Rainer Jung wrote:
> Apache Tomcat Connectors 1.2.23 is:
> [X] Stable - no major issues, no regressions
> [ ] Beta - at least one significant issue -- tell us what it is
> [ ] Alpha - multiple significant issues -- tell us what they are
No testing. I only reviewed the commit messages for 1.2.23
M
/tomcat-docs/appdev/sample/web/hello.jsp?test=alert(document.domain)
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTxLXb7IeiTPGAkMRAhPzAKDxibK3Cn9Dq
Guenter Knauf wrote:
> this makes me ask a couple of questions:
Remember we only *have* to make the source available. Anything we do
on the binary front is just being helpful and the release manager is
unlikely to have access to build binaries for all platforms.
> 1) why do some folders list older
Guenter Knauf wrote:
>>> 3) where do the older versions go?
>> They are automatically copied to archive.apache.org which is linked
>> off the Tomcat homepage.
> I found though that the README.html files which are commonly used to provide
> further informations about the releases are not copied.
Fo
Bill Barker wrote:
> <[EMAIL PROTECTED]> wrote in message
>> +The Apache httpd DocumentRoot should not overlap with a Tomcat
>> Host's
>> +appBase or the docBase of any Context. Configuring httpd/Tomcat this way
>> is very
>> +likely to result in JSP source code disclosure and/or other security
[EMAIL PROTECTED] wrote:
> Author: markt
> Date: Sun Jun 3 20:22:01 2007
> New Revision: 544037
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=544037
> Log:
> A better warning for the httpd docs.
As per Bill's suggestion, I have improved the warning I added a couple
of days ago.
The jk guru
Mladen Turk wrote:
> William A. Rowe, Jr. wrote:
>> [EMAIL PROTECTED] wrote:
>>> Add simple URI normalizer that can deal with things like %252e%252e.
>>> This is mostly copy/paste from the IIS module
>>
>> You have me way confused ;-)
>>
>
> How it works:
> Imagine you have two applications on Tom
Mladen Turk wrote:
> Mark Thomas wrote:
>>> mod_jk 1.2.23 (with default passing r->unparsed_uri) will return 404
>>> from Tomcat becasue it will pass the original uri, not the one Httpd
>>> already unfolded)
>> This is correct and provides consistent behavi
Mladen Turk wrote:
> Mark Thomas wrote:
>>
>>> Did I mention that uri is *not* decoded twice?
>>
>> You did and I still don't agree. The root cause of CVE-2007-1860 was a
>> double decoding. Once in httpd/mod_jk and once in Tomcat.
>>
>
> Wh
Mladen Turk wrote:
> Mark Thomas wrot:
>> Test 1: Tomcat only
>> http://localhost:8080/jsp-examples/%252e%252e/servlets-examples/index.html
>>
>> This correctly showed the index.html I created above.
>
> But this is oxymoron. You wish to serve the content from
Mladen Turk wrote:
> Jean-Frederic wrote:
Add ForwardURIProxy to the URl handling option.
common/jk_url.c is just a porting of the routines
from proxy_util.c (Apache httpd).
>>> After quite a few discussions, I think this should be the only mode
> available for URI handling, as the t
;alert()test.jsp
Credit:
These issues were discovered by an unknown security researcher and
reported to JPCERT.
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http
y Daiki Fukumori, Secure Sky Technology.
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGcKdkb7IeiTPGAkMRAt1IAKCR47H3juKSvEdGwymOMCpKZdXi8wCgvrzl
aQ
Filip Hanik - Dev Lists wrote:
> http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.24/
> will let these sit to mid next week, and then we can take a vote.
> feedback between now and then is welcome at any time.
One minor issue, the source zip (and I suspect the tarball) contains a
number of
Remy Maucherat wrote:
> [EMAIL PROTECTED] wrote:
>> Author: markt
>> Date: Sat Jun 16 08:39:21 2007
>> New Revision: 547932
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=547932
>> Log:
>> Port fix bug 42643. Prevent creation of duplicate function mapper
>> variables.
>
> What is the actual
atul wrote:
> Is there a way in tomcat to re-negotiate client certificate after the http
> session has been invalidated (it had been successfully authenticated once
> before) in the app. i.e. without closing and starting a new client browser.
> I tried accessing request attributes javax.servlet.r
. Escape values obtained from Accept-Language header before use.
Credit:
This issue was reported by Masato Anzai and Toshiharu Sugiyama.
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla
jtigre wrote:
>
> Hi,
> Sorry for being little over descriptive here.
This is a question for the users list.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Filip Hanik - Dev Lists wrote:
> I would suggest org.apache.tomcat.comet, pretty much standard across ASF
> java projects to have org.apache..
>
> no reason to create even more divergence in Tomcat, rather start
> consolidating it
+1
Mark
--
jean-frederic clere wrote:
> Hi,
>
> The examples (servlet and JSP) have caused a list of security issues.
> I think we should remove them from the Tomcat binary packages (6.0 and
> 5.x at least).
> Any comments?
+0.
If they are removed I would suggest replacing them with a page that
points to t
Ste2kF wrote:
> hello
> I write in order to ask to you if tomacat is in program the release for
> windows 2003 server 64 bit
> (sorry for my engliish not OK)
> Thanks
> Stefano (Italy)
Stefano,
This is a question for the users list, not the dev list.
Mark
---
/sendmail.jsp
enter the following text
alert('XSS reflected')
in the From field and click Send.
References:
http://tomcat.apache.org/security.html
Mark Thomas
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional comman
Remy Maucherat wrote:
> [EMAIL PROTECTED] wrote:
>> Author: markt
>> Date: Mon Jul 30 16:37:47 2007
>> New Revision: 561186
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=561186
>> Log:
>> Fix WebDAV for MS clients.
>> Fix error message when there is no request content
>> Ported from TC5
>>
>
Remy Maucherat wrote:
> The candidates binaries are available here:
> http://people.apache.org/~remm/tomcat-6/v6.0.14/
>
> According to the release process, the 6.0.14 tag is:
> [ ] Broken
> [ ] Alpha
> [ ] Beta
> [X] Stable
No issues found.
Mark
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3384: XSS in Tomcat cookies example
Severity:
Low (Cross-site scripting)
Vendor:
The Apache Software Foundation
Versions Affected:
3.3 to 3.3.2
Description:
When reporting error messages, Tomcat does not filter user supplied
data before di
All,
Sorry about the deluge of commit mails this evening. The bulk of the
TC6 source now passes the checks in the insert_licence.pl script.
There are, however, a few remaining files that require further
checking. These are ones that are currently dual or non-AL2 licensed.
They are:
1.
http://svn
Remy Maucherat wrote:
> [EMAIL PROTECTED] wrote:
>> Author: markt
>> Date: Sat Aug 4 21:12:49 2007
>> New Revision: 562818
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=562818
>> Log:
>> Add license to a file I missed.
>
> All this "adding license header" in non source resources does not m
3B
References:
http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGwSFVb7IeiTPGAkMRAjkwAKDnu+C08WRZazmZfzunFeHcitsvnACg3CtP
6c6FCxbFOcfxhqqayg8kdUI=
=MkDj
-END
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3385: Handling of \" in cookies
Severity:
Low (Session Hi-jacking)
Vendor:
The Apache Software Foundation
Versions Affected:
6.0.0 to 6.0.13
5.5.0 to 5.5.24
5.0.0 to 5.0.30
4.1.0 to 4.1.36
3.3 to 3.3.2
Description:
Tomcat incorrectly handl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3386: XSS in Host Manager
Severity:
Low (Cross-site scripting)
Vendor:
The Apache Software Foundation
Versions Affected:
6.0.0 to 6.0.13
5.5.0 to 5.5.24
Description:
The Host Manager Servlet does not filter user supplied data before
displa
Bill Barker wrote:
> I'm so tired of this thread, so let's settle it once and for all. I'm
> backing Remy's suggestion to send the current trunk to the sandbox:
> [X] +1 Let's end the revolution
> [ ] +0 What revolution?
> [ ] -1 Viva the revolultion
This applies to this proposal only. Other cha
jean-frederic clere wrote:
> I would also propose that we take an handling of releases similar to httpd.
> See http://svn.apache.org/repos/asf/httpd/httpd/
-1 for review-then-commit for all commits.
Commit-then-review has worked well for us and I see no reason to move
to the additional overhead a
Mark Thomas wrote:
> Bill Barker wrote:
>> I'm so tired of this thread, so let's settle it once and for all. I'm
>> backing Remy's suggestion to send the current trunk to the sandbox:
>> [X] +1 Let's end the revolution
>> [ ] +0 What revoluti
Filip Hanik - Dev Lists wrote:
> Release candidate can be found at
> http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.25/
>
> I will run the TCK tests on it, and then we can have a vote next week,
Looks good so far on some basic tests.
Mark
---
Ing. Diego Trombetta wrote:
>> Note: I don't think it's right to write the DB according to what the
>> application server imposes!
Just use a view.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail
Mladen Turk wrote:
> [EMAIL PROTECTED] wrote:
>> Author: markt
>> Date: Wed Aug 29 18:14:11 2007
>> New Revision: 571006
>>
>> URL: http://svn.apache.org/viewvc?rev=571006&view=rev
>> Log:
>> Remove source for mod_proxy_ajp that moved to httpd some time ago.
>>
>
> Why the hell did you do that?
B
William A. Rowe, Jr. wrote:
> Mladen Turk wrote:
>> Right. Deleting entire trees from SVN should at least be
>> preceded by some note of intention.
>
> +1. A heads up is always a good idea ;-)
Noted. Sorry for the hassle. Will do in future.
Mark
---
Jeanfrancois Arcand wrote:
> Hi Mark,
>
> sorry for the delay...vacation time :-)
No problem.
>> 1.
>> http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/javax/servlet/package.html
>> http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/javax/servlet/http/package.html
>>
>> Jean-Fran
Filip Hanik - Dev Lists wrote:
> Candidate binaries are available here:
> http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.25/
>
> According to the (slightly) updated release process, the 5.5.25 tag is:
> [ ] Broken
> [ ] Alpha
> [ ] Beta
> [X] Stable
It has been running on our dev environ
Remy Maucherat wrote:
>
> [X] +1
> [ ] 0
> [ ] -1
>
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hi,
Following on from my previous over eager attempt to clean up the
duplicate code in connectors I would like to propose the following
- remove connectors/trunk/ajp/CHANGES
- remove connectors/trunk/ajp/proxy
- move connectors/trunk/ajp/ajplib to connectors/trunk/ajplib
Thoughts?
Mark
---
Mladen Turk wrote:
> I propose we create connectors/sanbox and move the
> trunk/ajp/* code in there.
> ajp/proxy code can be removed of course.
Could we just move it to tomcat/sandbox as that already exists?
Mark
-
To unsubscrib
Mladen Turk wrote:
> Mark Thomas wrote:
>> Mladen Turk wrote:
>>> I propose we create connectors/sanbox and move the
>>> trunk/ajp/* code in there.
>>> ajp/proxy code can be removed of course.
>>
>> Could we just move it to tomcat/sandbox as that al
jean-frederic clere wrote:
> The votes will get in a file named STATUS file and once accepted in a
> file named CHANGES.
> The proposal of backports/fixes should be a description of the
> feature/PR number and a link to a commit (in another branch or sandbox)
> or a patch (diff -u) against the bran
Ashish Jain wrote:
> Hi All!!
>
> I am new to Tomcat. Can someone tell me what is new in Tomcat 6.0 compared
> to the last version.
This question should be posted to the users list. See
http://tomcat.apache.org/lists.html
Mark
--
Daniel Schwartz wrote:
>
> http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.17/bin/apache-tomcat-5.5.17.exe
>
> appears to be corrupted.
Using what criteria? It looks fine to me. It downloads, it runs, it
Tomcat starts at the end of the install...
> In fact it seems to be about half the si
Jim Jagielski wrote:
> How about:
>
>o CTR on trunk
>
>o Various release branches are made (ala httpd, apr, etc...).
> These include a STATUS file.
>
>o All code applied to the release branch is under
> lazy consensus but *must* be specified in STATUS.
> (eg: "I plan o
Jim Jagielski wrote:
>
> On Sep 10, 2007, at 8:00 PM, Mark Thomas wrote:
>
>> Jim Jagielski wrote:
>>> How about:
>>>
>>>o CTR on trunk
>>>
>>>o Various release branches are made (ala httpd, apr, etc...).
>>> Thes
Jim Jagielski wrote:
>
> On Sep 10, 2007, at 4:47 PM, Remy Maucherat wrote:
>
>>
>> The main idea is that since there's only one trunk branch, there
>> should be agreement on APIs and important topics to proceed
>>
>
> ++1. So let's start that now. Since there is not agreement on APIs,
> how do
Filip Hanik - Dev Lists wrote:
> Mark Thomas wrote:
>>> On Sep 10, 2007, at 4:47 PM, Remy Maucherat wrote:
>>>
>>>
>>>> The main idea is that since there's only one trunk branch, there
>>>> should be agreement on APIs and important
Remy Maucherat wrote:
> Tim Funk wrote:
>> 2) If a deploy tool is used which is doing checks - adding an extra
>> check to allow/deny/restrict scope should not be too hard to do. Since
>> users can disable symlink checks in the same class (FileDirContext) -
>> the same exposure could be had with a
xiaojing xu wrote:
> Although I can change the getPassword function in JNDIRealm, I still
> want to know if tomcat can implement JNDIRealm
> in http digest mode without change code
No. See http://issues.apache.org/bugzilla/show_bug.cgi?id=37984
Mark
xiaojing xu wrote:
>I think this bug is different from my problem.I want to use http digest
> mode
> (RFC2617 HTTP Authentication: Basic and Digest Access Authentication).
> And the bug 37984 just want to resolve password in MD5 digest(may be
> not use http digest mode).
Sorry - my bad. Too m
Thomas Colin de Verdière wrote:
> Sorry to bother again i'd like to know if someone has been informed that
> the bug 38797 has been REOPENED.
Every bugzilla update gets e-mailed to this list, so yes we have all
been informed.
(And i did). I REOPENED the bug 38797
> because i think it is not corr
Wiki config test.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
All,
I think the wiki is probably the best place to start drafting a new set
of commit guidelines to cover what branches we have (and what state they
are in), what is RTC, what is CTR, etc.
However, I didn't want to propose we use the wiki whilst we weren't
getting wiki diffs on the dev list. I h
Jim Jagielski wrote:
>[X] +1. Yes, the above works and addresses my concerns
>as well as the problems which started this whole
>thing.
>[ ] 0. Whatever.
>[ ] -1. The above does not work for the following reasons:
>
With the following caveats:
- There is only
quanxin zhu wrote:
> I setup a tomcat server 1 using client authentication, and deployed a
> webservice on it.
> So, when invoke the webservice, a certification is needed.
> In server 2 , I want a servlet to invoke the webservice in server 1.
> could server 2 automatically provide its certification
Lucas Galfaso wrote:
> Hi,
> I am looking at the Tomcat 6 code and checking out the the
> possibility of collaborating with the project, and one thing that pops
> up is that the entire code base is not using Java 5 syntax. Was this
> syntax avoided for a specific reason?
The code is based on (ac
In light of the recent vote, we need to make some changes to svn. In
short we need to add:
6.2.x
trunk
There are a number of ways we could do this. I suggest:
svn cp https://svn.apache.org/repos/asf/tomcat/tc6.0.x
https://svn.apache.org/repos/asf/tomcat/tc6.2.x
svn cp https://svn.apache.org/repo
William A. Rowe, Jr. wrote:
> Mark Thomas wrote:
>> In light of the recent vote, we need to make some changes to svn. In
>> short we need to add:
>> 6.2.x
>
> ? Where is 6.1.0, or in other words, why the skip?
The idea was to use even numbers for stable releases, od
William A. Rowe, Jr. wrote:
> Actually, the way it typically works at httpd-space (which your new
> policy is based on) is that you would next create 6.1.0 as a forever
> development branch. Committers apply each patch they believe belongs
> to the 6.2.0 release, and things are removed and readded
Next attempt.
Taking account of the comments so far, a slightly modified proposal is
below.
svn cp https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk
https://svn.apache.org/repos/asf/tomcat/trunk
svn cp https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_14
https://svn.apache.org/
jean-frederic clere wrote:
> Remy Maucherat wrote:
>> Mark Thomas wrote:
>>> Next attempt.
>>>
>>> Taking account of the comments so far, a slightly modified proposal is
>>> below.
>>>
>>> svn cp https://svn.apache.org/repos/asf/t
Remy Maucherat wrote:
> Mark Thomas wrote:
>> Next attempt.
>>
>> Taking account of the comments so far, a slightly modified proposal is
>> below.
>>
>> svn cp https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk
>> https://svn.apache.org/repos/asf/tom
After the latest round of comments, the plan is:
Tag 6.0.15 early next week.
svn cp
https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
https://svn.apache.org/repos/asf/tomcat/tc6.1.0/trunk
https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
https://svn.apache.org/r
Peter Rossbach wrote:
> OK!
>
> How we can easier promote and discuss those patches? You are right, an
> email threads are not easy to reference at STATUS file. Arrg!
> I don't think that the apache developer home folder are the right place
> for those patches!
It will do for now. Once we have t
A vulnerability in the Apache Tomcat webdav servlet was publicly
disclosed on full-disclosure yesterday, 14-Oct-2007.[1]
The Tomcat security team has evaluated this vulnerability and
determined that default installations of Tomcat 6.0.x, 5.5.x and 4.1.x
and not affected.
In order to be affected s
Paul Shemansky wrote:
> Key features that may be useful to us are :
>
> - The Standard Directory Layout - Specifically, multi-module builds.
> This might make managing individual components easier for catalina,
> coyote, naming, jsp/servlet api/implementation, connector, etc.
"might" isn't a comp
All,
I would like to propose that we have reached the time where Tomcat
5.0.x should be archived. What this means in practice is:
- Sending an announcement out that no further work, including security
patches will be performed on 5.0.x. Current 5.0.x users are encouraged
to upgrade to 5.5.x or, i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please that an additional patch has been developed as a result of
further investigation.
A vulnerability in the Apache Tomcat webdav servlet was publicly
disclosed on full-disclosure on 14-Oct-2007.[1]
The Tomcat security team has evaluated this vuln
Rémy Maucherat wrote:
> Since it's an obvious hacking attempt, I chose to use this method
> instead:
> documentBuilder.setEntityResolver
> (new EntityResolver() {
> public InputSource resolveEntity(String publicId,
> String systemId)
>
William L. Thomson Jr. wrote:
> I take it down streams should run with the first patches to work around
> this vulnerability till next release. I already applied the one liner,
> kinda glad I did not apply the other last night ;) Please advise,
> thanks.
You need a version of the second patch for
Santosh [ಸಂತೋಷ ] wrote:
> Hi all,
>
> How about adding this feature to tomcat. A option in manager/admin to see
> the log file output in webpage. It will reduce the time to login into the
> system(if TC is installed in remote machine then open the log file and
> see.
Take a look at lambdaprobe. I
William L. Thomson Jr. wrote:
> Mostly because
> to my understanding one must be authorized in webdav or etc to be able
> to exploit the vulnerability.
To be clear, authorisation is not required for this vulnerability. Of
course, if you open up write access without authorisation then you are
taki
The Apache Tomcat team wishes to announce that Tomcat 5.0.x will no
longer be supported.
Users are encouraged to upgrade to the latest stable 6.x release or,
if that is not practical, the latest stable 5.5.x for continued support.
Kind regards,
The Apache Tomcat team
---
Henri Gomez wrote:
> Hi to all,
>
> I tried to make use of tcnative-1.dll (from
> http://tomcat.heanet.ie/native/1.1.10/binaries/win32/) and installed
> it under windows directory.
>
> At runtime, Vista complains about it.
How does it complain?
Mark
---
banderson wrote:
> Thank you for your help, I look forward to learning and participating in
> these discussions.
This is a question for the users list.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-
All,
Sorry about the noise. Roll on svn 1.5 when you can do all of this in
a single commit.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
William A. Rowe, Jr. wrote:
> [EMAIL PROTECTED] wrote:
>> Author: markt
>> Date: Fri Oct 26 19:02:00 2007
>> New Revision: 589039
>>
>> URL: http://svn.apache.org/viewvc?rev=589039&view=rev
>> Log:
>> Move site tag to archive
>
> Can we please beg that next time you do this atomically?
I did spen
Kevin Jackson wrote:
> Hi,
>
> I need to extend the webdav servlet so that I can store files outside
> of the application context.
>
> Looking at the source for the servlet I think getRelativePath and
> (perhaps normalize) need to be changed.
It will be much more invasive than that. The WebDAV s
Bill Barker wrote:
> <[EMAIL PROTECTED]> wrote in message
>> +* Fix BZ 43675 - Possible logging related classloader leak
>> + http://people.apache.org/~markt/patches/2007-10-30-Bug43675.patch
>> + +1: markt
>> + -1:
>
> I get a 404 on this one :(.
Sorry. Fixed now.
Mark
Mark Thomas wrote:
> svn cp
> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
> https://svn.apache.org/repos/asf/tomcat/tc6.1.0/trunk
>
> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
> https://svn.apache.org/repos/asf/tomcat/trunk
>
&
jean-frederic clere wrote:
> Why Friday? Shouldn't we wait until 6.0.15 (or 6.0.15 + n) is voted stable?
We can do if that is the preference. My motivation is that I am keen to get
back to a CTR codebase asap as I find only having RTC a real pain.
Mark
--
Filip Hanik - Dev Lists wrote:
> Mark Thomas wrote:
>> jean-frederic clere wrote:
>>
>>> Why Friday? Shouldn't we wait until 6.0.15 (or 6.0.15 + n) is voted
>>> stable?
>>>
>>s
>> We can do if that is the preference. My motivation
After some more refinements, the plan to get us from where we are (RTC on a
stable 6.0.x branch) to where we want to be (6.0.x frozen, RTC on a stable
6.2.x branch, and a CTR dev branch) is:
Stage 1
===
Create a CTR dev branch now.
svn cp
https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk
h
William A. Rowe, Jr. wrote:
> jean-frederic clere wrote:
>> Mark Thomas wrote:
>>> Mark Thomas wrote:
>>>> svn cp
>>>> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
>>>> https://svn.apache.org/repos/asf/tomcat/tc6.1.0/t
Rémy Maucherat wrote:
> On Sun, 2007-11-04 at 16:10 +0000, Mark Thomas wrote:
>> Do the (unless there is a pressing need - eg a major security issue) final
>> stable release of 6.0.x.
>> Freeze development of the 6.0.x branch.
>
> -1. Branches should continue to be open
jean-frederic clere wrote:
> Filip Hanik - Dev Lists wrote:
>> I'm having problems with the cookie parsing
>>
> It is seems there are 2 problems... The version (only TCK will complain)
Haven't looked at this
> and we are re escaping already escaped strings.
The spec isn't 100% clear on who is resp
Filip Hanik - Dev Lists wrote:
> I believe (and correct me if I am wrong) that Apache software may
> include the binary distribution of CDDL code.
Correct.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional command
Filip Hanik - Dev Lists wrote:
> Mark Thomas wrote:
>> Filip Hanik - Dev Lists wrote:
>>
>>> Mark Thomas wrote:
>>>
>>>> jean-frederic clere wrote:
>>>>
>>>>> and we are re escaping already escaped strings.
>
Filip Hanik - Dev Lists wrote:
> Mark Thomas wrote:
>> jean-frederic clere wrote:
>>> and we are re escaping already escaped strings.
>>>
>> The spec isn't 100% clear on who is responsible for escaping the
>> values if
>> required.
>>
&g
Lucas Galfaso wrote:
> Is CDDL Apache compatible?
Not for java source, no. See http://people.apache.org/~rubys/3party.html
We can't use this patch.
Mark
>
>
>
> On Nov 8, 2007 8:15 PM, <[EMAIL PROTECTED]> wrote:
>> DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
>> RELATED COMMENTS TH
Remy Maucherat wrote:
> On Mon, 2007-11-05 at 15:17 +0100, Rémy Maucherat wrote:
>> The candidates binaries are available here:
>> http://people.apache.org/~remm/tomcat-6/v6.0.15/
>>
>> According to the release process, the 6.0.15 tag is:
>> [X] Broken
>> [ ] Alpha
>> [ ] Beta
>> [ ] Stable
>
> I
Mark Thomas wrote:
> Rémy Maucherat wrote:
>> On Sun, 2007-11-04 at 16:10 +0000, Mark Thomas wrote:
>>> Do the (unless there is a pressing need - eg a major security issue) final
>>> stable release of 6.0.x.
>>> Freeze development of the 6.0.x branch.
>>
Remy Maucherat wrote:
> On Fri, 2007-11-09 at 20:16 +0000, Mark Thomas wrote:
>> Remy Maucherat wrote:
>>> On Mon, 2007-11-05 at 15:17 +0100, Rémy Maucherat wrote:
>>>> The candidates binaries are available here:
>>>> http://people.apache.org/~remm/to
Remy Maucherat wrote:
> On Fri, 2007-11-09 at 22:23 +0000, Mark Thomas wrote:
>>> These sources can be found in the specification documents.
>> That doesn't mean we can just copy them.
>>
>>> Geronimo
>>> should also have the same files somewhere.
>
All,
In an effort to make my life easier (and that of anyone else working on
Windows) I'd like to change the STATUS files to STATUS.txt files since this
will allow me to use the default text editor for them. At the moment every
time I double click on a STATUS file to edit it, I have to select a te
[EMAIL PROTECTED] wrote:
> Author: billbarker
> Date: Tue Nov 27 02:54:45 2007
> New Revision: 598587
>
> URL: http://svn.apache.org/viewvc?rev=598587&view=rev
> Log:
> Adding my objection
>
> Modified:
> tomcat/tc6.0.x/trunk/STATUS.txt
>
> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
> URL:
>
I recently created some skeleton implementations of the above packages to
stop Eclipse complaining all the time about not being able to compile the
entire TC6 source tree.
Is there any interest in adding them to trunk to join the other skeleton
classes in TC6?
Mark
-
101 - 200 of 9501 matches
Mail list logo
