Hi all,
I was trying to strim down a JDK, all was smooth until I started to work
with Tomcat.
The issues I hit:
- Tomcat is designed to be fully used with JPMS whereas I would like to be
able to use it in the CP if a jlink custom distro (without forking/patching
tomcat jar indeed)
- module-info u
On 15/09/2021 08:34, Romain Manni-Bucau wrote:
Hi all,
I was trying to strim down a JDK, all was smooth until I started to work
with Tomcat.
I am assuming this is with embedded.
The issues I hit:
- Tomcat is designed to be fully used with JPMS whereas I would like to be
able to use it in th
cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-919880264
That's it for now. Is anyone willing to merge and port back? :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub an
I think the last option is maybe the target: modularize tomcat properly.
The people willing to have as few as possible modules would just use a new
"bundle" module (this is what we do at openjpa, tomee, meecrowave etc)
which provides a bundle way of building apps but is not flexible.
So regarding J
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #1 from Mikko Suonio ---
Can you comment on why this is invalid? Since this is related to a CVE, the
impact needs to be analyzed in many organizations.
--
You are receiving this mail because:
You are the assignee for the bug.
Hi Rory,
Congratiolations for JDK 17 GA!
Apache Tomcat 10.1.x build and tests pass successfully with
JDK 18-ea+14-756 on both Linux x86_64 and aarch64 !
Regards,
Martin
On Tue, Sep 14, 2021 at 6:55 PM Rory O'Donnell
wrote:
> Hi Mark,
>
> *Release Announcement: General Availability of Java 17
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #2 from Mark Thomas ---
Let me turn that around. What is your basis for claiming that this is a valid
vulnerability in Apache Tomcat?
(Hint: The original description for this contained multiple inaccuracies so
don't take any of tha
On 15/09/2021 11:07, Romain Manni-Bucau wrote:
I think the last option is maybe the target: modularize tomcat properly.
"Properly" is a highly subjective judgement. There are going to be
wildly differing views on what constitutes a "proper" degree of modularity.
The people willing to have a
Le mer. 15 sept. 2021 à 13:13, Mark Thomas a écrit :
> On 15/09/2021 11:07, Romain Manni-Bucau wrote:
> > I think the last option is maybe the target: modularize tomcat properly.
>
> "Properly" is a highly subjective judgement. There are going to be
> wildly differing views on what constitutes a
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 1988fad Merge pull request #450 from tussupbekov/typo-fix
new 60baeb2 Fix a potential cause of intermittent test
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 60baeb2128d72416f13753ce7091b15a537343fa
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potentia
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0a86874349c08b01a96f3c1f9f1f51dddbb74528
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchroni
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7a1441acb6a2c527d97d345e99309e36e1e72a39
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug sta
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit dee5f2c1f744e789ab3a422de79385222d07ba6e
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor alloc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from da5ce59 Fix typo
new 1e34825 Avoid StackOverflowException
new 0d409fb Fix a potential cause of intermitte
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1e34825322e5d9ebadc9e8f128fb44ce76e4b3f9
Author: Mark Thomas
AuthorDate: Fri Sep 10 08:21:36 2021 +0100
Avoid StackO
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0d409fbeb62a594f681893f9a5585abcb6259656
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potent
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 23be85654d4121718610aea7a586af5748a310c9
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor all
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2653750ce02b94de559dd0396c8a42055ef7dd4c
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchro
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f61a413f176928e50c73831eaa433d71a403119a
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug s
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 7bc0ebb Fix typo
new 0b2a4f7 Avoid StackOverflowException
new b97bd8b Fix a potential cause of intermitten
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b97bd8bef6cc60d8f07abae867ec91d83dc0823f
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potenti
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0b2a4f78e6347a2508c18008add025e820a40971
Author: Mark Thomas
AuthorDate: Fri Sep 10 08:21:36 2021 +0100
Avoid StackOv
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c846f70814a5b0f31d66acfdbff893641b8f9b8a
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug st
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit ea400ae393037ff516505e639d626c511067f5e5
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchron
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c3f5655929027cc791a3f4e1c52ffb7f29cf2b20
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor allo
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #3 from Jeehong Min ---
I filed the original bug. Afterwards, I realized that I made a mistake when I
was tracing dependencies with CVEs. Tomcat does not have any dependencies on
axis2-adb.
--
You are receiving this mail because
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 5ca5269 Fix typo
new c3d9cf8 Fix a potential cause of intermittent test failure
new a26978b Move debug sta
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c3d9cf805487595cb0f4cda474c5cd1a91f097e9
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potenti
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a26978b45d165e429c44c58022a4a8db93841da6
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug st
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 51258057032d7f7fcac2c9416bebab45d784053f
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor allo
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f6fa2f71b4a636eb08e8aa48cbc5b7ec23094e86
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchron
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #4 from Mikko Suonio ---
I would like Tomcat developers to state clearly that this is not a valid
vulnerability. This would make it easier for Tomcat users to dismiss the issue
detected by vulnerability analysis of their software.
Author: markt
Date: Wed Sep 15 17:51:53 2021
New Revision: 1893363
URL: http://svn.apache.org/viewvc?rev=1893363&view=rev
Log:
Publish CVE-2021-41079
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tom
CVE-2021-41079 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.2
Apache Tomcat 9.0.0-M1 to 9.0.43
Apache Tomcat 8.5.0 to 8.5.63
Description:
When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a
35 matches
Mail list logo
