[Bug 63867] Add option for reason phrase
https://bz.apache.org/bugzilla/show_bug.cgi?id=63867 --- Comment #2 from Ken DeLong --- It's FAR more convenient to run Boot apps with the embedded container. Our whole infrastructure is set up that way. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63867] Add option for reason phrase
https://bz.apache.org/bugzilla/show_bug.cgi?id=63867 --- Comment #1 from Michael Osipov --- The documentation says: You can also deploy Spring Boot applications to any Servlet 3.1+ compatible container. Does that not work? What is wrong to deploy a Spring app as WAR file to Tomcat? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass
https://bz.apache.org/bugzilla/show_bug.cgi?id=61542 --- Comment #14 from Mike Smith --- Hello Mark, does this issue fixed already? Or any source? Thanks Mike S. http://www.insolvencyhelpline.co.uk/"; -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4682 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 46ebe8b143e4e7ad3101470735a2749067a2533e Blamelist: Mark Thomas BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63867] New: Add option for reason phrase
https://bz.apache.org/bugzilla/show_bug.cgi?id=63867 Bug ID: 63867 Summary: Add option for reason phrase Product: Tomcat 9 Version: 9.0.x Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: kenwdel...@gmail.com Target Milestone: - I would like to have the ability to optionally add the Reason Phrase to the HTTP response in Tomcat 9 (and above) like was available in Tomcat 8. I have legacy embedded firmware in devices in the field that are depending on the reason phrase. I know they are not "supposed" to, but they do, and it's multi-million dollars to replace them all, vs a small code fix. Currently Spring Boot 2.2.0 does not work with Tomcat 8, so now I'm stuck in legacy-software-hell, I can no longer upgrade my stack. Could we please have the ability to revive the "sendReasonPhrase" configuration parameter? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63825] Http11Processor does not compare request header values for complete tokens
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825 --- Comment #4 from Michael Osipov --- (In reply to Mark Thomas from comment #3) > Thanks for catching that. I've refactored the code a little and expanded it > to cover the request header case. > > Performance testing indicates neutral to marginally positive effect. Brilliant, only compression config left. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63825] Http11Processor does not compare request header values for complete tokens
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Thomas --- Thanks for catching that. I've refactored the code a little and expanded it to cover the request header case. Performance testing indicates neutral to marginally positive effect. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 872f0a3 Additional fix for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
872f0a3 is described below
commit 872f0a3ed348520bc521add259ed8a852c33b58e
Author: Mark Thomas
AuthorDate: Fri Oct 18 22:53:19 2019 +0100
Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
Local performance testing shows no negative impact and possibly a small
gain.
---
.../coyote/http11/AbstractHttp11Processor.java | 27 ++
java/org/apache/coyote/http11/Constants.java | 8 +++
2 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Processor.java
b/java/org/apache/coyote/http11/AbstractHttp11Processor.java
index 48c9c93..37ecc9a 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Processor.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Processor.java
@@ -19,6 +19,7 @@ package org.apache.coyote.http11;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.StringReader;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
@@ -693,7 +694,10 @@ public abstract class AbstractHttp11Processor extends
AbstractProcessor {
/**
* Specialized utility method: find a sequence of lower case bytes inside
* a ByteChunk.
+ *
+ * @deprecated Unused. Will be removed in Tomcat 8.5.x.
*/
+@Deprecated
protected int findBytes(ByteChunk bc, byte[] b) {
byte first = b[0];
@@ -1288,7 +1292,7 @@ public abstract class AbstractHttp11Processor extends
AbstractProcessor {
/**
* After reading the request headers, we have to setup the request filters.
*/
-protected void prepareRequest() {
+protected void prepareRequest() throws IOException {
http11 = true;
http09 = false;
@@ -1337,11 +1341,11 @@ public abstract class AbstractHttp11Processor
extends AbstractProcessor {
// Check connection header
MessageBytes connectionValueMB =
headers.getValue(Constants.CONNECTION);
if (connectionValueMB != null && !connectionValueMB.isNull()) {
-ByteChunk connectionValueBC = connectionValueMB.getByteChunk();
-if (findBytes(connectionValueBC, Constants.CLOSE_BYTES) != -1) {
+Set tokens = new HashSet();
+parseConnectionTokens(headers, tokens);
+if (tokens.contains(Constants.CLOSE)) {
keepAlive = false;
-} else if (findBytes(connectionValueBC,
- Constants.KEEPALIVE_BYTES) != -1) {
+} else if (tokens.contains(Constants.KEEPALIVE)) {
keepAlive = true;
}
}
@@ -1746,22 +1750,27 @@ public abstract class AbstractHttp11Processor
extends AbstractProcessor {
}
+
private static boolean isConnectionToken(MimeHeaders headers, String
token) throws IOException {
MessageBytes connection = headers.getValue(Constants.CONNECTION);
if (connection == null) {
return false;
}
+Set tokens = new HashSet();
+parseConnectionTokens(headers, tokens);
+return tokens.contains(token);
+}
+
+
+private static void parseConnectionTokens(MimeHeaders headers,
Collection tokens) throws IOException {
Enumeration values = headers.values(Constants.CONNECTION);
-Set result = new HashSet();
while (values.hasMoreElements()) {
String nextHeaderValue = values.nextElement();
if (nextHeaderValue != null) {
-TokenList.parseTokenList(new StringReader(nextHeaderValue),
result);
+TokenList.parseTokenList(new StringReader(nextHeaderValue),
tokens);
}
}
-
-return result.contains(token);
}
diff --git a/java/org/apache/coyote/http11/Constants.java
b/java/org/apache/coyote/http11/Constants.java
index 20362dd..98cfef3 100644
--- a/java/org/apache/coyote/http11/Constants.java
+++ b/java/org/apache/coyote/http11/Constants.java
@@ -123,9 +123,17 @@ public final class Constants {
/* Various constant "strings" */
public static final String CONNECTION = "Connection";
public static final String CLOSE = "close";
+/**
+ * @deprecated Unused. Will be removed in Tomcat 10.
+ */
+@Deprecated
public static final byte[] CLOSE_BYTES =
ByteChunk.convertToBytes(CLOSE);
public static final String KEEPALIVE = "keep-alive";
+/**
+ * @deprecated Unused. Will be removed in Tomcat 10.
+ */
+@Deprecated
public static final byte[] KEEPALIVE_BYTES =
ByteChunk.convertToBytes(KEEPALIVE);
public stat
[GitHub] [tomcat] Heesenp opened a new pull request #215: fixed typos and grammatical errors
Heesenp opened a new pull request #215: fixed typos and grammatical errors URL: https://github.com/apache/tomcat/pull/215 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new c77c089 Additional fix for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
c77c089 is described below
commit c77c089cd03f2cf47dcecfd7039a4165fa430831
Author: Mark Thomas
AuthorDate: Fri Oct 18 22:46:11 2019 +0100
Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
Local performance testing shows no negative impact and possibly a small
gain.
---
java/org/apache/coyote/http11/Constants.java | 8 +++
java/org/apache/coyote/http11/Http11Processor.java | 58 ++
2 files changed, 23 insertions(+), 43 deletions(-)
diff --git a/java/org/apache/coyote/http11/Constants.java
b/java/org/apache/coyote/http11/Constants.java
index 7f0ce62..1383454 100644
--- a/java/org/apache/coyote/http11/Constants.java
+++ b/java/org/apache/coyote/http11/Constants.java
@@ -103,8 +103,16 @@ public final class Constants {
/* Various constant "strings" */
public static final String CONNECTION = "Connection";
public static final String CLOSE = "close";
+/**
+ * @deprecated Unused. Will be removed in Tomcat 10.
+ */
+@Deprecated
public static final byte[] CLOSE_BYTES = ByteChunk.convertToBytes(CLOSE);
public static final String KEEPALIVE = "keep-alive";
+/**
+ * @deprecated Unused. Will be removed in Tomcat 10.
+ */
+@Deprecated
public static final byte[] KEEPALIVE_BYTES =
ByteChunk.convertToBytes(KEEPALIVE);
public static final String CHUNKED = "chunked";
/**
diff --git a/java/org/apache/coyote/http11/Http11Processor.java
b/java/org/apache/coyote/http11/Http11Processor.java
index 7249493..05e595a 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -20,6 +20,7 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.StringReader;
import java.nio.ByteBuffer;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Locale;
@@ -49,7 +50,6 @@ import
org.apache.coyote.http11.upgrade.InternalHttpUpgradeHandler;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.buf.Ascii;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
@@ -578,39 +578,6 @@ public class Http11Processor extends AbstractProcessor {
/**
- * Specialized utility method: find a sequence of lower case bytes inside
- * a ByteChunk.
- */
-private static int findBytes(ByteChunk bc, byte[] b) {
-
-byte first = b[0];
-byte[] buff = bc.getBuffer();
-int start = bc.getStart();
-int end = bc.getEnd();
-
-// Look for first char
-int srcEnd = b.length;
-
-for (int i = start; i <= (end - srcEnd); i++) {
-if (Ascii.toLower(buff[i]) != first) {
-continue;
-}
-// found first char, now look for a match
-int myPos = i+1;
-for (int srcPos = 1; srcPos < srcEnd;) {
-if (Ascii.toLower(buff[myPos++]) != b[srcPos++]) {
-break;
-}
-if (srcPos == srcEnd) {
-return i - start; // found it
-}
-}
-}
-return -1;
-}
-
-
-/**
* Determine if we must drop the connection because of the HTTP status
* code. Use the same list of codes as Apache/httpd.
*/
@@ -949,7 +916,7 @@ public class Http11Processor extends AbstractProcessor {
/**
* After reading the request headers, we have to setup the request filters.
*/
-private void prepareRequest() {
+private void prepareRequest() throws IOException {
http11 = true;
http09 = false;
@@ -988,11 +955,11 @@ public class Http11Processor extends AbstractProcessor {
// Check connection header
MessageBytes connectionValueMB =
headers.getValue(Constants.CONNECTION);
if (connectionValueMB != null && !connectionValueMB.isNull()) {
-ByteChunk connectionValueBC = connectionValueMB.getByteChunk();
-if (findBytes(connectionValueBC, Constants.CLOSE_BYTES) != -1) {
+Set tokens = new HashSet<>();
+parseConnectionTokens(headers, tokens);
+if (tokens.contains(Constants.CLOSE)) {
keepAlive = false;
-} else if (findBytes(connectionValueBC,
- Constants.KEEPALIVE_BYTES) != -1) {
+} else if (tokens.contains(Constants.KEEPALIVE)) {
[tomcat] branch master updated: Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 46ebe8b Additional fix for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
46ebe8b is described below
commit 46ebe8b143e4e7ad3101470735a2749067a2533e
Author: Mark Thomas
AuthorDate: Fri Oct 18 22:46:11 2019 +0100
Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
Local performance testing shows no negative impact and possibly a small
gain.
---
java/org/apache/coyote/http11/Constants.java | 8 +++
java/org/apache/coyote/http11/Http11Processor.java | 58 ++
2 files changed, 23 insertions(+), 43 deletions(-)
diff --git a/java/org/apache/coyote/http11/Constants.java
b/java/org/apache/coyote/http11/Constants.java
index 6ed0923..2ca4dc4 100644
--- a/java/org/apache/coyote/http11/Constants.java
+++ b/java/org/apache/coyote/http11/Constants.java
@@ -103,8 +103,16 @@ public final class Constants {
/* Various constant "strings" */
public static final String CONNECTION = "Connection";
public static final String CLOSE = "close";
+/**
+ * @deprecated Unused. Will be removed in Tomcat 10.
+ */
+@Deprecated
public static final byte[] CLOSE_BYTES = ByteChunk.convertToBytes(CLOSE);
public static final String KEEPALIVE = "keep-alive";
+/**
+ * @deprecated Unused. Will be removed in Tomcat 10.
+ */
+@Deprecated
public static final byte[] KEEPALIVE_BYTES =
ByteChunk.convertToBytes(KEEPALIVE);
public static final String CHUNKED = "chunked";
public static final byte[] ACK_BYTES = ByteChunk.convertToBytes("HTTP/1.1
100 " + CRLF + CRLF);
diff --git a/java/org/apache/coyote/http11/Http11Processor.java
b/java/org/apache/coyote/http11/Http11Processor.java
index 24fd9e9..6df04cc 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -20,6 +20,7 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.StringReader;
import java.nio.ByteBuffer;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Locale;
@@ -49,7 +50,6 @@ import
org.apache.coyote.http11.upgrade.InternalHttpUpgradeHandler;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.buf.Ascii;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
@@ -189,39 +189,6 @@ public class Http11Processor extends AbstractProcessor {
/**
- * Specialized utility method: find a sequence of lower case bytes inside
- * a ByteChunk.
- */
-private static int findBytes(ByteChunk bc, byte[] b) {
-
-byte first = b[0];
-byte[] buff = bc.getBuffer();
-int start = bc.getStart();
-int end = bc.getEnd();
-
-// Look for first char
-int srcEnd = b.length;
-
-for (int i = start; i <= (end - srcEnd); i++) {
-if (Ascii.toLower(buff[i]) != first) {
-continue;
-}
-// found first char, now look for a match
-int myPos = i+1;
-for (int srcPos = 1; srcPos < srcEnd;) {
-if (Ascii.toLower(buff[myPos++]) != b[srcPos++]) {
-break;
-}
-if (srcPos == srcEnd) {
-return i - start; // found it
-}
-}
-}
-return -1;
-}
-
-
-/**
* Determine if we must drop the connection because of the HTTP status
* code. Use the same list of codes as Apache/httpd.
*/
@@ -560,7 +527,7 @@ public class Http11Processor extends AbstractProcessor {
/**
* After reading the request headers, we have to setup the request filters.
*/
-private void prepareRequest() {
+private void prepareRequest() throws IOException {
http11 = true;
http09 = false;
@@ -598,11 +565,11 @@ public class Http11Processor extends AbstractProcessor {
// Check connection header
MessageBytes connectionValueMB =
headers.getValue(Constants.CONNECTION);
if (connectionValueMB != null && !connectionValueMB.isNull()) {
-ByteChunk connectionValueBC = connectionValueMB.getByteChunk();
-if (findBytes(connectionValueBC, Constants.CLOSE_BYTES) != -1) {
+Set tokens = new HashSet<>();
+parseConnectionTokens(headers, tokens);
+if (tokens.contains(Constants.CLOSE)) {
keepAlive = false;
-} else if (findBytes(connectionValueBC,
- Constants.KEEPALIVE_B
[Bug 63824] Http11Processor does not compare Connection header value case-insensitively
https://bz.apache.org/bugzilla/show_bug.cgi?id=63824 --- Comment #8 from Michael Osipov --- Indeed, my bad. Thanks for double-checking! Wouldn't is more reasonble to use isConnectionToken()? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63824] Http11Processor does not compare Connection header value case-insensitively
https://bz.apache.org/bugzilla/show_bug.cgi?id=63824 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED|RESOLVED --- Comment #7 from Mark Thomas --- The findBytes() check is case-insensitive (the value is forced to lower case before it is checked). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Private branches in the official Tomcat git repository
Am 2019-10-18 um 16:12 schrieb Rémy Maucherat: On Fri, Oct 11, 2019 at 4:20 PM Rémy Maucherat wrote: Hi, This vote is to regulate the use of branches in the official Tomcat repository beyond branches that are approved by the community such as 8.5.x and 7.0.x. It is possible to do development in private branches directly in the official Tomcat repository, as an alternative to using forks and pull requests. Should private branches be allowed in the official Tomcat git repository ? [ ] Yes [ ] No Here is a recap of the voting. For the binding votes, we have: Yes: michaelo, ebourg, kkolinko No: remm, schultz, rjung, markt Undecided: fschumacher Thanks to the participants, including the ones with non binding votes who were more in favor of branches. So the community is rather split even if the result leans on the negative side, and many liked the idea of feature branches. I think it's not enough to completely forbid branch use beyond the main release branches. Therefore, I propose resolving this as follows: Branches use should follow a non automatic process: - require a significant amount of work with multiple commits ahead to justify their creation = always a "feature" branch, with the feature being large enough (which is subjective, use common sense) This should have been applied way way earlier. There are too many "fixup", "post fix" commits on master. - get casual community ack before being created (the relevant BZ could get the branch creation request, which should get should get at least one +1 from another committer and of course no vetoes) Seriously? You want me to beg for a cheap branch on an issue I am currently working to solve a problem for the *entire* community? I want to be productive, push intermediate changes and when I think fit, squash them and create the PR with the qualified reviewers assigned. That's what the Apache Maven team and others have been doing for years -- with great success. This pretty much sounds to me that you don't trust your fellow committers doing things right. Michael - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63865] Cookie Attribute SameSite=None is default to unset in Chrome browser
https://bz.apache.org/bugzilla/show_bug.cgi?id=63865 --- Comment #1 from Prakash Saraf --- Google Chrome will also default all cookies without "SameSite" attribute to "Samesite=LAX" effective from Chrome v80. So, its important that if the value is set to NONE, tomcat does honor that and put SameSite=NONE rather unsetting it. Reference for upcoming Chrome change - https://www.chromestatus.com/feature/5088147346030592 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63859] AJP cping/cpong mode failing on Tomcat 9.x
https://bz.apache.org/bugzilla/show_bug.cgi?id=63859 --- Comment #6 from Aurelien Pernoud --- Tomcat 8.0.x -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63865] New: Cookie Attribute SameSite=None is default to unset in Chrome browser
https://bz.apache.org/bugzilla/show_bug.cgi?id=63865 Bug ID: 63865 Summary: Cookie Attribute SameSite=None is default to unset in Chrome browser Product: Tomcat 8 Version: 8.5.x-trunk Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: pushy...@umich.edu Target Milestone: This PR for Tomcat added support for SameSite Cookie attribute, https://github.com/apache/tomcat/pull/162/files. One thing I noticed is if I configure SameSite=None then Tomcat is setting to unset in Broswer, documentation echo that behviour. With Chrome 77, I see a warning which is trying to say that SameSite should be either be Set to None, Lax, Strict. Chrome Warning: "A cookie associated with a cross-site resource at http://localhost/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032"; I have an application(Which we call it an LTI tool(https://www.imsglobal.org/activity/learning-tools-interoperability) that is embeded inside another application so that user have seamless experience and that's how it need to operate. In my Case SameSite=None is approperaite setting for application running, current tomcat 8 if set to None it is unseting in the value in browser. And it looks like future browsers what it to set to either od those options None, Lax, Strict. Can you allow in Tomcat to set to None if user choose that option instead of defaulting to unset? context.xml -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/1986 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 801fc706ac30a1b9eecc034a81f94616303f43b6 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63859] AJP cping/cpong mode failing on Tomcat 9.x
https://bz.apache.org/bugzilla/show_bug.cgi?id=63859 --- Comment #5 from Christopher Schultz --- (In reply to Aurelien Pernoud from comment #3) > Tomcat 7&8 Is this Tomcat 8.0.x or Tomcat 8.5.x? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63860] Error 401 with TLSv1.3 and auth-method CLIENT-CERT
https://bz.apache.org/bugzilla/show_bug.cgi?id=63860 --- Comment #2 from Christopher Schultz --- (In reply to Mark Thomas from comment #1) > (use OpenSSL or drop-back to TLS 1.2). Clarification: does NIO+OpenSSL+TLSv1.3 work, here, or is the APR connector required? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Minor optimisation - add new line to access log message outside the sync
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 801fc70 Minor optimisation - add new line to access log message
outside the sync
801fc70 is described below
commit 801fc706ac30a1b9eecc034a81f94616303f43b6
Author: Mark Thomas
AuthorDate: Fri Oct 18 17:03:47 2019 +0100
Minor optimisation - add new line to access log message outside the sync
---
java/org/apache/catalina/valves/AccessLogValve.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/valves/AccessLogValve.java
b/java/org/apache/catalina/valves/AccessLogValve.java
index fe2943e..b133e10 100644
--- a/java/org/apache/catalina/valves/AccessLogValve.java
+++ b/java/org/apache/catalina/valves/AccessLogValve.java
@@ -610,10 +610,10 @@ public class AccessLogValve extends
AbstractAccessLogValve {
// Log this message
try {
+message.write(System.lineSeparator());
synchronized(this) {
if (writer != null) {
message.writeTo(writer);
-writer.println("");
if (!buffered) {
writer.flush();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Minor optimisation - add new line to access log message outside the sync
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new b8cc215 Minor optimisation - add new line to access log message
outside the sync
b8cc215 is described below
commit b8cc21574938dc8f46b88396de0694e1ce7aa0a7
Author: Mark Thomas
AuthorDate: Fri Oct 18 17:03:47 2019 +0100
Minor optimisation - add new line to access log message outside the sync
---
java/org/apache/catalina/valves/AccessLogValve.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/valves/AccessLogValve.java
b/java/org/apache/catalina/valves/AccessLogValve.java
index fe2943e..b133e10 100644
--- a/java/org/apache/catalina/valves/AccessLogValve.java
+++ b/java/org/apache/catalina/valves/AccessLogValve.java
@@ -610,10 +610,10 @@ public class AccessLogValve extends
AbstractAccessLogValve {
// Log this message
try {
+message.write(System.lineSeparator());
synchronized(this) {
if (writer != null) {
message.writeTo(writer);
-writer.println("");
if (!buffered) {
writer.flush();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Private branches in the official Tomcat git repository
On Fri, Oct 11, 2019 at 4:20 PM Rémy Maucherat wrote: > Hi, > > This vote is to regulate the use of branches in the official Tomcat > repository beyond branches that are approved by the community such as 8.5.x > and 7.0.x. It is possible to do development in private branches directly in > the official Tomcat repository, as an alternative to using forks and pull > requests. > > Should private branches be allowed in the official Tomcat git repository ? > [ ] Yes > [ ] No > Here is a recap of the voting. For the binding votes, we have: Yes: michaelo, ebourg, kkolinko No: remm, schultz, rjung, markt Undecided: fschumacher Thanks to the participants, including the ones with non binding votes who were more in favor of branches. So the community is rather split even if the result leans on the negative side, and many liked the idea of feature branches. I think it's not enough to completely forbid branch use beyond the main release branches. Therefore, I propose resolving this as follows: Branches use should follow a non automatic process: - require a significant amount of work with multiple commits ahead to justify their creation = always a "feature" branch, with the feature being large enough (which is subjective, use common sense) - get casual community ack before being created (the relevant BZ could get the branch creation request, which should get should get at least one +1 from another committer and of course no vetoes) Rémy
Re: Questions ad JSP/Jasper implementation in Tomcat ...
On 18.10.2019 13:32, Rony G. Flatscher (Apache) wrote:
> Thank you very much for your remarks and pointers, Mark!
>
> ---rony
>
> P.S.: Not sure as of yet, what scope it should be. The idea would be to allow
> any of the Java script
> languages to be used. Currently the naive assumption is that one could
> redirect the script's stdout
> to the servlet's 'out' object (by using ScriptContext.setWriter(out)) and
> using ScriptEngineFactory
> helper methods getOutputStatement(...), getProgram(...) and maybe
> getMethodCallSyntax(...) for
> creating the appropriate script program from the JSP that then gets
> dispatched via
> ScriptEngine.eval(...) from the created Java program.
... cut ...
Just to give an idea what the Java code employing javax.script might look like
(untested), assuming
that from the JSP the respective script program got created (referred to by
"String
scriptFromJSP=..." in the Java snippet to be generated below):
import javax.script.*;
... cut ...
// the scriptCode value is created when transforming the JSP to
its script code
representation using
// ScriptEngineFactory utility methods
String scriptFromJSP="...script created from JSP ...";
try
{
// create a ScriptContext for this run
ScriptContext sc=new SimpleScriptContext();
sc.setWriter(out); // set stdout to 'out'
// get its ENGINE_SCOPE Bindings
Bindings
engineScope=sc.getBindings(ScriptContext.ENGINE_SCOPE);
// set JSP file name for the script
engineScope.put(ScriptEngine.FILENAME, jspFileName);
// define arguments for the script program
engineScope.put(ScriptEngine.ARGV, new
Object[]{request,response});
// set JSP objects
engineScope.put("application", application);
engineScope.put("config", config);
engineScope.put("out", out);
engineScope.put("pageContext", pageContext);
engineScope.put("request" , request);
engineScope.put("response", response);
// get ScriptEngine, evaluate (run) script program
ScriptEngineManager sem=new ScriptEngineManager();
ScriptEngine se=sem.getEngineByName("LANGUAGE_NAME"); //
language name used for JSP
"language" attribute in the page directive
// run (execute) the script with the ScriptContext
Object res=se.eval(scriptFromJSP, sc); // run the script
}
catch (ScriptException sexc) // an error occurred
{
sexc.printStackTrace();
System.exit(-1);
}
... cut ...
---rony
Re: Questions ad JSP/Jasper implementation in Tomcat ...
Thank you very much for your remarks and pointers, Mark! ---rony P.S.: Not sure as of yet, what scope it should be. The idea would be to allow any of the Java script languages to be used. Currently the naive assumption is that one could redirect the script's stdout to the servlet's 'out' object (by using ScriptContext.setWriter(out)) and using ScriptEngineFactory helper methods getOutputStatement(...), getProgram(...) and maybe getMethodCallSyntax(...) for creating the appropriate script program from the JSP that then gets dispatched via ScriptEngine.eval(...) from the created Java program. On 17.10.2019 15:41, Mark Thomas wrote: > On 17/10/2019 11:00, Rony G. Flatscher (Apache) wrote: >> Being interested in analyzing what is needed to enable Tomcat JSP's to >> be deployable with any Java scripting languages (i.e. with >> javax.script.ScriptEngines) instead of Java. > A potentially huge amount of work if you propose replicating JSP > functionality (tag libraries, EL support, etc.) but with a different > language. > >> Motivation: there are programmers who are not able to program in Java, >> but have broad expertise in programming with other languages like >> Javascript, PHP, Rexx, Python, etc. If such programmers could devise >> JSPs using their programming language of choice instead of (or in >> addition to) Java, they would become able to take advantage of Tomcat. >> >> Idea: since Java 6 the javax.script package defines a Java scripting >> framework which can be used to generically create the Java program >> necessary to deploy the code in JSPs. E.g. the 'request' and 'response' >> objects could be supplied as arguments via the >> ScriptContext.ENGINGE_SCOPE Bindings in a Java array named >> ScriptEngine.ARGV, but also objects like 'out' could be made available >> to all Java scripting languages. This in essence should allow any (JVM) >> langugage implementing a javax.script.ScriptEngine to be used as a >> programming language in a JSP by merely denoting its name in "<%@ page >> language="LANGUAGE" contentType="text/html"%>, where LANGUAGE could then >> be e.g. "javascript", "jython", "netrexx", "rexx", ... instead of "java". >> >> The question(s): >> >> * Where would one find a document/tutorial with a conceptual overview >> of processing a JSP file? > The JSP specification. > https://cwiki.apache.org/confluence/display/tomcat/Specifications > >> * Which class(es) are used to process JSPs with the language attribute >> set to "java" in the current implementation of Tomcat, assuming that >> it would be feasible to subclass (or create alternatives of) those >> class(es) to add generic support for JSR223 (javax.script.ScriptEngine)? > org.apache.jasper.* > > Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63864] Use new TokenList parser for Http11Processor Transfer-Encoding handling
https://bz.apache.org/bugzilla/show_bug.cgi?id=63864 Michael Osipov changed: What|Removed |Added CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63864] New: Use new TokenList parser for Http11Processor Transfer-Encoding handling
https://bz.apache.org/bugzilla/show_bug.cgi?id=63864 Bug ID: 63864 Summary: Use new TokenList parser for Http11Processor Transfer-Encoding handling Product: Tomcat 9 Version: 9.0.x Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: - The Transfer-Encoding header is processed manually (https://github.com/apache/tomcat/blob/master/java/org/apache/coyote/http11/Http11Processor.java#L760-L775), use the newly introduced TokenList parser to reduce duplicate code -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63825] Http11Processor does not compare request header values for complete tokens
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825 Michael Osipov changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #2 from Michael Osipov --- I am afraid I need to reopen this one because of this missed spot: https://github.com/apache/tomcat/blob/master/java/org/apache/coyote/http11/Http11Processor.java#L599-L608 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63824] Http11Processor does not compare Connection header value case-insensitively
https://bz.apache.org/bugzilla/show_bug.cgi?id=63824 Michael Osipov changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #6 from Michael Osipov --- I am afraid I need to reopen this one because of this missed spot: https://github.com/apache/tomcat/blob/master/java/org/apache/coyote/http11/Http11Processor.java#L599-L608 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
