svn commit: r1825052 - /tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java

Author: markt Date: Thu Feb 22 12:13:51 2018 New Revision: 1825052 URL: http://svn.apache.org/viewvc?rev=1825052&view=rev Log: Fix SpotBugs warning. Probably a false positive but err on the safe side. Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Modified:

[Bug 60362] Missing reason phrase in response

https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #69 from Michael Osipov <1983-01...@gmx.net> --- (In reply to William Watson from comment #68) > I believe an option to send a reason phrase should be maintained in Tomcat 9. > > The reason phrase should be ignored by RFC-compliant

[Bug 60362] Missing reason phrase in response

https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #70 from Mark Thomas --- That is a view although it is perhaps a tad harsh. Regardless, the world is moving towards HTTP/2 and HTTP/2 doesn't have a reason phrase so this is a situation developers are going to have to get used to.

svn commit: r1825054 - in /tomcat/trunk: java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

Author: markt Date: Thu Feb 22 13:15:55 2018 New Revision: 1825054 URL: http://svn.apache.org/viewvc?rev=1825054&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62123 Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web a

svn commit: r1825055 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

Author: markt Date: Thu Feb 22 13:20:25 2018 New Revision: 1825055 URL: http://svn.apache.org/viewvc?rev=1825055&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62123 Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web a

svn commit: r1825056 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

Author: markt Date: Thu Feb 22 13:21:08 2018 New Revision: 1825056 URL: http://svn.apache.org/viewvc?rev=1825056&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62123 Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web a

svn commit: r1825057 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

Author: markt Date: Thu Feb 22 13:21:56 2018 New Revision: 1825057 URL: http://svn.apache.org/viewvc?rev=1825057&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62123 Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web a

[Bug 62123] concurrentmodification exception on cleanup of RMI objects when stopping webapp

https://bz.apache.org/bugzilla/show_bug.cgi?id=62123 Mark Thomas changed: What|Removed |Added OS||All Resolution|---

svn commit: r1825078 - /tomcat/trunk/java/org/apache/coyote/http2/Http2AsyncParser.java

Author: remm Date: Thu Feb 22 15:59:13 2018 New Revision: 1825078 URL: http://svn.apache.org/viewvc?rev=1825078&view=rev Log: Minor cleanup. Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2AsyncParser.java Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2AsyncParser.java URL

[Bug 60362] Missing reason phrase in response

https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #71 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Mark Thomas from comment #70) > That is a view although it is perhaps a tad harsh. > > Regardless, the world is moving towards HTTP/2 and HTTP/2 doesn't have a > reason p

svn commit: r1825106 [2/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1825106&r1=1825105&r2=1825106&view=diff == --- tomcat/site/trunk/docs/security-7.html (original

svn commit: r1825106 [1/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Author: markt Date: Fri Feb 23 00:25:01 2018 New Revision: 1825106 URL: http://svn.apache.org/viewvc?rev=1825106&view=rev Log: Add info for CVE-2018-1304/5 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html

svn commit: r1825106 [3/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1825106&r1=1825105&r2=1825106&view=diff == --- tomcat/site/trunk/docs/security-8.html (original)

svn commit: r1825106 [5/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1825106&r1=1825105&r2=1825106&view=diff == --- tomcat/site/trunk/xdocs/security-7.xml (original)

svn commit: r1825106 [4/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1825106&r1=1825105&r2=1825106&view=diff == --- tomcat/site/trunk/docs/security-9.html (original)

[SECURITY] CVE-2018-1305 Security constraint annotations applied too late

CVE-2018-1305 Security constraint annotations applied too late Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.4 Apache Tomcat 8.5.0 to 8.5.27 Apache Tomcat 8.0.0.RC1 to 8.0.49 Apache Tomcat 7.0.0 to 7.0.84 Description: Security constraints

[SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored

CVE-2018-1304 Security constraints mapped to context root are ignored Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.4 Apache Tomcat 8.5.0 to 8.5.27 Apache Tomcat 8.0.0.RC1 to 8.0.49 Apache Tomcat 7.0.0 to 7.0.84 Description: The URL patte

Re: svn commit: r1825106 [5/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Le 23/02/2018 à 01:25, ma...@apache.org a écrit : > +This issue was by the Apache Tomcat Security on 1 February 2018 and > made > + public on 23 February 2018. The word "identified" is missing in this sentence. Emmanuel Bourg ---

Re: svn commit: r1825106 [5/5] - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

On 23/02/18 00:37, Emmanuel Bourg wrote: > Le 23/02/2018 à 01:25, ma...@apache.org a écrit : >> +This issue was by the Apache Tomcat Security on 1 February 2018 and >> made >> + public on 23 February 2018. > > The word "identified" is missing in this sentence. Thanks for spotting this.

svn commit: r1825107 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Author: markt Date: Fri Feb 23 00:42:49 2018 New Revision: 1825107 URL: http://svn.apache.org/viewvc?rev=1825107&view=rev Log: Fix typo Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/