On Wed, Mar 8, 2023 at 8:37 PM Igal Sapir wrote:
>
> All,
>
> I would like to add a Rate Limiter Filter or Valve which will help mitigate
> DoS and Brute Force attacks, and want to get feedback from the community
> and the PMC. The checks will run before the request reaches the servlet
> and will
https://bz.apache.org/bugzilla/show_bug.cgi?id=66508
--- Comment #7 from Mark Thomas ---
If it helps, dev build with the fix is available from:
https://people.apache.org/~markt/dev/v9.0.74-dev/
Note:
- this is not an official release
- use it at your own risk
--
You are receiving this mail be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 02d21de32c Try and keep attributes in alphabetical or
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new f467bfe15c Try and keep attributes in alphabetica
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 87b268a95d Try and keep attributes in alphabetical
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 73e638440f Try and keep attributes in alphabetical
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b6837648fc Update meaning of maxParameterCount to inc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8a7ea2bc4e Update meaning of maxParameterCount to
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 1679ced19a Update meaning of maxParameterCount to i
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 71ed8cd98d Update meaning of maxParameterCount to i
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0a13efb7c4 Fix grammar
0a13efb7c4 is described below
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 4cd826addb Fix grammar
4cd826addb is described be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d0642b50d8 Fix grammar
d0642b50d8 is described belo
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 61a48cfb59 Fix grammar
61a48cfb59 is described belo
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new d5ead98581 Harden FORM authentication by limiting ses
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new fe6ffca0a3 Harden FORM authentication by limiting
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new fea89e2128 Harden FORM authentication by limiting s
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7b321d7de9 Harden FORM authentication by limiting s
Hi all,
In the context of CVE-2023-24998 (performance issues for large numbers
of uploaded parts), I have been wondering about reducing the default
value for maxParameterCount.
The current default for maxParameterCount is 10,000. It was set based on
it being low enough to mitigate CVE-2012-0
Build status: BUILD FAILED: failed Snapshot deployed to ASF Maven snapshot
repository (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/44/builds/708
Blamelist: Mark Thomas
Build Text: failed Snapshot deployed to ASF Maven snapshot repository (failure)
Status Detected
ChristopherSchultz commented on PR #596:
URL: https://github.com/apache/tomcat/pull/596#issuecomment-1462052065
> @ChristopherSchultz Is there a list of supported database systems with
which the DataSourceStore is compatible? Are you sure that they all support
"SELECT FOR UPDATE"? I tried t
ChristopherSchultz commented on code in PR #596:
URL: https://github.com/apache/tomcat/pull/596#discussion_r1131019399
##
java/org/apache/catalina/session/DataSourceStore.java:
##
@@ -626,15 +626,77 @@ public void save(Session session) throws IOException {
b
ChristopherSchultz commented on code in PR #596:
URL: https://github.com/apache/tomcat/pull/596#discussion_r1131033698
##
java/org/apache/catalina/session/DataSourceStore.java:
##
@@ -626,15 +626,77 @@ public void save(Session session) throws IOException {
b
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a53eece969 Improve Javadoc
a53eece969 is described be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8c441e35b5 Improve Javadoc
8c441e35b5 is describe
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 21c16a86c2 Improve Javadoc
21c16a86c2 is described
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 023aa4e0d7 Improve Javadoc
023aa4e0d7 is described
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 166581b1d7 Remove unnecessary duplication of Java
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new e6744b4a40 Remove unnecessary duplication of Javado
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from a53eece969 Improve Javadoc
add 5d5e60b1fe Remove unnecessary duplication of Javadoc
No new revisions were added by
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new a1e60f36b4 Remove unnecessary duplication of Javado
Mark,
On 3/9/23 05:56, Mark Thomas wrote:
Hi all,
In the context of CVE-2023-24998 (performance issues for large numbers
of uploaded parts), I have been wondering about reducing the default
value for maxParameterCount.
The current default for maxParameterCount is 10,000. It was set based on
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8110b3d5fc Remove unnecessary Javadoc
8110b3d5fc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 43f4b5779a Remove unnecessary Javadoc
43f4b5779a is d
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9b4e9ea182 Remove unnecessary Javadoc
9b4e9ea182 is
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new b6a326 Remove unnecessary Javadoc
b6a326 is
All,
Please have a look at DataSourceStore.java:629
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/session/DataSourceStore.java#L629
It looks to be like the byte array which contains the session data is
being first wrapped in a ByteArrayInputStream (which is necessary to
Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/44/builds/709
Blamelist: Mark Thomas
Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 10.1.x] 166581b1d76c5ae95881ccc2183f4d9ffa096d35
Steps:
worker_prep
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 16ed41df3b Rename digests to remove reference to spec
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d543e8e57b Rename digests to remove reference to sp
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new e46f1f79d4 Rename digests to remove reference to
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 5914457f10 Fix back-port
5914457f10 is described be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 149aa95a01 Rename digests to remove reference to sp
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/36/builds/425
Blamelist: Mark Thomas
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch 8.5.x] d543e8e57b77a4e6ce1fa881a28a4cea12366a
isapir commented on code in PR #596:
URL: https://github.com/apache/tomcat/pull/596#discussion_r1131364805
##
java/org/apache/catalina/session/DataSourceStore.java:
##
@@ -626,15 +626,77 @@ public void save(Session session) throws IOException {
byte[] obs =
isapir commented on PR #596:
URL: https://github.com/apache/tomcat/pull/596#issuecomment-1462467192
Yeah, I guess that site is not up to date. I also used SELECT FOR UPDATE in
MySQL 5.7.
There is also INSERT ON CONFLICT UPDATE support in MySQL and Postgres, but
it would be difficult
Build status: BUILD FAILED: failed compile (failure) Logs copied. (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/37/builds/490
Blamelist: Mark Thomas
Build Text: failed compile (failure) Logs copied. (failure)
Status Detected: new failure
Build Source Stamp: [branch
> On Mar 9, 2023, at 22:52, Christopher Schultz
> wrote:
>
> All,
>
> Please have a look at DataSourceStore.java:629
>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/session/DataSourceStore.java#L629
>
> It looks to be like the byte array which contains the session d
aooohan commented on PR #596:
URL: https://github.com/apache/tomcat/pull/596#issuecomment-1463201626
I have a question that why we don't add a real **primary
key**(auto-increment) to solve the problem that primary key constraint
violation when insert data to database simultaneously? And we
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c8fba3264d Improved regexp performance: "a-zA-Z0-9_"
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 7ed9261493 Improved regexp performance: "a-zA-Z0-
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6918c28c77 Improved regexp performance: "a-zA-Z0-9_
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 3f01b8bdec Improved regexp performance: "a-zA-Z0-9_
aooohan closed pull request #592: Improved regexp performance: "a-zA-Z0-9_" ->
"\w"
URL: https://github.com/apache/tomcat/pull/592
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific commen
aooohan commented on PR #592:
URL: https://github.com/apache/tomcat/pull/592#issuecomment-1463387623
Merge manually, thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
55 matches
Mail list logo
