResourceEnvRef missing factory
Product: Tomcat 8
Version: 8.0.29
Hardware: All
OS: All
Status: NEW
Severity: no
Author: remm
Date: Fri Dec 4 15:32:16 2015
New Revision: 1717984
URL: http://svn.apache.org/viewvc?rev=1717984&view=rev
Log:
Some small cleanups.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl
2015-12-04 16:08 GMT+01:00 Rashid Mahmood :
> For my application a clean shutdown is a critical requirement. Is there
> anything already in discussion about this issue or should i report as a bug?
>
> You can add an enhancement but it looks difficult to do.
Rémy
Author: violetagg
Date: Fri Dec 4 20:23:44 2015
New Revision: 1718022
URL: http://svn.apache.org/viewvc?rev=1718022&view=rev
Log:
Stream may not be closed in all branches. Findbugs report.
Modified:
tomcat/trunk/java/org/apache/catalina/startup/Catalina.java
tomcat/trunk/java/org/apache/
Author: violetagg
Date: Fri Dec 4 20:31:10 2015
New Revision: 1718024
URL: http://svn.apache.org/viewvc?rev=1718024&view=rev
Log:
Merged revision 1718022 from tomcat/trunk:
Stream may not be closed in all branches. Findbugs report.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat
Author: violetagg
Date: Fri Dec 4 20:52:35 2015
New Revision: 1718030
URL: http://svn.apache.org/viewvc?rev=1718030&view=rev
Log:
Merged revision 1718022 from tomcat/trunk:
Stream may not be closed in all branches. Findbugs report.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat
2015-12-04 14:50 GMT+01:00 Mark Thomas :
> On 04/12/2015 12:29, Rémy Maucherat wrote:
> > 2015-12-04 12:42 GMT+01:00 Mark Thomas :
>
> >> The DIGEST module does not disable the default
> >> caching of the authenticated Principal in the session which renders the
> >> security benefits of digest ove
The Buildbot has detected a new failure on builder tomcat-8-trunk while
building ASF Buildbot. Full details are available at:
http://ci.apache.org/builders/tomcat-8-trunk/builds/318
Buildbot URL: http://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchSch
https://bz.apache.org/bugzilla/show_bug.cgi?id=58692
Bug ID: 58692
Summary: Odd classpath URLs cause Tomcat to abort loading
webapps
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status:
https://bz.apache.org/bugzilla/show_bug.cgi?id=58692
--- Comment #1 from Derek Abdine ---
Here's the stack trace from the attached test case / unit test:
java.lang.IllegalArgumentException: URI scheme is not "file"
at java.io.File.(File.java:421)
at
org.apache.tomcat.util.scan.StandardJar
https://bz.apache.org/bugzilla/show_bug.cgi?id=58692
--- Comment #2 from Derek Abdine ---
Just a slight correction: I mentioned in the description
"There is no way to prevent this issue with a JarScanFilter"
Just to clarify, there is no way to prevent this with the built in
StandardJarScanFi
On 2.12.2015 0:02, Mark Thomas wrote:
The proposed 8.0.30 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.0.30
Tested .zip distribution on Windows 7 64-bit, Oracle JDK 1.8.0_60 and
APR/native 1.2.2:
- Tested TLS connectivity for BIO, NIO, NIO2 and APR connector
31 matches
Mail list logo
