https://bz.apache.org/bugzilla/show_bug.cgi?id=69607
--- Comment #8 from sve...@redseal.net ---
We have a getWebSocketUpdate() method in
org.apache.tomcat.websocket.server.UpgradeUtil class which causes the issue.
private static String getWebSocketAccept(String key) {
byte[] digest =
Conc
https://bz.apache.org/bugzilla/show_bug.cgi?id=69608
--- Comment #3 from Remy Maucherat ---
Also, the link taks about GC pauses. This is normal behavior, although of
course this can impact the response times for Tomcat and as a result this
requires fine tuning to avoid.
However, here the claim i
https://bz.apache.org/bugzilla/show_bug.cgi?id=69607
--- Comment #7 from Christopher Schultz ---
I don't know of a way to reliable check to see if a JSSE provider is in FIPS
mode or not.
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=69607
--- Comment #9 from Christopher Schultz ---
I would have no problem adding try/catch around those static initializer calls
to init(MD5) and init(SHA1) and just ignore IllegalArgumentException (with a
log).
--
You are receiving this mail becau
Chenjp commented on code in PR #794:
URL: https://github.com/apache/tomcat/pull/794#discussion_r1986715975
##
java/org/apache/catalina/util/TimeBucketCounterBase.java:
##
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor
Although the test run was triggered by my recent commit, the failures
during the unit tests seem to be unrelated to my changes
(TestExtendedAccessLogValve and TestRateLimitFilterWithExactRateLimiter).
Best regards,
Rainer
-
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/44/builds/1657
Blamelist: Mark Thomas , Rainer Jung
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch 10.1.x] 855a8d3bed87a22a0380f6
On Mon, Mar 10, 2025 at 1:05 PM Rainer Jung wrote:
>
> Am 10.03.25 um 12:41 schrieb build...@apache.org:
> > Build status: BUILD FAILED: failed compile (failure)
> > Worker used: bb_worker2_ubuntu
> > URL: https://ci2.apache.org/#builders/120/builds/435
> > Blamelist: Rainer Jung
> > Build Text:
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0c2dddbd7a Tab and space police - sorry
0c2dddbd7a is
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9559e1b623 Add back wine support for building the Win
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 855a8d3bed Tab and space police - sorry
855a8d3be
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 625c6a5755 Remove unused property
625c6a5755 is d
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 6c98654f01 Remove unused property
6c98654f01 is d
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e682381c83 Remove unused property
e682381c83 is des
https://bz.apache.org/bugzilla/show_bug.cgi?id=69607
--- Comment #5 from Mark Thomas ---
Just considering options for addressing this. When running in FIPS mode, is the
issue that re
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=69607
--- Comment #6 from Mark Thomas ---
Sorry - keyboard error. Try again.
Just considering options for addressing this. When running in FIPS mode, is the
issue that requesting MD5 triggers an exception from the FIPS provider that
Tomcat doesn't h
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1563
Blamelist: Mark Thomas
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch 11.0.x] 3f6d75168d65d224f6997ba7b9135e618a1
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 46a01b5f0c Handle eviction running over a bucket bo
markt-asf commented on code in PR #794:
URL: https://github.com/apache/tomcat/pull/794#discussion_r1986890371
##
java/org/apache/catalina/util/TimeBucketCounterBase.java:
##
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contribu
markt-asf closed pull request #794: enhancement: RateLimitFilter - Provides an
exact rate limiting mechanism
URL: https://github.com/apache/tomcat/pull/794
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new f8e0c4ef07 Handle eviction running over a bucket boun
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new f958f063cb Handle eviction running over a bucket
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new b6518bd871 Fix Javadoc warning
b6518bd871 is desc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new c21adaa293 Fix Javadoc warning
c21adaa293 is desc
markt-asf commented on PR #794:
URL: https://github.com/apache/tomcat/pull/794#issuecomment-2709904059
Closing as I believe all points raised in this PR have now been addressed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 810c5b78e5 Tab and space police - sorry
810c5b78e5
https://bz.apache.org/bugzilla/show_bug.cgi?id=69608
Mark Thomas changed:
What|Removed |Added
Status|NEW |NEEDINFO
Severity|critical
https://bz.apache.org/bugzilla/show_bug.cgi?id=69608
--- Comment #4 from Praddy ---
(In reply to Christopher Schultz from comment #2)
> No Java version mentioned, no GC settings mentioned.
I'm using OpenJDK 21, I did not mention any GC(which defaults to G1GC) in the
options just used -Xms2g -Xmx6
https://bz.apache.org/bugzilla/show_bug.cgi?id=69608
--- Comment #2 from Christopher Schultz ---
No Java version mentioned, no GC settings mentioned.
This is not really a valid report.
Tomcat does not have any direct control over when and how Garbage Collection
activities occur within the Java
Author: markt
Date: Mon Mar 10 16:36:01 2025
New Revision: 1924274
URL: http://svn.apache.org/viewvc?rev=1924274&view=rev
Log:
Publish CVE-2025-24813
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-11.html
tomcat/site/trunk/docs/security-9.html
to
CVE-2025-24813 Potential RCE and/or information disclosure and/or
information corruption with partial PUT
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0.M1 to 9.0.98
Descrip
Am 04.03.25 um 10:34 schrieb Rainer Jung:
Hi all,
...
The rough idea is: switch back to a multi step build, first generate the
uninstaller, sign it, then generate the real installer an sign it. But
avoid the need to run the temporary installer. How? NSIS does not have
an explicit statement
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 22292fd1ce Tab and space police - sorry
22292fd1c
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 3f6d75168d Handle eviction running over a bucket
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 56bbec8d0d Add back wine support for building the
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 9dc5126fe3 Add back wine support for building the
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 3388715b21 Add back wine support for building the W
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 639ba60ad9 Fix Javadoc warning
639ba60ad9 is descri
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4f5b2e216b Remove unused property
4f5b2e216b is descr
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/120/builds/435
Blamelist: Rainer Jung
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch main] 0c2dddbd7a44eb59b93824422a76ff8cf3e1ed
https://bz.apache.org/bugzilla/show_bug.cgi?id=69608
--- Comment #5 from Praddy ---
(In reply to Remy Maucherat from comment #3)
> Also, the link taks about GC pauses. This is normal behavior, although of
> course this can impact the response times for Tomcat and as a result this
> requires fine
Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/120/builds/433
Blamelist: Mark Thomas , remm
Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch main] f8e0c4ef071d119b7812995d01edc0a8517aaa34
Steps:
worke
https://bz.apache.org/bugzilla/show_bug.cgi?id=69608
Bug ID: 69608
Summary: JSP Servlet engine is garbage collected leading to
Denial of service
Product: Tomcat 10
Version: unspecified
Hardware: All
OS: All
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a0b928427a Fix Javadoc warning
a0b928427a is describe
Am 10.03.25 um 12:41 schrieb build...@apache.org:
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/120/builds/435
Blamelist: Rainer Jung
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp:
45 matches
Mail list logo
