https://bz.apache.org/bugzilla/show_bug.cgi?id=64862
--- Comment #1 from Michael Osipov ---
As of
libressl-portable: b52dc3d9b292f4f644d7506a2d62df11f2a6e269
tomcat-native: 1.2.32
tomcat-native does not compile anymore:
> $ make
> /bin/sh /usr/local/share/apr/build-1/libtool --silent --mode=comp
https://bz.apache.org/bugzilla/show_bug.cgi?id=66005
--- Comment #1 from Lothar ---
I did some further investigation. with strace
SEGSEGV was raised 0.44 after start up:
0.44 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_USER, si_pid=52811,
si_uid=0} ---
0.116226 +++ killed by SIGSEGV (core d
https://bz.apache.org/bugzilla/show_bug.cgi?id=66009
Remy Maucherat changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment #4 from Remy Mau
https://bz.apache.org/bugzilla/show_bug.cgi?id=66009
--- Comment #5 from Maikel ---
Thanks for the information, I did not know I could use
X509UsernameRetrieverClassName to change the behavior. We where using the
certificate functionality out of the box with only some changes in the config
files.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66005
--- Comment #2 from Christopher Schultz ---
You have no provided enough information to investigate this crash.
Does the log file end after what you have posted?
Please post the full backtrace of the crash, or, if you are comfortable doing
so,
https://bz.apache.org/bugzilla/show_bug.cgi?id=66005
Christopher Schultz changed:
What|Removed |Added
Status|NEW |NEEDINFO
--
You are receiving t
Filip,
On 4/11/22 18:32, Filip Hanik wrote:
Hi folks,
I'm jumping in on the bandwagon again. Specifically to talk some more about
native compilation. The graal compiler is making headway, and it's becoming
better and better at native compilation [1].
I'll put some historical context at the bot
https://bz.apache.org/bugzilla/show_bug.cgi?id=66008
--- Comment #1 from Christopher Schultz ---
This seems like a matter of opinion over the definition of "useless".
The whole point of the option *is* to affect the output.
The documentation could be improved for "Production Configuration" to (
https://bz.apache.org/bugzilla/show_bug.cgi?id=66009
--- Comment #6 from Christopher Schultz ---
(In reply to Remy Maucherat from comment #1)
> https://github.com/apache/tomcat/commit/
> b21268dcebc3d470430227978caa4f168a3346d4
My guess is that the above patch will fix this issue.
Can you pleas
https://bz.apache.org/bugzilla/show_bug.cgi?id=66009
--- Comment #7 from Christopher Schultz ---
Actually, this ought to do the trick:
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.security.auth.x500
On Wed, Apr 13, 2022 at 9:45 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Filip,
>
> On 4/11/22 18:32, Filip Hanik wrote:
> > Hi folks,
> >
> > I'm jumping in on the bandwagon again. Specifically to talk some more
> about
> > native compilation. The graal compiler is making head
https://bz.apache.org/bugzilla/show_bug.cgi?id=66013
Bug ID: 66013
Summary: missing class javax.servlet.jsp.tagext.TagExtraInfo
used by org.apache.jasper.compiler.TagLibraryInfoImpl
Product: Tomcat 10
Version: 10.0.20
Hardw
k4n5ha0 opened a new pull request, #504:
URL: https://github.com/apache/tomcat/pull/504
jsp and jspx is dangerous. likes spring4shell and others hacker,they use
uplaod jsp or write a webshell to disk.
If project need jsp or jspx, they pack web.xml in war with jsp mappings by
themself.
markt-asf commented on PR #504:
URL: https://github.com/apache/tomcat/pull/504#issuecomment-1098727906
This is a bad idea for so many different reasons. To name a few:
- "Spring4Shell" allows arbitrary file uploads. All an attacker has to do to
bypass this change is to upload a web.xm
markt-asf closed pull request #504: disable jsp and jspx by default
URL: https://github.com/apache/tomcat/pull/504
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscrib
15 matches
Mail list logo
