[Bug 62150] Relative Paths have changd

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 --- Comment #1 from Remy Maucherat --- Created attachment 35750 --> https://bz.apache.org/bugzilla/attachment.cgi?id=35750&action=edit Patch Ok, I think it is risky to not use the normalized path instead. r1799115 which changed this is still

JDK 10: Release Candidate & JDK 11 Early Access builds available

2018-03-02 Thread Rory O'Donnell
Hi Mark, Can you confirm the fix in JDK 11 * JDK-8195096 - Apache Tomcat o Exception with custom LogManager on starting Apache Tomcat *JDK 10 build 45 is our JDK 10 Release Candidate and now available at http://jdk.java.net/10/* *

svn commit: r1825713 - in /tomcat/trunk: java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 11:51:19 2018 New Revision: 1825713 URL: http://svn.apache.org/viewvc?rev=1825713&view=rev Log: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when using the JMX proxy feature of the Manager application. Based o

svn commit: r1825714 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 11:51:56 2018 New Revision: 1825714 URL: http://svn.apache.org/viewvc?rev=1825714&view=rev Log: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when using the JMX proxy feature of the Manager application. Based o

svn commit: r1825715 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 11:54:18 2018 New Revision: 1825715 URL: http://svn.apache.org/viewvc?rev=1825715&view=rev Log: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when using the JMX proxy feature of the Manager application. Based o

svn commit: r1825716 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 11:54:54 2018 New Revision: 1825716 URL: http://svn.apache.org/viewvc?rev=1825716&view=rev Log: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when using the JMX proxy feature of the Manager application. Based o

[Bug 62150] Relative Paths have changd

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 Mark Thomas changed: What|Removed |Added OS||All --- Comment #2 from Mark Thomas ---

[Bug 62150] Relative Paths have changd

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 --- Comment #3 from Myron Uecker --- It was one of those questionable decisions somebody made years ago in our code to use relative paths for navigation that no longer works after that change. Thank you for looking at this. -- You are receivi

[Bug 62150] Relative Paths have changd

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 --- Comment #4 from Remy Maucherat --- Using a relative path to get the RD is not bad. However, far more unusual is using the requestURI, since you have to deal with annoying stuff when you do that (URL encoding ...). -- You are receiving thi

Re: svn commit: r1825713 - in /tomcat/trunk: java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread Konstantin Kolinko
2018-03-02 14:51 GMT+03:00 : > Author: markt > Date: Fri Mar 2 11:51:19 2018 > New Revision: 1825713 > > URL: http://svn.apache.org/viewvc?rev=1825713&view=rev > Log: > Work-around a known, non-specification compliant behaviour in some versions > of IE that can allow XSS when using the JMX proxy

[Bug 62150] Relative Paths have changd

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 --- Comment #5 from Mark Thomas --- Indeed. The behaviour of getRequestURI() is at the root of this bug report and bug 61185. In terms of guidance from the spec, what we have is: - getRequestURI() Returns the part of this request's URL from t

[Bug 62150] Relative Paths have changd

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 Remy Maucherat changed: What|Removed |Added Severity|normal |enhancement --- Comment #6 from Remy

svn commit: r1825734 - /tomcat/trunk/java/org/apache/catalina/manager/JMXProxyServlet.java

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 17:01:35 2018 New Revision: 1825734 URL: http://svn.apache.org/viewvc?rev=1825734&view=rev Log: Add a characterset to the JMX text output Modified: tomcat/trunk/java/org/apache/catalina/manager/JMXProxyServlet.java Modified: tomcat/trunk/java/org/apache/catalin

Re: svn commit: r1825713 - in /tomcat/trunk: java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread Mark Thomas
On 02/03/18 15:33, Konstantin Kolinko wrote: > 2018-03-02 14:51 GMT+03:00 : >> Author: markt >> Date: Fri Mar 2 11:51:19 2018 >> New Revision: 1825713 >> >> URL: http://svn.apache.org/viewvc?rev=1825713&view=rev >> Log: >> Work-around a known, non-specification compliant behaviour in some version

Re: svn commit: r1825713 - in /tomcat/trunk: java/org/apache/catalina/manager/JMXProxyServlet.java webapps/docs/changelog.xml

2018-03-02 Thread Mark Thomas
On 02/03/18 17:05, Mark Thomas wrote: > On 02/03/18 15:33, Konstantin Kolinko wrote: >> 2018-03-02 14:51 GMT+03:00 : >>> Author: markt >>> Date: Fri Mar 2 11:51:19 2018 >>> New Revision: 1825713 >>> >>> URL: http://svn.apache.org/viewvc?rev=1825713&view=rev >>> Log: >>> Work-around a known, non-s

svn commit: r1825738 - in /tomcat/trunk: java/org/apache/catalina/manager/JMXProxyServlet.java java/org/apache/catalina/manager/ManagerServlet.java java/org/apache/catalina/manager/host/HostManagerSer

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 18:45:28 2018 New Revision: 1825738 URL: http://svn.apache.org/viewvc?rev=1825738&view=rev Log: Extend work-around to all text/plain responses from Manager and Host Manager. Modified: tomcat/trunk/java/org/apache/catalina/manager/JMXProxyServlet.java tomcat/

[Bug 62150] Behavior of relative paths with RequestDispatcher has changed

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 Christopher Schultz changed: What|Removed |Added Summary|Relative Paths have changd |Behavior of relative paths

Re: svn commit: r1825734 - /tomcat/trunk/java/org/apache/catalina/manager/JMXProxyServlet.java

2018-03-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/2/18 12:01 PM, ma...@apache.org wrote: > Author: markt Date: Fri Mar 2 17:01:35 2018 New Revision: 1825734 > > URL: http://svn.apache.org/viewvc?rev=1825734&view=rev Log: Add a > characterset to the JMX text output > > Modified: > tom

Re: svn commit: r1825734 - /tomcat/trunk/java/org/apache/catalina/manager/JMXProxyServlet.java

2018-03-02 Thread Mark Thomas
On 02/03/18 19:01, Christopher Schultz wrote: > Would it be better to do this instead: > > response.setContentType("text/plain;charset=" > + response.getCharacterEncoding()); > > Even if the encoding is *supposed* to be UTF-8 (like the constant > suggests), in case it isn't for what

svn commit: r1825743 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/manager/JMXProxyServlet.java java/org/apache/catalina/manager/ManagerServlet.java java/org/apache/catalina/manager/host/Hos

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 19:18:30 2018 New Revision: 1825743 URL: http://svn.apache.org/viewvc?rev=1825743&view=rev Log: Extend work-around to all text/plain responses from Manager and Host Manager. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apac

svn commit: r1825744 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/manager/JMXProxyServlet.java java/org/apache/catalina/manager/ManagerServlet.java java/org/apache/catalina/manager/host/Hos

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 19:19:01 2018 New Revision: 1825744 URL: http://svn.apache.org/viewvc?rev=1825744&view=rev Log: Extend work-around to all text/plain responses from Manager and Host Manager. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apac

svn commit: r1825745 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/manager/JMXProxyServlet.java java/org/apache/catalina/manager/ManagerServlet.java java/org/apache/catalina/manager/host/Hos

2018-03-02 Thread markt
Author: markt Date: Fri Mar 2 19:19:34 2018 New Revision: 1825745 URL: http://svn.apache.org/viewvc?rev=1825745&view=rev Log: Extend work-around to all text/plain responses from Manager and Host Manager. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apac

Re: JDK 10: Release Candidate & JDK 11 Early Access builds available

2018-03-02 Thread Mark Thomas
On 02/03/18 11:15, Rory O'Donnell wrote: > > Hi Mark, > > Can you confirm the fix in JDK 11> >  * JDK-8195096 - >    Apache Tomcat > o Exception with custom LogManager on starting Apache Tomcat Confirmed. This is fixed in JDK 11 EA3. Any pl

[Bug 62146] Support to add customized KeyManager like "trustManagerClassName" did.

2018-03-02 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62146 --- Comment #3 from Wang, Simon <18616998...@163.com> --- Thanks for your comments. could you give more details about Tomcat-8.5 reloading TLS config? Another concern is: that's big impact for us to upgrade Tomcat7 to Tomcat-8.5. Could you give