Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/263 Blamelist: Christopher Schultz , Igal Sapir , lihan Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] f28f12e5b639a40c3cef4278ee55738d14a62111 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66527] Embedded Tomcat addWebApp docBase usage is inconsistent with JavaDoc
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527
--- Comment #3 from Zach DeLuca ---
(In reply to Mark Thomas from comment #1)
> I did look at the possibility of supporting a relative path but that begs
> the question "Relative to what?". CATALINA_BASE isn't an option as that is
> (usually) created dynamically when using the Tomcat class.
Funny enough, I actually discovered the issue when specifying a fixed
CATALINA_BASE (setting server.tomcat.basedir with Spring Boot).
For example, if CATALINA_BASE=/foo and /foo/webapps/bar exists, then
addWebApp("/bar", "bar") actually works just fine.
The only issue that appeared was NoSuchFileException stemming from
getWebappConfigFile interpreting "bar" as absolute when trying to locate
context.xml as I mentioned in the original post. Otherwise, the app works (as I
have no context.xml anyway).
I think this works because of the underlying Context object, which says this
for setDocBase(String):
> Set the document root for this Context. This can be either an absolute
> pathname or
> a relative pathname. Relative pathnames are relative to the containing Host's
> appBase.
So I guess "Relative to what?" is sort of explained?
But anyway, using an absolute path is easy enough for me. Plus it has the added
benefit I hadn't considered until now, that you can load from any path and it
doesn't need to be underneath an existing CATALINA_BASE.
Thank you for clearing this up.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: Merge pull request #599 from apache/use-available-constants-9-0
This is an automated email from the ASF dual-hosted git repository. isapir pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit b28e61513a47f01574f42b3a3ea75bbfe05b7c86 Merge: cd2566a28c ba7a901566 Author: Igal Sapir AuthorDate: Tue Mar 14 21:21:30 2023 -0700 Merge pull request #599 from apache/use-available-constants-9-0 Use available constants java/org/apache/catalina/startup/VersionLoggerListener.java | 4 ++-- .../apache/catalina/storeconfig/ConnectorStoreAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StandardContextSF.java | 11 ++- .../org/apache/catalina/storeconfig/StoreContextAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StoreFileMover.java | 3 ++- java/org/apache/tomcat/jni/Library.java | 4 +++- test/org/apache/catalina/startup/LoggingBaseTest.java | 2 +- test/org/apache/tomcat/util/file/TestConfigFileLoader.java| 5 +++-- 8 files changed, 21 insertions(+), 14 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated (cd2566a28c -> b28e61513a)
This is an automated email from the ASF dual-hosted git repository. isapir pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from cd2566a28c Fix changelog entry add ba7a901566 Use available constants new b28e61513a Merge pull request #599 from apache/use-available-constants-9-0 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/startup/VersionLoggerListener.java | 4 ++-- .../apache/catalina/storeconfig/ConnectorStoreAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StandardContextSF.java | 11 ++- .../org/apache/catalina/storeconfig/StoreContextAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StoreFileMover.java | 3 ++- java/org/apache/tomcat/jni/Library.java | 4 +++- test/org/apache/catalina/startup/LoggingBaseTest.java | 2 +- test/org/apache/tomcat/util/file/TestConfigFileLoader.java| 5 +++-- 8 files changed, 21 insertions(+), 14 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] isapir merged pull request #599: Use available constants
isapir merged PR #599: URL: https://github.com/apache/tomcat/pull/599 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] isapir opened a new pull request, #599: Use available constants
isapir opened a new pull request, #599: URL: https://github.com/apache/tomcat/pull/599 Created a branch and PR because my local git shows some new class files and I'm not sure where they came from so doing it this way so that I can safely review the patch before merging it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch use-available-constants-9-0 created (now ba7a901566)
This is an automated email from the ASF dual-hosted git repository. isapir pushed a change to branch use-available-constants-9-0 in repository https://gitbox.apache.org/repos/asf/tomcat.git at ba7a901566 Use available constants This branch includes the following new commits: new ba7a901566 Use available constants The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: Use available constants
This is an automated email from the ASF dual-hosted git repository.
isapir pushed a commit to branch use-available-constants-9-0
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit ba7a901566fb0ba17bb708bfa547d0f29ccddf9f
Author: Igal Sapir
AuthorDate: Tue Mar 14 21:18:19 2023 -0700
Use available constants
---
java/org/apache/catalina/startup/VersionLoggerListener.java | 4 ++--
.../apache/catalina/storeconfig/ConnectorStoreAppender.java | 3 ++-
java/org/apache/catalina/storeconfig/StandardContextSF.java | 11 ++-
.../org/apache/catalina/storeconfig/StoreContextAppender.java | 3 ++-
java/org/apache/catalina/storeconfig/StoreFileMover.java | 3 ++-
java/org/apache/tomcat/jni/Library.java | 4 +++-
test/org/apache/catalina/startup/LoggingBaseTest.java | 2 +-
test/org/apache/tomcat/util/file/TestConfigFileLoader.java| 5 +++--
8 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/startup/VersionLoggerListener.java
b/java/org/apache/catalina/startup/VersionLoggerListener.java
index 472cd46d48..9e92df0339 100644
--- a/java/org/apache/catalina/startup/VersionLoggerListener.java
+++ b/java/org/apache/catalina/startup/VersionLoggerListener.java
@@ -113,9 +113,9 @@ public class VersionLoggerListener implements
LifecycleListener {
log.info(sm.getString("versionLoggerListener.vm.vendor",
System.getProperty("java.vm.vendor")));
log.info(sm.getString("versionLoggerListener.catalina.base",
-System.getProperty("catalina.base")));
+System.getProperty(Constants.CATALINA_BASE_PROP)));
log.info(sm.getString("versionLoggerListener.catalina.home",
-System.getProperty("catalina.home")));
+System.getProperty(Constants.CATALINA_HOME_PROP)));
if (logArgs) {
List args =
ManagementFactory.getRuntimeMXBean().getInputArguments();
diff --git a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
index cf0f3d2641..63f50df76c 100644
--- a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
+++ b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
@@ -29,6 +29,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import org.apache.catalina.Globals;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.ProtocolHandler;
import org.apache.tomcat.util.IntrospectionUtils;
@@ -288,7 +289,7 @@ public class ConnectorStoreAppender extends StoreAppender {
protected File getCatalinaBase() {
-File file = new File(System.getProperty("catalina.base"));
+File file = new File(System.getProperty(Globals.CATALINA_BASE_PROP));
try {
file = file.getCanonicalFile();
} catch (IOException e) {
diff --git a/java/org/apache/catalina/storeconfig/StandardContextSF.java
b/java/org/apache/catalina/storeconfig/StandardContextSF.java
index 5a15731160..98a752717b 100644
--- a/java/org/apache/catalina/storeconfig/StandardContextSF.java
+++ b/java/org/apache/catalina/storeconfig/StandardContextSF.java
@@ -28,6 +28,7 @@ import java.util.List;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
+import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Loader;
@@ -122,7 +123,7 @@ public class StandardContextSF extends StoreFactoryBase {
if (configFile != null) {
File config = new File(configFile.toURI());
if (!config.isAbsolute()) {
-config = new File(System.getProperty("catalina.base"),
+config = new
File(System.getProperty(Globals.CATALINA_BASE_PROP),
config.getPath());
}
if( (!config.isFile()) || (!config.canWrite())) {
@@ -188,7 +189,7 @@ public class StandardContextSF extends StoreFactoryBase {
if (configFile != null) {
File config = new File(configFile.toURI());
if (!config.isAbsolute()) {
-config = new File(System.getProperty("catalina.base"),
+config = new
File(System.getProperty(Globals.CATALINA_BASE_PROP),
config.getPath());
}
// Open an output writer for the new configuration file
@@ -294,7 +295,7 @@ public class StandardContextSF extends StoreFactoryBase {
*/
protected File configBase(Context context) {
-File file = new File(System.getProperty("catalina.base"), "conf");
+File file = new File(System.getProperty(Globals.CATALINA_BASE_PROP),
"conf");
Container host = context.getParent();
if (host instanceof Host) {
@@ -328,9 +329,9 @@ public class StandardContextSF extends
[tomcat] branch 10.1.x updated: Use available constants
This is an automated email from the ASF dual-hosted git repository.
isapir pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 2d9c64e2ec Use available constants
2d9c64e2ec is described below
commit 2d9c64e2ec56b9082c0c5bc4b1eed618e258
Author: Igal Sapir
AuthorDate: Tue Mar 14 20:32:16 2023 -0700
Use available constants
---
java/org/apache/catalina/startup/VersionLoggerListener.java | 4 ++--
.../apache/catalina/storeconfig/ConnectorStoreAppender.java | 3 ++-
java/org/apache/catalina/storeconfig/StandardContextSF.java | 11 ++-
.../org/apache/catalina/storeconfig/StoreContextAppender.java | 3 ++-
java/org/apache/catalina/storeconfig/StoreFileMover.java | 3 ++-
java/org/apache/tomcat/jni/Library.java | 4 +++-
test/org/apache/catalina/startup/LoggingBaseTest.java | 2 +-
test/org/apache/tomcat/util/file/TestConfigFileLoader.java| 5 +++--
8 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/startup/VersionLoggerListener.java
b/java/org/apache/catalina/startup/VersionLoggerListener.java
index 472cd46d48..9e92df0339 100644
--- a/java/org/apache/catalina/startup/VersionLoggerListener.java
+++ b/java/org/apache/catalina/startup/VersionLoggerListener.java
@@ -113,9 +113,9 @@ public class VersionLoggerListener implements
LifecycleListener {
log.info(sm.getString("versionLoggerListener.vm.vendor",
System.getProperty("java.vm.vendor")));
log.info(sm.getString("versionLoggerListener.catalina.base",
-System.getProperty("catalina.base")));
+System.getProperty(Constants.CATALINA_BASE_PROP)));
log.info(sm.getString("versionLoggerListener.catalina.home",
-System.getProperty("catalina.home")));
+System.getProperty(Constants.CATALINA_HOME_PROP)));
if (logArgs) {
List args =
ManagementFactory.getRuntimeMXBean().getInputArguments();
diff --git a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
index 5b872aca5b..615eb722de 100644
--- a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
+++ b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
@@ -29,6 +29,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import org.apache.catalina.Globals;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.ProtocolHandler;
import org.apache.tomcat.util.IntrospectionUtils;
@@ -281,7 +282,7 @@ public class ConnectorStoreAppender extends StoreAppender {
protected File getCatalinaBase() {
-File file = new File(System.getProperty("catalina.base"));
+File file = new File(System.getProperty(Globals.CATALINA_BASE_PROP));
try {
file = file.getCanonicalFile();
} catch (IOException e) {
diff --git a/java/org/apache/catalina/storeconfig/StandardContextSF.java
b/java/org/apache/catalina/storeconfig/StandardContextSF.java
index 5a15731160..98a752717b 100644
--- a/java/org/apache/catalina/storeconfig/StandardContextSF.java
+++ b/java/org/apache/catalina/storeconfig/StandardContextSF.java
@@ -28,6 +28,7 @@ import java.util.List;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
+import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Loader;
@@ -122,7 +123,7 @@ public class StandardContextSF extends StoreFactoryBase {
if (configFile != null) {
File config = new File(configFile.toURI());
if (!config.isAbsolute()) {
-config = new File(System.getProperty("catalina.base"),
+config = new
File(System.getProperty(Globals.CATALINA_BASE_PROP),
config.getPath());
}
if( (!config.isFile()) || (!config.canWrite())) {
@@ -188,7 +189,7 @@ public class StandardContextSF extends StoreFactoryBase {
if (configFile != null) {
File config = new File(configFile.toURI());
if (!config.isAbsolute()) {
-config = new File(System.getProperty("catalina.base"),
+config = new
File(System.getProperty(Globals.CATALINA_BASE_PROP),
config.getPath());
}
// Open an output writer for the new configuration file
@@ -294,7 +295,7 @@ public class StandardContextSF extends StoreFactoryBase {
*/
protected File configBase(Context context) {
-File file = new File(System.getProperty("catalina.base"), "conf");
+File file = new File(System.getProperty(Globals.CATALINA_BASE_PROP),
"conf");
Container
[tomcat] branch 8.5.x updated: Fix changelog entry
This is an automated email from the ASF dual-hosted git repository. lihan pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new cbb08b1be3 Fix changelog entry cbb08b1be3 is described below commit cbb08b1be39e7c4db468a5df54328084ff98dec7 Author: lihan AuthorDate: Wed Mar 15 10:58:34 2023 +0800 Fix changelog entry --- webapps/docs/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 9b8b070a20..fe5ef0abc2 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -131,6 +131,7 @@ 66524 Correct eviction ordering in WebResource cache to by LRU as intended. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix changelog entry
This is an automated email from the ASF dual-hosted git repository. lihan pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new cd2566a28c Fix changelog entry cd2566a28c is described below commit cd2566a28cfab43cbba19aa600b56f4d5cb3e533 Author: lihan AuthorDate: Wed Mar 15 10:58:34 2023 +0800 Fix changelog entry --- webapps/docs/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 5cbbdfaebb..39c4d6707f 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -131,6 +131,7 @@ 66524 Correct eviction ordering in WebResource cache to by LRU as intended. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Fix changelog entry
This is an automated email from the ASF dual-hosted git repository. lihan pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 3cf7c5fdc9 Fix changelog entry 3cf7c5fdc9 is described below commit 3cf7c5fdc98b09e5dcf13db933f23c8cad3b3be5 Author: lihan AuthorDate: Wed Mar 15 10:58:34 2023 +0800 Fix changelog entry --- webapps/docs/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index d0470c6b74..c574b05f88 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -131,6 +131,7 @@ 66524 Correct eviction ordering in WebResource cache to by LRU as intended. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix changelog entry
This is an automated email from the ASF dual-hosted git repository. lihan pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new f28f12e5b6 Fix changelog entry f28f12e5b6 is described below commit f28f12e5b639a40c3cef4278ee55738d14a62111 Author: lihan AuthorDate: Wed Mar 15 10:58:34 2023 +0800 Fix changelog entry --- webapps/docs/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 6eb73d1c60..46b8da05be 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -155,6 +155,7 @@ 66524 Correct eviction ordering in WebResource cache to by LRU as intended. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Support RFC 7616. Add support for multiple algorithms.
> On Mar 15, 2023, at 01:45, ma...@apache.org wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new 55ad7dbe19 Support RFC 7616. Add support for multiple algorithms.
> 55ad7dbe19 is described below
>
> commit 55ad7dbe196ba35dd16952701890d318e7926c02
> Author: Mark Thomas
> AuthorDate: Fri Mar 3 17:58:05 2023 +
>
>Support RFC 7616. Add support for multiple algorithms.
> ---
> java/org/apache/catalina/Realm.java| 40 +++
> .../authenticator/DigestAuthenticator.java | 213
> .../catalina/authenticator/LocalStrings.properties | 2 +
> java/org/apache/catalina/realm/CombinedRealm.java | 4 +-
> .../apache/catalina/realm/JAASCallbackHandler.java | 7 +-
> .../catalina/realm/JAASMemoryLoginModule.java | 9 +-
> java/org/apache/catalina/realm/JAASRealm.java | 6 +-
> java/org/apache/catalina/realm/JNDIRealm.java | 4 +-
> .../apache/catalina/realm/LocalStrings.properties | 1 +
> java/org/apache/catalina/realm/LockOutRealm.java | 4 +-
> java/org/apache/catalina/realm/RealmBase.java | 48 +++-
> .../tomcat/websocket/DigestAuthenticator.java | 22 +-
> .../TestDigestAuthenticatorAlgorithms.java | 279 +
> test/org/apache/catalina/realm/TestJNDIRealm.java | 6 +-
> webapps/docs/changelog.xml | 6 +
> webapps/docs/config/valve.xml | 7 +
> 16 files changed, 580 insertions(+), 78 deletions(-)
>
> diff --git a/java/org/apache/catalina/Realm.java
> b/java/org/apache/catalina/Realm.java
> index cb27fdd487..e81802965e 100644
> --- a/java/org/apache/catalina/Realm.java
> +++ b/java/org/apache/catalina/Realm.java
> @@ -101,13 +101,53 @@ public interface Realm extends Contained {
> * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
> *
> * @return the associated principal, or {@code null} if there is none.
> + *
> + * @deprecated Unused. Use {@link #authenticate(String, String, String,
> + * String, String, String, String, String, String)}. Will be removed in
> + * Tomcat 11.
> */
> +@Deprecated
> Principal authenticate(String username, String digest,
> String nonce, String nc, String cnonce,
> String qop, String realm,
> String digestA2);
>
>
> +/**
> + * Try to authenticate with the specified username, which
> + * matches the digest calculated using the given parameters using the
> + * method described in RFC 7616.
> + *
> + * The default implementation calls {@link #authenticate(String, String,
> + * String, String, String, String, String, String)} for backwards
> + * compatibility which effectively forces the use of MD5 regardless of
> the
> + * algorithm specified in the call to this method.
> + *
> + * Implementations are expected to override the default implementation
> and
> + * take account of the algorithm parameter.
> + *
> + * @param username Username of the Principal to look up
> + * @param digest Digest which has been submitted by the client
> + * @param nonce Unique (or supposedly unique) token which has been used
> + * for this request
> + * @param nc the nonce counter
> + * @param cnonce the client chosen nonce
> + * @param qop the "quality of protection" ({@code nc} and {@code cnonce}
> + *will only be used, if {@code qop} is not {@code null}).
> + * @param realm Realm name
> + * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
> + * @param algorithm The message digest algorithm to use
> + *
> + * @return the associated principal, or {@code null} if there is none.
> + */
> +default Principal authenticate(String username, String digest,
> + String nonce, String nc, String cnonce,
> + String qop, String realm,
> + String digestA2, String algorithm) {
> +return authenticate(username, digest, nonce, nc, cnonce, qop, realm,
> digestA2);
> +}
> +
> +
> /**
> * Try to authenticate using a {@link GSSContext}.
> *
> diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> index 0d5e681a3f..f80f2181e9 100644
> --- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> +++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> @@ -19,8 +19,14 @@ package org.apache.catalina.authenticator;
> import java.io.IOException;
> import java.io.StringReader;
> import java.nio.charset.StandardCharsets;
[tomcat] branch main updated (85ba2ecd56 -> cae3d5f42e)
This is an automated email from the ASF dual-hosted git repository. isapir pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 85ba2ecd56 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524 add a393d738f6 Use available constants new cae3d5f42e Merge pull request #598 from apache/use-available-constants The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/startup/VersionLoggerListener.java | 4 ++-- .../apache/catalina/storeconfig/ConnectorStoreAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StandardContextSF.java | 11 ++- .../org/apache/catalina/storeconfig/StoreContextAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StoreFileMover.java | 3 ++- java/org/apache/tomcat/jni/Library.java | 4 +++- test/org/apache/catalina/startup/LoggingBaseTest.java | 2 +- test/org/apache/tomcat/util/file/TestConfigFileLoader.java| 5 +++-- 8 files changed, 21 insertions(+), 14 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: Merge pull request #598 from apache/use-available-constants
This is an automated email from the ASF dual-hosted git repository. isapir pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit cae3d5f42e98b21d2c69815260207278162afb63 Merge: 85ba2ecd56 a393d738f6 Author: Igal Sapir AuthorDate: Tue Mar 14 18:56:14 2023 -0700 Merge pull request #598 from apache/use-available-constants Use available constants java/org/apache/catalina/startup/VersionLoggerListener.java | 4 ++-- .../apache/catalina/storeconfig/ConnectorStoreAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StandardContextSF.java | 11 ++- .../org/apache/catalina/storeconfig/StoreContextAppender.java | 3 ++- java/org/apache/catalina/storeconfig/StoreFileMover.java | 3 ++- java/org/apache/tomcat/jni/Library.java | 4 +++- test/org/apache/catalina/startup/LoggingBaseTest.java | 2 +- test/org/apache/tomcat/util/file/TestConfigFileLoader.java| 5 +++-- 8 files changed, 21 insertions(+), 14 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] isapir merged pull request #598: Use available constants
isapir merged PR #598: URL: https://github.com/apache/tomcat/pull/598 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] isapir commented on pull request #598: Use available constants
isapir commented on PR #598: URL: https://github.com/apache/tomcat/pull/598#issuecomment-1469170270 Thanks @rmaucher! I will watch out for that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
TestRewriteValve Fails When Specifying Custom Output Directory
Hello, test/org/apache/catalina/valves/rewrite/TestRewriteValve.java fails with file not found when a custom tomcat.output directory is specified in build.properties. I have the Tomcat source code (main branch) at /workspace/src/tomcat/main (let's call it ), and the following in build.properties: tomcat.output=/workspace/build/tomcat/main That setup allows me to have different directories for the different active versions of Tomcat, where the leaf directory can also be 10.0.x, 9.0.x, 8.5.x, etc, and has been working well for a while. A recent update to TestRewriteValve works with the default configuration, but with my setup it fails with a FileNotFoundException. Details below [1]. I can see that with the default configuration the file is loaded from /workspace/src/tomcat/main/test/conf/TesterRewriteMapB.txt, i.e. /test/conf/TesterRewriteMapB.txt, but with the custom tomcat.output the file is searched for at /workspace/build/tomcat/main/build/test/conf/TesterRewriteMapB.txt, i.e. /build/test/conf/TesterRewriteMapB.txt Is it possible to specify the file path differently so that it would work with a custom tomcat.output directory? Thanks, Igal [1] FileNotFoundException: Testcase: testRewriteMap12 took 0.011 sec Caused an ERROR Error reading text file [../../../test/conf/TesterRewriteMapB.txt] java.lang.IllegalArgumentException: Error reading text file [../../../test/conf/TesterRewriteMapB.txt] at org.apache.catalina.valves.rewrite.RandomizedTextRewriteMap.(RandomizedTextRewriteMap.java:72) at org.apache.catalina.valves.rewrite.RewriteValve.parse(RewriteValve.java:619) at org.apache.catalina.valves.rewrite.RewriteValve.parse(RewriteValve.java:221) at org.apache.catalina.valves.rewrite.RewriteValve.setConfiguration(RewriteValve.java:192) at org.apache.catalina.valves.rewrite.TestRewriteValve.doTestRewrite(TestRewriteValve.java:766) at org.apache.catalina.valves.rewrite.TestRewriteValve.doTestRewrite(TestRewriteValve.java:751) at org.apache.catalina.valves.rewrite.TestRewriteValve.doTestRewrite(TestRewriteValve.java:745) at org.apache.catalina.valves.rewrite.TestRewriteValve.testRewriteMap12(TestRewriteValve.java:152) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Caused by: java.io.FileNotFoundException: /workspace/build/tomcat/test/conf/TesterRewriteMapB.txt (No such file or directory) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream.(FileInputStream.java:157) at java.base/java.io.FileInputStream.(FileInputStream.java:111) at java.base/sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:86) at java.base/sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:189) at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getResource(CatalinaBaseConfigurationSource.java:118) at org.apache.catalina.valves.rewrite.RandomizedTextRewriteMap.(RandomizedTextRewriteMap.java:48)
Buildbot failure in on tomcat-8.5.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/36/builds/429 Blamelist: Christopher Schultz Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 8.5.x] 4823dc6f5095854c7236760cd859a44bdf4fd909 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-9.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/492 Blamelist: Christopher Schultz , Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 9.0.x] c9b202aad8f351e60f7f6e5a02db3691a97c4059 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-10.1.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/44/builds/715 Blamelist: Christopher Schultz Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 10.1.x] f53aa0059ac70a2f7883bcf69a913362d58612d8 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/261 Blamelist: Christopher Schultz Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] 85ba2ecd56e49e4e1d08a31ca86438010166821f Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4823dc6f50 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
4823dc6f50 is described below
commit 4823dc6f5095854c7236760cd859a44bdf4fd909
Author: Christopher Schultz
AuthorDate: Tue Mar 14 17:19:17 2023 -0400
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
Evict WebResource cache entris in LRU order as intended.
---
java/org/apache/catalina/webresources/Cache.java | 12 +++-
webapps/docs/changelog.xml | 3 +++
2 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/webresources/Cache.java
b/java/org/apache/catalina/webresources/Cache.java
index bfa1b2199e..2586cb5805 100644
--- a/java/org/apache/catalina/webresources/Cache.java
+++ b/java/org/apache/catalina/webresources/Cache.java
@@ -326,15 +326,9 @@ public class Cache {
long nc1 = cr1.getNextCheck();
long nc2 = cr2.getNextCheck();
-// Oldest resource should be first (so iterator goes from oldest to
-// youngest.
-if (nc1 == nc2) {
-return 0;
-} else if (nc1 > nc2) {
-return -1;
-} else {
-return 1;
-}
+// Oldest resource (lowest next-check value) should be first (so
+// iterator goes from oldest to youngest.
+return Long.compare(nc1, nc2);
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a1d8e010d8..9b8b070a20 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -128,6 +128,9 @@
Tomcat.addWebapp() methods that incorrectly stated that
the
docBase parameter could be a relative path. (markt)
+
+66524 Correct eviction ordering in WebResource cache to
+by LRU as intended. (schultz)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66524] resource cache eviction is MRU not LRU
https://bz.apache.org/bugzilla/show_bug.cgi?id=66524 Christopher Schultz changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #5 from Christopher Schultz --- Fixed in 85ba2ecd56e49e4e1d08a31ca86438010166821f (main) and 4823dc6f5095854c7236760cd859a44bdf4fd909 (8.5.x branch). Will be in: - 11.0.x for 11.0.0-M5 onwards - 10.1.x for 10.1.8 onwards - 9.0.x for 9.0.74 onwards - 8.5.x for 8.5.88 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/260 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] 15c5c496ee46aa71e2772816afc76a5c9e92275d Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new c9b202aad8 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
c9b202aad8 is described below
commit c9b202aad8f351e60f7f6e5a02db3691a97c4059
Author: Christopher Schultz
AuthorDate: Tue Mar 14 17:19:17 2023 -0400
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
Evict WebResource cache entris in LRU order as intended.
---
java/org/apache/catalina/webresources/Cache.java | 2 +-
webapps/docs/changelog.xml | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/webresources/Cache.java
b/java/org/apache/catalina/webresources/Cache.java
index 4893a289cb..467a43bf2e 100644
--- a/java/org/apache/catalina/webresources/Cache.java
+++ b/java/org/apache/catalina/webresources/Cache.java
@@ -208,7 +208,7 @@ public class Cache {
// used first. This is a background process so we can afford to take
the
// time to order the elements first
TreeSet orderedResources = new TreeSet<>(
-
Comparator.comparingLong(CachedResource::getNextCheck).reversed());
+Comparator.comparingLong(CachedResource::getNextCheck));
orderedResources.addAll(resourceCache.values());
Iterator iter = orderedResources.iterator();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cc544b22b1..5cbbdfaebb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -128,6 +128,9 @@
Tomcat.addWebapp() methods that incorrectly stated that
the
docBase parameter could be a relative path. (markt)
+
+66524 Correct eviction ordering in WebResource cache to
+by LRU as intended. (schultz)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new f53aa0059a Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
f53aa0059a is described below
commit f53aa0059ac70a2f7883bcf69a913362d58612d8
Author: Christopher Schultz
AuthorDate: Tue Mar 14 17:19:17 2023 -0400
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
Evict WebResource cache entris in LRU order as intended.
---
java/org/apache/catalina/webresources/Cache.java | 2 +-
webapps/docs/changelog.xml | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/webresources/Cache.java
b/java/org/apache/catalina/webresources/Cache.java
index 4893a289cb..467a43bf2e 100644
--- a/java/org/apache/catalina/webresources/Cache.java
+++ b/java/org/apache/catalina/webresources/Cache.java
@@ -208,7 +208,7 @@ public class Cache {
// used first. This is a background process so we can afford to take
the
// time to order the elements first
TreeSet orderedResources = new TreeSet<>(
-
Comparator.comparingLong(CachedResource::getNextCheck).reversed());
+Comparator.comparingLong(CachedResource::getNextCheck));
orderedResources.addAll(resourceCache.values());
Iterator iter = orderedResources.iterator();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1ba1a3191a..d0470c6b74 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -128,6 +128,9 @@
Tomcat.addWebapp() methods that incorrectly stated that
the
docBase parameter could be a relative path. (markt)
+
+66524 Correct eviction ordering in WebResource cache to
+by LRU as intended. (schultz)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 85ba2ecd56 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
85ba2ecd56 is described below
commit 85ba2ecd56e49e4e1d08a31ca86438010166821f
Author: Christopher Schultz
AuthorDate: Tue Mar 14 17:19:17 2023 -0400
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=66524
Evict WebResource cache entris in LRU order as intended.
---
java/org/apache/catalina/webresources/Cache.java | 2 +-
webapps/docs/changelog.xml | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/webresources/Cache.java
b/java/org/apache/catalina/webresources/Cache.java
index 4893a289cb..467a43bf2e 100644
--- a/java/org/apache/catalina/webresources/Cache.java
+++ b/java/org/apache/catalina/webresources/Cache.java
@@ -208,7 +208,7 @@ public class Cache {
// used first. This is a background process so we can afford to take
the
// time to order the elements first
TreeSet orderedResources = new TreeSet<>(
-
Comparator.comparingLong(CachedResource::getNextCheck).reversed());
+Comparator.comparingLong(CachedResource::getNextCheck));
orderedResources.addAll(resourceCache.values());
Iterator iter = orderedResources.iterator();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3df44e6ca5..6eb73d1c60 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -152,6 +152,9 @@
Tomcat.addWebapp() methods that incorrectly stated that
the
docBase parameter could be a relative path. (markt)
+
+66524 Correct eviction ordering in WebResource cache to
+by LRU as intended. (schultz)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Reduce default for maxParameterCount
Mark, On 3/14/23 13:57, Mark Thomas wrote: On 09/03/2023 14:23, Christopher Schultz wrote: Mark, On 3/9/23 05:56, Mark Thomas wrote: Hi all, In the context of CVE-2023-24998 (performance issues for large numbers of uploaded parts), I have been wondering about reducing the default value for maxParameterCount. The current default for maxParameterCount is 10,000. It was set based on it being low enough to mitigate CVE-2012-0022 (hash collisions in parameter names triggering performance issues) while being so high it was considered extremely unlikely to impact any web application. Also relevant: maxPostSize and maxHttpRequestHeaderSize which help to limit the total size of a request, regardless of the number of parameters. I don't think we can lower those any further by default. If anything, the trend is towards making them larger. The current default is sufficiently low to mitigate CVE-2023-24998. There isn't any reason I am aware of that means we need to reduce the default for maxParameterCount. My thinking is more along the lines that when we last thought about this default in 2012, it was considered from the perspective of "How high can we set this and still be sure applications aren't exposed to CVE-2012-0022 or something like it?". If we consider it from the perspective of "How low can we make this without breaking many / most / (nearly) all applications?" I think we'll choose a much lower number. +1 Another benefit of a lower number is to harden Tomcat in advance against future vulnerabilities like CVE-2023-24998. I was wondering about a new default of 1000 or maybe even 500. This would certainly be for 11.0.x. I think it should be back-ported but maybe in stages (5000, 3000, 2000, 1000) and/or delayed so it is reduced in 10.1.x for a few releases before we reduce it in 9.0.x and the a few more releases before we reduce it in 8.5.x. Thoughts? +1 for 1000. 500 seems insane to me but I'm sure there is some application out there which uses 1000 parameters instead of JSON, etc. for some reason. I've reduced the default to 1,000 for 11.0.x. Thoughts on if/how to back-port this to 10.1.x and friends? Straight to 1000 for all older versions? Straight to 1000 for 10.1.x then wait a few releases for each further backport? Or more cautious and backport a gradual reduction? I would go for a 1000 limit for all currently-supported versions. It's *very* easy to raise the limit if it interferes with a specific application's functions. I *would* add an entry in the "notable changes" for each release e.g. https://tomcat.apache.org/migration-10.1.html#Tomcat_10.1.x_noteable_changes -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Support RFC 7616. Add support for multiple algorithms.
Mark, On 3/14/23 13:47, Mark Thomas wrote: On 14/03/2023 17:45, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: Â new 55ad7dbe19 Support RFC 7616. Add support for multiple algorithms. 55ad7dbe19 is described below commit 55ad7dbe196ba35dd16952701890d318e7926c02 Author: Mark Thomas AuthorDate: Fri Mar 3 17:58:05 2023 + Support RFC 7616. Add support for multiple algorithms. Thoughts on back-porting this? I see no reason to /avoid/ back-porting it. Browser support is nearly non-existent, so I see no burning requirement to back-port. If its easy to do, I'd say go ahead and back-port. If it's a pain or you are even a little concerned about stability, maybe give users some time to play with it a little before back-porting. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-10.1.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/44/builds/714 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 10.1.x] 71ed599c000ca09bcb67ac8ed195371f899aa215 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66196] HTTP/1 connector doesn't blow-up when HTTP header contains non-ASCII characters
https://bz.apache.org/bugzilla/show_bug.cgi?id=66196 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #13 from Mark Thomas --- See bug 66512 for the AJP aspect of this. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-10.1.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/44/builds/713 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 10.1.x] bb0649554e816f71eaf29396f2edf65b6ccff5ec Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Revert unintended change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 5856dff3df Revert unintended change.
5856dff3df is described below
commit 5856dff3df93a322a7e3f7568557a5e87ddc643f
Author: Mark Thomas
AuthorDate: Tue Mar 14 19:31:31 2023 +
Revert unintended change.
This was me testing things and I failed to revert this change before
committing.
---
java/org/apache/catalina/startup/Tomcat.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index 779ab28873..e43f4095d8 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -1258,7 +1258,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(server.getCatalinaBase(), path);
+File docBase = new File(path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Revert unintended change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new df6cb41858 Revert unintended change.
df6cb41858 is described below
commit df6cb41858b032270f72a6945646a1566d98957c
Author: Mark Thomas
AuthorDate: Tue Mar 14 19:31:31 2023 +
Revert unintended change.
This was me testing things and I failed to revert this change before
committing.
---
java/org/apache/catalina/startup/Tomcat.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index 0b60e03362..84565ffe23 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -1234,7 +1234,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(server.getCatalinaBase(), path);
+File docBase = new File(path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (afb2a24a13 -> 15c5c496ee)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from afb2a24a13 Fix BZ 66527 - docBase must be absolute here add 15c5c496ee Revert unintended change. No new revisions were added by this update. Summary of changes: java/org/apache/catalina/startup/Tomcat.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Revert unintended change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 71ed599c00 Revert unintended change.
71ed599c00 is described below
commit 71ed599c000ca09bcb67ac8ed195371f899aa215
Author: Mark Thomas
AuthorDate: Tue Mar 14 19:31:31 2023 +
Revert unintended change.
This was me testing things and I failed to revert this change before
committing.
---
java/org/apache/catalina/startup/Tomcat.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index debc382397..1504013115 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -1235,7 +1235,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(server.getCatalinaBase(), path);
+File docBase = new File(path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/259 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] afb2a24a13c4a02838a34ce341b7e19efaac6b77 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66527] Embedded Tomcat addWebApp docBase usage is inconsistent with JavaDoc
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Mark Thomas --- Fixed in: - 11.0.x for 11.0.0-M5 onwards - 10.1.x for 10.1.8 onwards - 9.0.x for 9.0.74 onwards - 8.5.x for 8.5.88 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix BZ 66527 - docBase must be absolute here
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new c66d171343 Fix BZ 66527 - docBase must be absolute here
c66d171343 is described below
commit c66d171343cade7878526a0cf05d87711b534f8a
Author: Mark Thomas
AuthorDate: Tue Mar 14 18:21:39 2023 +
Fix BZ 66527 - docBase must be absolute here
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527
---
java/org/apache/catalina/startup/Tomcat.java | 8
webapps/docs/changelog.xml | 5 +
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index 35b697f91a..0b60e03362 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -232,7 +232,7 @@ public class Tomcat {
*
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -673,7 +673,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -724,7 +724,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
* @param config Custom context configuration helper. Any
configuration
*will be in addition to equivalent of the default
*web.xml configuration described above.
@@ -1234,7 +1234,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(path);
+File docBase = new File(server.getCatalinaBase(), path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ee686836c4..a1d8e010d8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
authenticationSessionTimeout attribute of the FORM
authenticator. (markt)
+
+66527: Correct the Javadoc for the
+Tomcat.addWebapp() methods that incorrectly stated that
the
+docBase parameter could be a relative path. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix BZ 66527 - docBase must be absolute here
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 16df2d802e Fix BZ 66527 - docBase must be absolute here
16df2d802e is described below
commit 16df2d802efef1de344a629c97eb1ebb489283c1
Author: Mark Thomas
AuthorDate: Tue Mar 14 18:21:39 2023 +
Fix BZ 66527 - docBase must be absolute here
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527
---
java/org/apache/catalina/startup/Tomcat.java | 8
webapps/docs/changelog.xml | 5 +
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index 275558c34d..779ab28873 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -241,7 +241,7 @@ public class Tomcat {
*
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -715,7 +715,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -748,7 +748,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
* @param config Custom context configuration helper. Any
configuration
*will be in addition to equivalent of the default
*web.xml configuration described above.
@@ -1258,7 +1258,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(path);
+File docBase = new File(server.getCatalinaBase(), path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 01720dde4c..cc544b22b1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
authenticationSessionTimeout attribute of the FORM
authenticator. (markt)
+
+66527: Correct the Javadoc for the
+Tomcat.addWebapp() methods that incorrectly stated that
the
+docBase parameter could be a relative path. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Fix BZ 66527 - docBase must be absolute here
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new bb0649554e Fix BZ 66527 - docBase must be absolute here
bb0649554e is described below
commit bb0649554e816f71eaf29396f2edf65b6ccff5ec
Author: Mark Thomas
AuthorDate: Tue Mar 14 18:21:39 2023 +
Fix BZ 66527 - docBase must be absolute here
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527
---
java/org/apache/catalina/startup/Tomcat.java | 8
webapps/docs/changelog.xml | 5 +
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index 39142b6b06..debc382397 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -240,7 +240,7 @@ public class Tomcat {
*
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -712,7 +712,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -745,7 +745,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
* @param config Custom context configuration helper. Any
configuration
*will be in addition to equivalent of the default
*web.xml configuration described above.
@@ -1235,7 +1235,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(path);
+File docBase = new File(server.getCatalinaBase(), path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e4a51ba2cf..1ba1a3191a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
authenticationSessionTimeout attribute of the FORM
authenticator. (markt)
+
+66527: Correct the Javadoc for the
+Tomcat.addWebapp() methods that incorrectly stated that
the
+docBase parameter could be a relative path. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix BZ 66527 - docBase must be absolute here
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new afb2a24a13 Fix BZ 66527 - docBase must be absolute here
afb2a24a13 is described below
commit afb2a24a13c4a02838a34ce341b7e19efaac6b77
Author: Mark Thomas
AuthorDate: Tue Mar 14 18:21:39 2023 +
Fix BZ 66527 - docBase must be absolute here
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527
---
java/org/apache/catalina/startup/Tomcat.java | 8
webapps/docs/changelog.xml | 5 +
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/startup/Tomcat.java
b/java/org/apache/catalina/startup/Tomcat.java
index a41f96433a..667276a8e9 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -239,7 +239,7 @@ public class Tomcat {
*
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -711,7 +711,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
*
* @return the deployed context
*/
@@ -744,7 +744,7 @@ public class Tomcat {
* @param hostThe host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
* @param docBase Base directory for the context, for static files.
Must
- *exist, relative to the server home
+ *exist and be an absolute path.
* @param config Custom context configuration helper. Any
configuration
*will be in addition to equivalent of the default
*web.xml configuration described above.
@@ -1234,7 +1234,7 @@ public class Tomcat {
}
protected URL getWebappConfigFile(String path, String contextName) {
-File docBase = new File(path);
+File docBase = new File(server.getCatalinaBase(), path);
if (docBase.isDirectory()) {
return getWebappConfigFileFromDirectory(docBase, contextName);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e1a30da06a..3df44e6ca5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -147,6 +147,11 @@
Reduce the default value of maxParameterCount from 10,000
to 1,000. (markt)
+
+66527: Correct the Javadoc for the
+Tomcat.addWebapp() methods that incorrectly stated that
the
+docBase parameter could be a relative path. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66527] Embedded Tomcat addWebApp docBase usage is inconsistent with JavaDoc
https://bz.apache.org/bugzilla/show_bug.cgi?id=66527 --- Comment #1 from Mark Thomas --- Looking at the history of that file, the docBase was always meant to be absolute. Saying it could be relative is a Javadoc bug added (by me) as part of the fix for bug 57723. I'll get the Javadoc corrected. I did look at the possibility of supporting a relative path but that begs the question "Relative to what?". CATALINA_BASE isn't an option as that is (usually) created dynamically when using the Tomcat class. Using current directory is too fragile for my liking. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Reduce default for maxParameterCount
On 09/03/2023 14:23, Christopher Schultz wrote: Mark, On 3/9/23 05:56, Mark Thomas wrote: Hi all, In the context of CVE-2023-24998 (performance issues for large numbers of uploaded parts), I have been wondering about reducing the default value for maxParameterCount. The current default for maxParameterCount is 10,000. It was set based on it being low enough to mitigate CVE-2012-0022 (hash collisions in parameter names triggering performance issues) while being so high it was considered extremely unlikely to impact any web application. Also relevant: maxPostSize and maxHttpRequestHeaderSize which help to limit the total size of a request, regardless of the number of parameters. I don't think we can lower those any further by default. If anything, the trend is towards making them larger. The current default is sufficiently low to mitigate CVE-2023-24998. There isn't any reason I am aware of that means we need to reduce the default for maxParameterCount. My thinking is more along the lines that when we last thought about this default in 2012, it was considered from the perspective of "How high can we set this and still be sure applications aren't exposed to CVE-2012-0022 or something like it?". If we consider it from the perspective of "How low can we make this without breaking many / most / (nearly) all applications?" I think we'll choose a much lower number. +1 Another benefit of a lower number is to harden Tomcat in advance against future vulnerabilities like CVE-2023-24998. I was wondering about a new default of 1000 or maybe even 500. This would certainly be for 11.0.x. I think it should be back-ported but maybe in stages (5000, 3000, 2000, 1000) and/or delayed so it is reduced in 10.1.x for a few releases before we reduce it in 9.0.x and the a few more releases before we reduce it in 8.5.x. Thoughts? +1 for 1000. 500 seems insane to me but I'm sure there is some application out there which uses 1000 parameters instead of JSON, etc. for some reason. I've reduced the default to 1,000 for 11.0.x. Thoughts on if/how to back-port this to 10.1.x and friends? Straight to 1000 for all older versions? Straight to 1000 for 10.1.x then wait a few releases for each further backport? Or more cautious and backport a gradual reduction? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (55ad7dbe19 -> f6ffe8dba0)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 55ad7dbe19 Support RFC 7616. Add support for multiple algorithms. add f6ffe8dba0 Reduce the default for maxParameterCount from 10,000 to 1,000. No new revisions were added by this update. Summary of changes: java/org/apache/catalina/connector/Connector.java | 2 +- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- webapps/docs/changelog.xml| 4 webapps/docs/config/ajp.xml | 2 +- webapps/docs/config/http.xml | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Support RFC 7616. Add support for multiple algorithms.
On 14/03/2023 17:45, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 55ad7dbe19 Support RFC 7616. Add support for multiple algorithms. 55ad7dbe19 is described below commit 55ad7dbe196ba35dd16952701890d318e7926c02 Author: Mark Thomas AuthorDate: Fri Mar 3 17:58:05 2023 + Support RFC 7616. Add support for multiple algorithms. Thoughts on back-porting this? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Support RFC 7616. Add support for multiple algorithms.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 55ad7dbe19 Support RFC 7616. Add support for multiple algorithms.
55ad7dbe19 is described below
commit 55ad7dbe196ba35dd16952701890d318e7926c02
Author: Mark Thomas
AuthorDate: Fri Mar 3 17:58:05 2023 +
Support RFC 7616. Add support for multiple algorithms.
---
java/org/apache/catalina/Realm.java| 40 +++
.../authenticator/DigestAuthenticator.java | 213
.../catalina/authenticator/LocalStrings.properties | 2 +
java/org/apache/catalina/realm/CombinedRealm.java | 4 +-
.../apache/catalina/realm/JAASCallbackHandler.java | 7 +-
.../catalina/realm/JAASMemoryLoginModule.java | 9 +-
java/org/apache/catalina/realm/JAASRealm.java | 6 +-
java/org/apache/catalina/realm/JNDIRealm.java | 4 +-
.../apache/catalina/realm/LocalStrings.properties | 1 +
java/org/apache/catalina/realm/LockOutRealm.java | 4 +-
java/org/apache/catalina/realm/RealmBase.java | 48 +++-
.../tomcat/websocket/DigestAuthenticator.java | 22 +-
.../TestDigestAuthenticatorAlgorithms.java | 279 +
test/org/apache/catalina/realm/TestJNDIRealm.java | 6 +-
webapps/docs/changelog.xml | 6 +
webapps/docs/config/valve.xml | 7 +
16 files changed, 580 insertions(+), 78 deletions(-)
diff --git a/java/org/apache/catalina/Realm.java
b/java/org/apache/catalina/Realm.java
index cb27fdd487..e81802965e 100644
--- a/java/org/apache/catalina/Realm.java
+++ b/java/org/apache/catalina/Realm.java
@@ -101,13 +101,53 @@ public interface Realm extends Contained {
* @param digestA2 Second digest calculated as digest(Method + ":" + uri)
*
* @return the associated principal, or {@code null} if there is none.
+ *
+ * @deprecated Unused. Use {@link #authenticate(String, String, String,
+ * String, String, String, String, String, String)}. Will be removed in
+ * Tomcat 11.
*/
+@Deprecated
Principal authenticate(String username, String digest,
String nonce, String nc, String cnonce,
String qop, String realm,
String digestA2);
+/**
+ * Try to authenticate with the specified username, which
+ * matches the digest calculated using the given parameters using the
+ * method described in RFC 7616.
+ *
+ * The default implementation calls {@link #authenticate(String, String,
+ * String, String, String, String, String, String)} for backwards
+ * compatibility which effectively forces the use of MD5 regardless of the
+ * algorithm specified in the call to this method.
+ *
+ * Implementations are expected to override the default implementation and
+ * take account of the algorithm parameter.
+ *
+ * @param username Username of the Principal to look up
+ * @param digest Digest which has been submitted by the client
+ * @param nonce Unique (or supposedly unique) token which has been used
+ * for this request
+ * @param nc the nonce counter
+ * @param cnonce the client chosen nonce
+ * @param qop the "quality of protection" ({@code nc} and {@code cnonce}
+ *will only be used, if {@code qop} is not {@code null}).
+ * @param realm Realm name
+ * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
+ * @param algorithm The message digest algorithm to use
+ *
+ * @return the associated principal, or {@code null} if there is none.
+ */
+default Principal authenticate(String username, String digest,
+ String nonce, String nc, String cnonce,
+ String qop, String realm,
+ String digestA2, String algorithm) {
+return authenticate(username, digest, nonce, nc, cnonce, qop, realm,
digestA2);
+}
+
+
/**
* Try to authenticate using a {@link GSSContext}.
*
diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
index 0d5e681a3f..f80f2181e9 100644
--- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
@@ -19,8 +19,14 @@ package org.apache.catalina.authenticator;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
import java.util.LinkedHashMap;
+import
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/257 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] 1d785c77258190e3f2958c26369afb5c7aef0fcf Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-8.5.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/36/builds/427 Blamelist: Mark Thomas , lihan Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 8.5.x] a3a92dfc4b54f2e0b85347902acc74beedc1da97 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 0 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Need to override all the sendRedirect() methods to handle include
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1d785c7725 Need to override all the sendRedirect() methods to handle
include
1d785c7725 is described below
commit 1d785c77258190e3f2958c26369afb5c7aef0fcf
Author: Mark Thomas
AuthorDate: Tue Mar 14 15:45:59 2023 +
Need to override all the sendRedirect() methods to handle include
Applications can call any sendRedirect() method. If we don't override
them all, the redirect may be passed to the wrapped request where it
will be processed.
---
.../catalina/core/ApplicationHttpResponse.java | 39 ++
1 file changed, 39 insertions(+)
diff --git a/java/org/apache/catalina/core/ApplicationHttpResponse.java
b/java/org/apache/catalina/core/ApplicationHttpResponse.java
index 75f882fff2..88e0115219 100644
--- a/java/org/apache/catalina/core/ApplicationHttpResponse.java
+++ b/java/org/apache/catalina/core/ApplicationHttpResponse.java
@@ -256,6 +256,45 @@ class ApplicationHttpResponse extends
HttpServletResponseWrapper {
}
+/**
+ * {@inheritDoc}
+ *
+ * Disallow sendRedirect() calls on an included response.
+ */
+@Override
+public void sendRedirect(String location) throws IOException {
+if (!included) {
+((HttpServletResponse) getResponse()).sendRedirect(location);
+}
+}
+
+
+/**
+ * {@inheritDoc}
+ *
+ * Disallow sendRedirect() calls on an included response.
+ */
+@Override
+public void sendRedirect(String location, int sc) throws IOException {
+if (!included) {
+((HttpServletResponse) getResponse()).sendRedirect(location, sc);
+}
+}
+
+
+/**
+ * {@inheritDoc}
+ *
+ * Disallow sendRedirect() calls on an included response.
+ */
+@Override
+public void sendRedirect(String location, boolean clearBuffer) throws
IOException {
+if (!included) {
+((HttpServletResponse) getResponse()).sendRedirect(location,
clearBuffer);
+}
+}
+
+
/**
* {@inheritDoc}
*
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Buildbot failure in on tomcat-11.0.x
Sorry about this. I thought I ran the tests locally before committing the redirect changes but obviously not. Trying to figure out the root cause of the failure now... Mark On 14/03/2023 15:04, build...@apache.org wrote: Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/255 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] 6c841c949b8b6a36a4318a3cbe21c2d345007a66 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/255 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] 6c841c949b8b6a36a4318a3cbe21c2d345007a66 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix build failure
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a3a92dfc4b Fix build failure
a3a92dfc4b is described below
commit a3a92dfc4b54f2e0b85347902acc74beedc1da97
Author: Mark Thomas
AuthorDate: Thu Mar 9 18:56:19 2023 +
Fix build failure
---
java/org/apache/catalina/realm/UserDatabaseRealm.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index 35559d579f..2412223240 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -126,7 +126,8 @@ public class UserDatabaseRealm extends RealmBase {
/**
- * Calls {@link UserDatabase#backgroundProcess()}.
+ * Calls {@link MemoryUserDatabase#backgroundProcess()} if the Realm is
+ * configured with a MemoryUserDatabase.
*/
@Override
public void backgroundProcess() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (6c841c949b -> 166ef8b6aa)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 6c841c949b Make use of new API methods for sendRedirect() add 166ef8b6aa Add missing @since tags No new revisions were added by this update. Summary of changes: java/jakarta/servlet/ServletRequestWrapper.java | 2 ++ java/jakarta/servlet/http/HttpServlet.java| 2 ++ java/jakarta/servlet/http/HttpServletResponse.java| 14 ++ java/jakarta/servlet/http/HttpServletResponseWrapper.java | 6 ++ java/jakarta/servlet/jsp/ErrorData.java | 4 java/jakarta/servlet/jsp/tagext/IterationTag.java | 1 - 6 files changed, 28 insertions(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (48df571e7f -> 6c841c949b)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 48df571e7f Implement the new sendRedirect() methods in Servlet 6.1 add 6c841c949b Make use of new API methods for sendRedirect() No new revisions were added by this update. Summary of changes: java/org/apache/catalina/authenticator/FormAuthenticator.java | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Implement the new sendRedirect() methods in Servlet 6.1
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 48df571e7f Implement the new sendRedirect() methods in Servlet 6.1
48df571e7f is described below
commit 48df571e7f8b0f4afe0353b559b6844d637c7c56
Author: Mark Thomas
AuthorDate: Tue Mar 14 14:15:54 2023 +
Implement the new sendRedirect() methods in Servlet 6.1
---
java/jakarta/servlet/http/HttpServletResponse.java | 97 +++---
.../servlet/http/HttpServletResponseWrapper.java | 30 ++-
java/org/apache/catalina/connector/Response.java | 30 ++-
.../apache/catalina/connector/ResponseFacade.java | 4 +-
.../catalina/core/ApplicationHttpResponse.java | 12 +--
.../filters/TesterHttpServletResponse.java | 2 +-
webapps/docs/changelog.xml | 4 +
7 files changed, 132 insertions(+), 47 deletions(-)
diff --git a/java/jakarta/servlet/http/HttpServletResponse.java
b/java/jakarta/servlet/http/HttpServletResponse.java
index daacbc212b..a1757dbc71 100644
--- a/java/jakarta/servlet/http/HttpServletResponse.java
+++ b/java/jakarta/servlet/http/HttpServletResponse.java
@@ -112,22 +112,99 @@ public interface HttpServletResponse extends
ServletResponse {
void sendError(int sc) throws IOException;
/**
- * Sends a temporary redirect response to the client using the specified
redirect location URL. This method can
- * accept relative URLs; the servlet container must convert the relative
URL to an absolute URL before sending the
- * response to the client. If the location is relative without a leading
'/' the container interprets it as relative
- * to the current request URI. If the location is relative with a leading
'/' the container interprets it as
- * relative to the servlet container root.
+ * Sends a redirect response to the client using the specified redirect
location URL with the status code
+ * {@link #SC_FOUND} 302 (Found), clears the response buffer and commits
the response. The response buffer will be
+ * replaced with a short hypertext note as per RFC 9110.
+ *
+ * This method has no effect if called from an include.
+ *
+ * @param location the redirect location URL (may be absolute or relative)
+ *
+ * @exception IOException If an input or output exception
occurs
+ * @exception IllegalArgumentException If a relative URL is given and
cannot be converted into an absolute URL
+ * @exception IllegalStateExceptionIf the response was already
committed when this method was called
+ *
+ * @see #sendRedirect(String, int, boolean)
+ */
+default void sendRedirect(String location) throws IOException {
+sendRedirect(location, SC_FOUND, true);
+}
+
+/**
+ * Sends a redirect response to the client using the specified redirect
location URL with the status code
+ * {@link #SC_FOUND} 302 (Found), optionally clears the response buffer
and commits the response. If the response
+ * buffer is cleared, it will be replaced with a short hypertext note as
per RFC 9110.
+ *
+ * This method has no effect if called from an include.
+ *
+ * @param locationthe redirect location URL (may be absolute or
relative)
+ * @param clearBuffer if {@code true}, clear the buffer and replace it
with the data set by this method otherwise
+ *retain the existing buffer
+ *
+ * @exception IOException If an input or output exception
occurs
+ * @exception IllegalArgumentException If a relative URL is given and
cannot be converted into an absolute URL
+ * @exception IllegalStateExceptionIf the response was already
committed when this method was called
+ *
+ * @see #sendRedirect(String, int, boolean)
+ */
+default void sendRedirect(String location, boolean clearBuffer) throws
IOException {
+sendRedirect(location, SC_FOUND, clearBuffer);
+}
+
+/**
+ * Sends a redirect response to the client using the specified redirect
location URL and status code, clears the
+ * response buffer and commits the response. The response buffer will be
replaced with a short hypertext note as per
+ * RFC 9110.
+ *
+ * This method has no effect if called from an include.
+ *
+ * @param location the redirect location URL (may be absolute or relative)
+ * @param sc the status code to use for the redirect
+ *
+ * @exception IOException If an input or output exception
occurs
+ * @exception IllegalArgumentException If a relative URL is given and
cannot be converted into an absolute URL
+ * @exception IllegalStateExceptionIf the response was already
committed when this method was called
+ *
+ * @see #sendRedirect(String,
