[
https://issues.apache.org/jira/browse/GERONIMO-4245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12622804#action_12622804
]
Donald Woods commented on GERONIMO-4245:
I've run into several JSP files in our build (mainly the monitor webapp) that
require code changes to work with Tomcat 6.0.18, due to tightened code around
the JSP 2.0 spec in Jasper during the Tomcat 6.0.17 release.
The build errors look something like -
org.apache.jasper.JasperException:
file:/Users/drwoods/geronimo/server-trunk/plugins/monitoring/mconsole-war/src/main/webapp/WEB-INF/view/monitoringEditView.jsp(168,168)
Attribute value rs.getString(server_id) is quoted with which must be
escaped when used within the value
at
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
There are several places in the portlet code where we have -
value=%=rs.getString(server_id)%
which had to be changed to
value='%=rs.getString(server_id)%'
The full text of the Tomcat Jasper change can be found at -
https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
with the basic explanation being -
According to JSP 2.0 specification (chapter 1.7 page 72,73)
This code is illegal:
mytags:tag value=%= hi! % /
Instead the correct sentence would be:
mytags:tag value='%= hi! %' /
mytags:tag value=%= \hi!\ % /
mytags:tag value='%= \name\ %' /
...
Upgrade to Tomcat 6.0.18 to pickup latest security fixes
Key: GERONIMO-4245
URL: https://issues.apache.org/jira/browse/GERONIMO-4245
Project: Geronimo
Issue Type: Bug
Security Level: public(Regular issues)
Components: dependencies
Affects Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2
Reporter: Donald Woods
Assignee: Donald Woods
Priority: Critical
Fix For: 2.0.3, 2.1.3, 2.2
Need to upgrade to Tomcat 6.0.18 to pickup the latest security fixes, as
listed on the following Tomcat webpage -
http://tomcat.apache.org/security-6.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.