https://issues.apache.org/bugzilla/show_bug.cgi?id=57091
--- Comment #7 from Niklas Hallqvist <niklas+apa...@appli.se> --- (In reply to Mark Thomas from comment #6) > Thanks for the test case. Very helpful. > > I can repeat this issue with Java 8 and Java 7 and I have applied your > suggested patch to 8.0.x for 8.0.15 onwards and 7.0.x for 7.0.57 onwards. > > On a related topic, would it be helpful at all if the Tomcat JARs were > signed by the ASF (we recently started to use Symantec's code signing > service). If this would be useful, please open a new enhancement request and > we'll figure out how to fit JSAR signing into the build process. Sorry I forgot to tell the tomcat jars needed to be signed as well. I am not sure it will be helpful, maybe it will now, but at least at some point in time, mixed signers were not working too well in our applet setups, so we decided sign all jars ourselves, 3rd party or not, with our own certificate as a standard practice these days. Of course we would have the potential to verify the jars' origin if they were signed, but we would still overwrite the signature with our own before deployment. Thanks for including the fix, this way I don't need to have a customized tomcat version for our needs. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
