Re: [PR] Csrf filter improvements [tomcat]

michael-o commented on code in PR #681: URL: https://github.com/apache/tomcat/pull/681#discussion_r1432402971 ## java/org/apache/catalina/filters/CsrfPreventionFilter.java: ## @@ -53,6 +58,25 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase { private

(tomcat) branch main updated: Update Graal install and options

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 513c62ed82 Update Graal install and options 513c62ed82

(tomcat) branch 10.1.x updated: Update Graal install and options

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 4b5f519268 Update Graal install and options 4b5f51

(tomcat) branch 9.0.x updated: Update Graal install and options

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 92adcbcfb5 Update Graal install and options 92adcbcf

Buildbot success in on tomcat-9.0.x

Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/794 Blamelist: remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 9.0.x] 92adcbcfb5d6ee3d7fedf97f26606e139b3e2db5 Steps: worker_preparation:

Re: [PR] Csrf filter improvements [tomcat]

ChristopherSchultz commented on code in PR #681: URL: https://github.com/apache/tomcat/pull/681#discussion_r1432853641 ## java/org/apache/catalina/filters/CsrfPreventionFilter.java: ## @@ -53,6 +58,25 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase {

Re: [PR] Csrf filter improvements [tomcat]

ChristopherSchultz commented on code in PR #681: URL: https://github.com/apache/tomcat/pull/681#discussion_r1432856054 ## java/org/apache/catalina/filters/CsrfPreventionFilter.java: ## @@ -53,6 +58,25 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase {

Re: [PR] Csrf filter improvements [tomcat]

ChristopherSchultz commented on code in PR #681: URL: https://github.com/apache/tomcat/pull/681#discussion_r1432880460 ## java/org/apache/catalina/filters/CsrfPreventionFilter.java: ## @@ -53,6 +58,25 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase {

[Bug 68378] New: Add MIME type mapping for *.mjs (JavaScript module)

https://bz.apache.org/bugzilla/show_bug.cgi?id=68378 Bug ID: 68378 Summary: Add MIME type mapping for *.mjs (JavaScript module) Product: Tomcat 11 Version: 11.0.0-M15 Hardware: All OS: All Status: NEW Seve

Re: [PR] Csrf filter improvements [tomcat]

michael-o commented on code in PR #681: URL: https://github.com/apache/tomcat/pull/681#discussion_r1432909931 ## java/org/apache/catalina/filters/CsrfPreventionFilter.java: ## @@ -53,6 +58,25 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase { private

[Bug 68312] Virtual threads with Http11Nio2Protocol

https://bz.apache.org/bugzilla/show_bug.cgi?id=68312 Christopher Schultz changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVA

[Bug 68312] Virtual threads with Http11Nio2Protocol

https://bz.apache.org/bugzilla/show_bug.cgi?id=68312 Christopher Schultz changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|---

Re: (tomcat) branch main updated: Fix NIO2 and virtual threads (NIO2 requires ExecutorService)

Mark, Was this back-ported to the 10.1.x branch? I see the back-port to 9.0.x and 8.5.x but not 10.1.x. -chris On 12/8/23 05:27, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apac

Re: (tomcat) branch main updated: Fix NIO2 and virtual threads (NIO2 requires ExecutorService)

On Wed, Dec 20, 2023 at 5:21 PM Christopher Schultz wrote: > > Mark, > > Was this back-ported to the 10.1.x branch? I see the back-port to 9.0.x > and 8.5.x but not 10.1.x. It's fine: https://github.com/apache/tomcat/commit/2b3f0f09641e0d8504a114cf296a18d66039266b Rémy > -chris > > On 12/8/23

Re: [PR] Csrf filter improvements [tomcat]

kkolinko commented on PR #681: URL: https://github.com/apache/tomcat/pull/681#issuecomment-1864808958 1. There are case-insensitive file systems out there... I wonder whether those default extensions should be treated case-insensitively. (If one is serving a web site from an USB stick or a

[Bug 68312] Virtual threads with Http11Nio2Protocol

https://bz.apache.org/bugzilla/show_bug.cgi?id=68312 --- Comment #3 from Christopher Schultz --- And Tomcat 10.1: 2b3f0f09641e0d8504a114cf296a18d66039266b will be in 10.1.18 -- You are receiving this mail because: You are the assignee for the bug. ---

Re: [PR] Csrf filter improvements [tomcat]

ChristopherSchultz commented on PR #681: URL: https://github.com/apache/tomcat/pull/681#issuecomment-1864828084 > 1. There are case-insensitive file systems out there... I wonder whether those default extensions should be treated case-insensitively. (If one is serving a web site from an USB

Re: TCK servlet TCK 6.0

On 12/19/23 18:37, Mark Thomas wrote: On 19/12/2023 13:05, jean-frederic clere wrote: Hi, I have tried to run the TCK against Tomcat-10.1.17 I have 12 failed tests. Before investigating I have questions: Did someone run the servlet TCK recently? Not recently but I have run it. Are some te

Re: Backporting patch for CVE-2023-46589 to Tomcat 8.0.14

We, the RECDO organization is a legally registerednon-profit entity based in Kantale, Trincomalle. RECDO was established in 2000and serves marginalized communities in the Eastern Province, particularly theTrincomalee District. Our work focuses on the following thematic areas:community policin

svn commit: r1914805 - in /tomcat/site/trunk: docs/index.html xdocs/index.xml

Author: schultz Date: Wed Dec 20 17:13:20 2023 New Revision: 1914805 URL: http://svn.apache.org/viewvc?rev=1914805&view=rev Log: Fix typo Modified: tomcat/site/trunk/docs/index.html tomcat/site/trunk/xdocs/index.xml Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/

Re: [PR] Csrf filter improvements [tomcat]

kkolinko commented on PR #681: URL: https://github.com/apache/tomcat/pull/681#issuecomment-1864873921 Re 4: I think that if one is wise enough to write a RegExp, they could use "|" to combine several patterns, and do not really need splitting by comma. Or do you envision a use case, where d

Re: [PR] Csrf filter improvements [tomcat]

kkolinko commented on PR #681: URL: https://github.com/apache/tomcat/pull/681#issuecomment-1864889547 Re 8: Whatever is easier. (Maybe it will be easier to extract some logic into an utility class and test that utility class. My concern is just that the logic is not trivial, is complicat

Re: [PR] Csrf filter improvements [tomcat]

ChristopherSchultz commented on PR #681: URL: https://github.com/apache/tomcat/pull/681#issuecomment-1864951885 > Re 4: I think that if one is wise enough to write a RegExp, they could use "|" to combine several patterns, and do not really need splitting by comma. Or do you envision a use c

Re: [PR] Csrf filter improvements [tomcat]

michael-o commented on code in PR #681: URL: https://github.com/apache/tomcat/pull/681#discussion_r1433225531 ## java/org/apache/catalina/filters/CsrfPreventionFilter.java: ## @@ -198,15 +416,27 @@ protected boolean skipNonceCheck(HttpServletRequest request) { String