Re: CDI and injection issues

2022-11-24 Thread Rémy Maucherat
On Wed, Nov 23, 2022 at 11:10 AM Romain Manni-Bucau wrote: > > Well, it is not that simple. > > Two notes on that: > > 1. One point is the API, injector and instance manager are the exact same > API if you want a generic API so not sure it should be duplicated with > different names (or said other

Handling reports from oss-fuzz

2022-11-24 Thread Mark Thomas
Hi all, We currently receive reports from oss-fuzz to the Tomcat security list. There is a relatively high volume of reports with a very high false positive rate. To date, we haven't had any valid security issues reported. Concern has been expressed that oss-fuzz is generating excessive noise

Re: CDI and injection issues

2022-11-24 Thread Romain Manni-Bucau
Le jeu. 24 nov. 2022 à 10:13, Rémy Maucherat a écrit : > On Wed, Nov 23, 2022 at 11:10 AM Romain Manni-Bucau > wrote: > > > > Well, it is not that simple. > > > > Two notes on that: > > > > 1. One point is the API, injector and instance manager are the exact same > > API if you want a generic AP

Re: Handling reports from oss-fuzz

2022-11-24 Thread Rémy Maucherat
On Thu, Nov 24, 2022 at 10:14 AM Mark Thomas wrote: > > Hi all, > > We currently receive reports from oss-fuzz to the Tomcat security list. > There is a relatively high volume of reports with a very high false > positive rate. To date, we haven't had any valid security issues reported. > > Concern

svn commit: r58227 - in /release/tomcat: jakartaee-migration/v1.0.4/ tomcat-10/v10.1.1/ tomcat-8/v8.5.83/ tomcat-9/v9.0.68/

2022-11-24 Thread markt
Author: markt Date: Thu Nov 24 11:46:33 2022 New Revision: 58227 Log: Drop old versions from CDN Removed: release/tomcat/jakartaee-migration/v1.0.4/ release/tomcat/tomcat-10/v10.1.1/ release/tomcat/tomcat-8/v8.5.83/ release/tomcat/tomcat-9/v9.0.68/ --

Re: Handling reports from oss-fuzz

2022-11-24 Thread jean-frederic clere
On 11/24/22 10:13, Mark Thomas wrote: Hi all, We currently receive reports from oss-fuzz to the Tomcat security list. There is a relatively high volume of reports with a very high false positive rate. To date, we haven't had any valid security issues reported. Concern has been expressed that

Re: CDI and injection issues

2022-11-24 Thread Rémy Maucherat
On Thu, Nov 24, 2022 at 10:19 AM Romain Manni-Bucau wrote: > > Le jeu. 24 nov. 2022 à 10:13, Rémy Maucherat a écrit : > > > On Wed, Nov 23, 2022 at 11:10 AM Romain Manni-Bucau > > wrote: > > > > > > Well, it is not that simple. > > > > > > Two notes on that: > > > > > > 1. One point is the API,

Re: CDI and injection issues

2022-11-24 Thread Romain Manni-Bucau
Le jeu. 24 nov. 2022 à 16:58, Rémy Maucherat a écrit : > On Thu, Nov 24, 2022 at 10:19 AM Romain Manni-Bucau > wrote: > > > > Le jeu. 24 nov. 2022 à 10:13, Rémy Maucherat a écrit : > > > > > On Wed, Nov 23, 2022 at 11:10 AM Romain Manni-Bucau > > > wrote: > > > > > > > > Well, it is not that s