date:20240325

[ANN] Apache Tomcat 10.1.20 Available

2024-03-25 Thread Christopher Schultz


The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.20.

Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the /webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory. This conversion is performed using the Apache Tomcat 
migration tool for Jakarta EE tool which is also available as a separate 
download for off-line use.


Apache Tomcat 10.1.20 is a bugfix and feature release. The notable 
changes compared to 10.1.19 include:


 - Fix regression when reloading TLS configuration and files.

 - When restoring a saved POST request after a successful FORM
   authentication, ensure that neither the URI, the query string no
   the protocol are corrupted when restoring the request body.

 - Align error handling for Writer and OutputStream. Ensure use of
   either once the response has been recycled triggers a
   NullPointerException provided that discardFacades is configured with
   the default value of true.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-10.cgi

Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1916540 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa

2024-03-25 Thread schultz

Author: schultz
Date: Mon Mar 25 22:11:36 2024
New Revision: 1916540

URL: http://svn.apache.org/viewvc?rev=1916540&view=rev
Log:
Update web site to announce 10.1.20.


[This commit notification would consist of 67 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 8.5.100 Available

2024-03-25 Thread Christopher Schultz


The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.100.

*This will likely be the final release of Apache Tomcat 8.5. Please see 
the EOL notice linked at the end of this message.*


Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 8.5.100 is a bugfix and feature release. The notable
changes compared to 8.5.99 include:

 - Fix regression when reloading TLS configuration and files.

 - When restoring a saved POST request after a successful FORM
   authentication, ensure that neither the URI, the query string no
   the protocol are corrupted when restoring the request body.

 - Align error handling for Writer and OutputStream. Ensure use of
   either once the response has been recycled triggers a
   NullPointerException provided that discardFacades is configured with
   the default value of true.

Please refer to the change log for the complete list of changes:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
https://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 7.x and 8.0:
https://tomcat.apache.org/migration.html

Please note that Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 
2024. For more information please visit 
https://tomcat.apache.org/tomcat-85-eol.html


Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1916539 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-8.5-doc/ docs/tomcat-8.5-doc/annotationapi/ docs/tomcat-8.5-doc/annotationapi/javax/annotation/ docs/tomcat-8.5-doc/annotationapi/jav

2024-03-25 Thread schultz

Author: schultz
Date: Mon Mar 25 22:05:05 2024
New Revision: 1916539

URL: http://svn.apache.org/viewvc?rev=1916539&view=rev
Log:
Update web site to include release announcement for 8.5.100.


[This commit notification would consist of 58 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68131 - /dev/tomcat/tomcat-10/v10.1.20/ /release/tomcat/tomcat-10/v10.1.20/

2024-03-25 Thread schultz

Author: schultz
Date: Mon Mar 25 19:51:18 2024
New Revision: 68131

Log:
Promote 10.1.20 release

Added:
release/tomcat/tomcat-10/v10.1.20/
  - copied from r68130, dev/tomcat/tomcat-10/v10.1.20/
Removed:
dev/tomcat/tomcat-10/v10.1.20/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

2024-03-25 Thread Rémy Maucherat

On Mon, Mar 25, 2024 at 6:02 PM Christopher Schultz
 wrote:
>
> Rémy,
>
> On 3/25/24 10:21, Rémy Maucherat wrote:
> > On Mon, Mar 25, 2024 at 2:32 PM Christopher Schultz
> >  wrote:
> >>
> >> Rémy,
> >>
> >> On 3/22/24 11:39, Rémy Maucherat wrote:
> >>> On Fri, Mar 22, 2024 at 2:40 PM  wrote:
> 
>  This is an automated email from the ASF dual-hosted git repository.
> 
>  schultz pushed a commit to branch main
>  in repository https://gitbox.apache.org/repos/asf/tomcat.git
> 
> 
>  The following commit(s) were added to refs/heads/main by this push:
> new 988992ba2e Use server's ClassLoader instead of application's 
>  when loading XMLInputFactory.
>  988992ba2e is described below
> 
>  commit 988992ba2e9a8e2c3db47ac960c2fa6c3fc7a8a4
>  Author: Christopher Schultz 
>  AuthorDate: Fri Mar 22 09:37:08 2024 -0400
> 
>    Use server's ClassLoader instead of application's when loading 
>  XMLInputFactory.
> >>>
> >>> It doesn't work because there's nothing corresponding to the
> >>> XMLInputFactory.class.getName() id. The default newFactory doesn't do
> >>> the same thing at all.
> >>
> >> Ugh, sorry about that. Thanks for fixing it.
> >>
> >> Setting the ContextClassLoader seems like the wrong approach. Isn't
> >> there a ClassLoader parameter to getFactory for a reason?
> >
> > Feel free to revert it if you don't like it.
>
> Well, using the "obvious" solution didn't work, so ...
>
> I didn't realize that the JRE classes would use
> Thread.currentClassLoader for anything. Does this actually achieve the
> goal of preventing an XMLInputFactory leak? I should probably ask the
> reporter...

Yes, it ends up using SecuritySupport.getContextClassLoader(), which
returns either the context CL or the system CL (if null) using a
privileged action wrapper.
That's how it picks up the application class loader.

Rémy

>
> -chris
>
> java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++-
> webapps/docs/changelog.xml| 5 +
> 2 files changed, 7 insertions(+), 1 deletion(-)
> 
>  diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
>  b/java/org/apache/jasper/compiler/EncodingDetector.java
>  index bac9ade2ee..cf3b623104 100644
>  --- a/java/org/apache/jasper/compiler/EncodingDetector.java
>  +++ b/java/org/apache/jasper/compiler/EncodingDetector.java
>  @@ -35,7 +35,8 @@ class EncodingDetector {
> 
> private static final XMLInputFactory XML_INPUT_FACTORY;
> static {
>  -XML_INPUT_FACTORY = XMLInputFactory.newInstance();
>  +XML_INPUT_FACTORY = 
>  XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
>  +EncodingDetector.class.getClassLoader());
> }
> 
> private final String encoding;
>  diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
>  index 341c3a6596..0eca891322 100644
>  --- a/webapps/docs/changelog.xml
>  +++ b/webapps/docs/changelog.xml
>  @@ -179,6 +179,11 @@
> and the web application is deployed as a WAR file rather than 
>  an
> unpacked directory. (markt)
>   
>  +  
>  +Prevent the web application's ClassLoader from being pinned by 
>  the JSP
>  +compiler if an application uses a custom XMLInputFactory. Based 
>  upon a
>  +suggestion from Simon Niederberger. (schultz)
>  +  
> 
>   
>   
> 
> 
>  -
>  To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail: dev-h...@tomcat.apache.org
> 
> >>>
> >>> -
> >>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >>> For additional commands, e-mail: dev-h...@tomcat.apache.org
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: dev-h...@tomcat.apache.org
> >>
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68130 - /dev/tomcat/tomcat-8/v8.5.100/ /release/tomcat/tomcat-8/v8.5.100/

2024-03-25 Thread schultz

Author: schultz
Date: Mon Mar 25 19:49:44 2024
New Revision: 68130

Log:
Promote 8.5.100 release

Added:
release/tomcat/tomcat-8/v8.5.100/
  - copied from r68129, dev/tomcat/tomcat-8/v8.5.100/
Removed:
dev/tomcat/tomcat-8/v8.5.100/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 10.1.20

2024-03-25 Thread Christopher Schultz


All,

Apologies for the delay on closing the vote for this release.

The following votes were cast:

+1: schultz, remm, isapir, markt

Non-binding:

+1: Romain Mannu-Bucau, Dimitris Soumis

There were no other votes, therefore the vote passes.

I will begin the release process shortly.

-chris


The proposed Apache Tomcat 10.1.20 release is now available for
voting.

The notable changes compared to 10.1.19 are:

- Fix regression when reloading TLS configuration and files.

- When restoring a saved POST request after a successful FORM
  authentication, ensure that neither the URI, the query string no
  the protocol are corrupted when restoring the request body.

- Align error handling for Writer and OutputStream. Ensure use of either
  once the response has been recycled triggers a NullPointerException
  provided that discardFacades is configured with the default value of
  true.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be placed 
in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically 
convert them to Jakarta EE and copy them to the webapps directory.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.20/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1486

The tag is:
https://github.com/apache/tomcat/tree/10.1.20
ab4d890c6fa7be3f910370f00fb5c7f10152e21c

The proposed 10.1.20 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.20



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 8.5.100

2024-03-25 Thread Christopher Schultz


All,

Apologies for the delay on closing the vote for this release.

The following votes were cast:

+1: schultz, remm, isapir, markt

Non-binding:

+1: Dimitris Soumis

There were no other votes, therefore the vote passes.

I will begin the release process shortly.

-chris


The proposed Apache Tomcat 8.5.100 release is now available for voting.

The notable changes compared to 8.5.99 are:

- Fix regression when reloading TLS configuration and files.

- When restoring a saved POST request after a successful FORM
  authentication, ensure that neither the URI, the query string no
  the protocol are corrupted when restoring the request body.

- Align error handling for Writer and OutputStream. Ensure use of either
  once the response has been recycled triggers a NullPointerException
  provided that discardFacades is configured with the default value of
  true.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.100/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1487

The tag is:
https://github.com/apache/tomcat/tree/8.5.100/
eddcf278ad919382608ada1898b2c5b63675c6d5

The proposed 8.5.100 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.100 (stable)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 68826] Tomcat fails on startup with signed jar with logging.properties inside

2024-03-25 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=68826

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|NEW |RESOLVED
 OS||All

--- Comment #2 from Mark Thomas  ---
As per the provided information, this is a JDK issue, not a Tomcat issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

2024-03-25 Thread Christopher Schultz


Rémy,

On 3/25/24 10:21, Rémy Maucherat wrote:

On Mon, Mar 25, 2024 at 2:32 PM Christopher Schultz
 wrote:


Rémy,

On 3/22/24 11:39, Rémy Maucherat wrote:

On Fri, Mar 22, 2024 at 2:40 PM  wrote:


This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
   new 988992ba2e Use server's ClassLoader instead of application's when 
loading XMLInputFactory.
988992ba2e is described below

commit 988992ba2e9a8e2c3db47ac960c2fa6c3fc7a8a4
Author: Christopher Schultz 
AuthorDate: Fri Mar 22 09:37:08 2024 -0400

  Use server's ClassLoader instead of application's when loading 
XMLInputFactory.


It doesn't work because there's nothing corresponding to the
XMLInputFactory.class.getName() id. The default newFactory doesn't do
the same thing at all.


Ugh, sorry about that. Thanks for fixing it.

Setting the ContextClassLoader seems like the wrong approach. Isn't
there a ClassLoader parameter to getFactory for a reason?


Feel free to revert it if you don't like it.


Well, using the "obvious" solution didn't work, so ...

I didn't realize that the JRE classes would use 
Thread.currentClassLoader for anything. Does this actually achieve the 
goal of preventing an XMLInputFactory leak? I should probably ask the 
reporter...


-chris


   java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++-
   webapps/docs/changelog.xml| 5 +
   2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index bac9ade2ee..cf3b623104 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,7 +35,8 @@ class EncodingDetector {

   private static final XMLInputFactory XML_INPUT_FACTORY;
   static {
-XML_INPUT_FACTORY = XMLInputFactory.newInstance();
+XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
+EncodingDetector.class.getClassLoader());
   }

   private final String encoding;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 341c3a6596..0eca891322 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -179,6 +179,11 @@
   and the web application is deployed as a WAR file rather than an
   unpacked directory. (markt)
 
+  
+Prevent the web application's ClassLoader from being pinned by the JSP
+compiler if an application uses a custom XMLInputFactory. Based upon a
+suggestion from Simon Niederberger. (schultz)
+  
   
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-tck) 02/03: Use HTTP by default

2024-03-25 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-tck.git

commit 8fa8e1034592fb1ee793c0e07aa98ac3159c4ab2
Author: Mark Thomas 
AuthorDate: Mon Mar 25 16:48:02 2024 +

Use HTTP by default
---
 .../tck/servlet/TomcatServletTckConfiguration.java | 30 +++---
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git 
a/servlet-tck/src/test/java/org/apache/tomcat/tck/servlet/TomcatServletTckConfiguration.java
 
b/servlet-tck/src/test/java/org/apache/tomcat/tck/servlet/TomcatServletTckConfiguration.java
index 19c554f..f682bef 100644
--- 
a/servlet-tck/src/test/java/org/apache/tomcat/tck/servlet/TomcatServletTckConfiguration.java
+++ 
b/servlet-tck/src/test/java/org/apache/tomcat/tck/servlet/TomcatServletTckConfiguration.java
@@ -64,21 +64,7 @@ public class TomcatServletTckConfiguration implements 
LoadableExtension {
 Connector connectorHttp = tomcat.getConnector();
 int localPort;
 
-   if ("http".equals(System.getProperty("arquillian.launch"))) 
{
-   // HTTP used for all tests apart from CLIENT-CERT
-
-   // Add trailer headers used in TCK to allow list
-   connectorHttp.setProperty("allowedTrailerHeaders", 
"myTrailer,myTrailer2");
-   localPort = connectorHttp.getLocalPort();
-
-   // Add expected users
-   tomcat.addUser("j2ee", "j2ee");
-   tomcat.addRole("j2ee", "Administrator");
-   tomcat.addRole("j2ee", "Employee");
-   tomcat.addUser("javajoe", "javajoe");
-   tomcat.addRole("javajoe", "VP");
-   tomcat.addRole("javajoe", "Manager");
-   } else {
+   if 
("https".equals(System.getProperty("arquillian.launch"))) {
// Need to enabled HTTPS - only used for client-cert 
tests
Connector connectorHttps = new Connector();
connectorHttps.setPort(0);
@@ -127,6 +113,20 @@ public class TomcatServletTckConfiguration implements 
LoadableExtension {
// Create the user
tomcat.addUser("CN=CTS, OU=Java Software, O=Sun 
Microsystems Inc., L=Burlington, ST=MA, C=US", "must-be-non-null");
tomcat.addRole("CN=CTS, OU=Java Software, O=Sun 
Microsystems Inc., L=Burlington, ST=MA, C=US", "Administrator");
+   } else {
+   // HTTP used for all tests apart from CLIENT-CERT
+
+   // Add trailer headers used in TCK to allow list
+   connectorHttp.setProperty("allowedTrailerHeaders", 
"myTrailer,myTrailer2");
+   localPort = connectorHttp.getLocalPort();
+
+   // Add expected users
+   tomcat.addUser("j2ee", "j2ee");
+   tomcat.addRole("j2ee", "Administrator");
+   tomcat.addRole("j2ee", "Employee");
+   tomcat.addUser("javajoe", "javajoe");
+   tomcat.addRole("javajoe", "VP");
+   tomcat.addRole("javajoe", "Manager");
}
 
 // Update Arquillian configuration with port being used by 
Tomcat


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-tck) 03/03: Update WebSocket for recent changes including addition of signature test

2024-03-25 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-tck.git

commit 59e9c2aea93e23c058d160e9efb83f2afe1cc8a0
Author: Mark Thomas 
AuthorDate: Mon Mar 25 16:48:40 2024 +

Update WebSocket for recent changes including addition of signature test
---
 README.md  |   3 +
 pom.xml|   4 +-
 websocket-tck/pom.xml  |  69 ++---
 .../websocket/TomcatWebSocketTckConfiguration.java |  60 +-
 websocket-tck/src/test/resources/arquillian.xml|  16 +
 websocket-tck/src/test/resources/ca.jks| Bin 0 -> 1766 bytes
 websocket-tck/src/test/resources/localhost-rsa.jks | Bin 0 -> 4403 bytes
 7 files changed, 138 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index fae4622..afd14f6 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,9 @@ At the moment, you will need to build the TCK locally (see 
below).
 
cd $TCK/signaturetest
mvn install
+
+   cd $TCK/user_guides
+   mvn install
 ```
 
 6. Install the TCKs Tomcat tests against
diff --git a/pom.xml b/pom.xml
index 9c89f62..0613af1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,10 +38,10 @@
 6.0.0
 6.1.0-SNAPSHOT
 4.0.0
-10.0.0-SNAPSHOT
+2.2.0
 
 
-10.0.0-SNAPSHOT
+11.0.0-SNAPSHOT
 1.8.0.Final
 1.2.0.Final
 5.9.1
diff --git a/websocket-tck/pom.xml b/websocket-tck/pom.xml
index 8a180fe..9d28894 100644
--- a/websocket-tck/pom.xml
+++ b/websocket-tck/pom.xml
@@ -31,7 +31,7 @@
 
 
 jakarta.tck
-websocket-tck
+websocket-tck-dist
 ${tck.websocket.version}
 
 
@@ -39,6 +39,10 @@
 jakarta.websocket
 jakarta.websocket-client-api
   
+  
+jakarta.websocket
+jakarta.websocket-client-api
+  
 
 
 
@@ -84,6 +88,11 @@
 arquillian-junit5-core
 ${arquillian.version}
 
+
+jakarta.tck
+sigtest-maven-plugin
+2.1
+
 
 
 
@@ -94,30 +103,72 @@
 ${failsafe.plugin.version}
 
 
+http
 
 integration-test
-verify
 
 
 
-**/platform/**
+**/cdi/**
+**/authenticatedssl/**
 
-
jakarta.tck:websocket-tck
+
+
jakarta.tck:websocket-tck-spec-tests
+
jakarta.tck:websocket-tck-platform-tests
+
+20
+false
+
+http
+5
+websockettck
+true
+j2ee
+j2ee
+
com.sun.ts.tests.websocket.lib.implementation.sun.common.SunRIURL
+
0
+
${settings.localRepository}/org/apache/tomcat/tomcat-websocket-api/${tomcat.version}/tomcat-websocket-api-${tomcat.version}.jar:${settings.localRepository}/org/apache/tomcat/tomcat-websocket-client-api/${tomcat.version}/tomcat-websocket-client-api-${tomcat.version}.jar:${env.JAVA_HOME}/jmods/java.base
+
+
target/failsafe-reports/failsafe-summary-http.xml
+
+
+
+https
+
+integration-test
+
+
+
+**/authenticatedssl/**
+
+
+
jakarta.tck:websocket-tck-spec-tests
+
jakarta.tck:websocket-tck-platform-tests
+
 false
 
-localhost
-8080
-
8443
+https
 5
 websockettck
 true
 j2ee
 j

(tomcat-tck) branch main updated (f9e6fd9 -> 59e9c2a)

2024-03-25 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-tck.git


from f9e6fd9  Get SSL tests passing
 new 70fcf0a  Add required setting for signature test
 new 8fa8e10  Use HTTP by default
 new 59e9c2a  Update WebSocket for recent changes including addition of 
signature test

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 README.md  |   3 +
 pom.xml|   4 +-
 servlet-tck/pom.xml|   1 +
 .../tck/servlet/TomcatServletTckConfiguration.java |  30 -
 websocket-tck/pom.xml  |  69 ++---
 .../websocket/TomcatWebSocketTckConfiguration.java |  60 +-
 .../src/test/resources/arquillian.xml  |   0
 .../src/test/resources/ca.jks  | Bin
 .../src/test/resources/localhost-rsa.jks   | Bin
 9 files changed, 138 insertions(+), 29 deletions(-)
 copy {servlet-tck => websocket-tck}/src/test/resources/arquillian.xml (100%)
 copy {servlet-tck => websocket-tck}/src/test/resources/ca.jks (100%)
 copy {servlet-tck => websocket-tck}/src/test/resources/localhost-rsa.jks (100%)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-tck) 01/03: Add required setting for signature test

2024-03-25 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-tck.git

commit 70fcf0a8e2e9d02a16cba6b492f67a5168fbd44c
Author: Mark Thomas 
AuthorDate: Mon Mar 25 16:47:25 2024 +

Add required setting for signature test
---
 servlet-tck/pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/servlet-tck/pom.xml b/servlet-tck/pom.xml
index f47abf9..2f4d2a7 100644
--- a/servlet-tck/pom.xml
+++ b/servlet-tck/pom.xml
@@ -115,6 +115,7 @@
 true
 
false
 http
+
${settings.localRepository}/org/apache/tomcat/tomcat-servlet-api/${tomcat.version}/tomcat-servlet-api-${tomcat.version}.jar:${env.JAVA_HOME}/jmods/java.base
 
 
target/failsafe-reports/failsafe-summary-http.xml
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

2024-03-25 Thread Rémy Maucherat

On Mon, Mar 25, 2024 at 2:32 PM Christopher Schultz
 wrote:
>
> Rémy,
>
> On 3/22/24 11:39, Rémy Maucherat wrote:
> > On Fri, Mar 22, 2024 at 2:40 PM  wrote:
> >>
> >> This is an automated email from the ASF dual-hosted git repository.
> >>
> >> schultz pushed a commit to branch main
> >> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >>
> >>
> >> The following commit(s) were added to refs/heads/main by this push:
> >>   new 988992ba2e Use server's ClassLoader instead of application's 
> >> when loading XMLInputFactory.
> >> 988992ba2e is described below
> >>
> >> commit 988992ba2e9a8e2c3db47ac960c2fa6c3fc7a8a4
> >> Author: Christopher Schultz 
> >> AuthorDate: Fri Mar 22 09:37:08 2024 -0400
> >>
> >>  Use server's ClassLoader instead of application's when loading 
> >> XMLInputFactory.
> >
> > It doesn't work because there's nothing corresponding to the
> > XMLInputFactory.class.getName() id. The default newFactory doesn't do
> > the same thing at all.
>
> Ugh, sorry about that. Thanks for fixing it.
>
> Setting the ContextClassLoader seems like the wrong approach. Isn't
> there a ClassLoader parameter to getFactory for a reason?

Feel free to revert it if you don't like it.

Rémy

> -chris
>
> >
> > Rémy
> >
> >> ---
> >>   java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++-
> >>   webapps/docs/changelog.xml| 5 +
> >>   2 files changed, 7 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
> >> b/java/org/apache/jasper/compiler/EncodingDetector.java
> >> index bac9ade2ee..cf3b623104 100644
> >> --- a/java/org/apache/jasper/compiler/EncodingDetector.java
> >> +++ b/java/org/apache/jasper/compiler/EncodingDetector.java
> >> @@ -35,7 +35,8 @@ class EncodingDetector {
> >>
> >>   private static final XMLInputFactory XML_INPUT_FACTORY;
> >>   static {
> >> -XML_INPUT_FACTORY = XMLInputFactory.newInstance();
> >> +XML_INPUT_FACTORY = 
> >> XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
> >> +EncodingDetector.class.getClassLoader());
> >>   }
> >>
> >>   private final String encoding;
> >> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
> >> index 341c3a6596..0eca891322 100644
> >> --- a/webapps/docs/changelog.xml
> >> +++ b/webapps/docs/changelog.xml
> >> @@ -179,6 +179,11 @@
> >>   and the web application is deployed as a WAR file rather than an
> >>   unpacked directory. (markt)
> >> 
> >> +  
> >> +Prevent the web application's ClassLoader from being pinned by 
> >> the JSP
> >> +compiler if an application uses a custom XMLInputFactory. Based 
> >> upon a
> >> +suggestion from Simon Niederberger. (schultz)
> >> +  
> >>   
> >> 
> >> 
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: dev-h...@tomcat.apache.org
> >>
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

2024-03-25 Thread Christopher Schultz


Rémy,

On 3/22/24 11:39, Rémy Maucherat wrote:

On Fri, Mar 22, 2024 at 2:40 PM  wrote:


This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 988992ba2e Use server's ClassLoader instead of application's when 
loading XMLInputFactory.
988992ba2e is described below

commit 988992ba2e9a8e2c3db47ac960c2fa6c3fc7a8a4
Author: Christopher Schultz 
AuthorDate: Fri Mar 22 09:37:08 2024 -0400

 Use server's ClassLoader instead of application's when loading 
XMLInputFactory.


It doesn't work because there's nothing corresponding to the
XMLInputFactory.class.getName() id. The default newFactory doesn't do
the same thing at all.


Ugh, sorry about that. Thanks for fixing it.

Setting the ContextClassLoader seems like the wrong approach. Isn't 
there a ClassLoader parameter to getFactory for a reason?


-chris



Rémy


---
  java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++-
  webapps/docs/changelog.xml| 5 +
  2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index bac9ade2ee..cf3b623104 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,7 +35,8 @@ class EncodingDetector {

  private static final XMLInputFactory XML_INPUT_FACTORY;
  static {
-XML_INPUT_FACTORY = XMLInputFactory.newInstance();
+XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
+EncodingDetector.class.getClassLoader());
  }

  private final String encoding;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 341c3a6596..0eca891322 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -179,6 +179,11 @@
  and the web application is deployed as a WAR file rather than an
  unpacked directory. (markt)

+  
+Prevent the web application's ClassLoader from being pinned by the JSP
+compiler if an application uses a custom XMLInputFactory. Based upon a
+suggestion from Simon Niederberger. (schultz)
+  
  




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: HTTP / 3 protocol updates

2024-03-25 Thread Christopher Schultz


Koti,

On 3/24/24 11:30, Koteswararao Gundapaneni wrote:

When can I expect the update on the HTTP/3 protocol implementation?


HTTP/3

RFC 9114  (June 2022) -
HTTP/3

Not yet implemented by Apache Tomcat. (As of July 2022)


Why pick "July 2022" as an arbitrary date to be not-implemented-as-of 
instead of, say, TODAY?



https://datatracker.ietf.org/doc/html/rfc9114#section-1.1-2


(This reference doesn't seem relevant.)

h3 is not currently a priority for the Apache Tomcat team, for several 
reasons:


1. Tomcat is very often used behind a reverse proxy, where persistent 
HTTP or h2 connections can be used to "solve" the 
connection-establishment "problem".


2. Java does not currently provide an implementation of h3. This means 
we either have to wait for Java to provide such an implementation or 
look to outside libraries such as Quiche. One of the goals of Tomcat is 
to have as few dependencies as possible, so using Quiche, etc. would be 
contrary to those goals.


3. OpenSSL currently does provide an implementation of h3 but it is very 
different than both the current implementation of TLS and also anything 
offered by Java (which does not yet exist).


This is a project run by a small group of volunteers, not a large 
company with many resources. We all have "day jobs" where we spend most 
of our time.


You've been making inquiries about becoming a committer on the project. 
One way to score a lot of points towards that might be to propose a 
working implementation of h3 that can be added to a currently-supported 
version of Tomcat. I would encourage you to work exclusively on the 11.x 
branch, as that is where most new functionality is added before being 
back-ported to the other stable branches.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Set context CL before calling XMLInputFactory.newFactory

2024-03-25 Thread Rémy Maucherat

On Mon, Mar 25, 2024 at 2:09 PM Christopher Schultz
 wrote:
>
> Rémy,
>
> On 3/25/24 05:45, r...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > remm pushed a commit to branch main
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/main by this push:
> >   new 510c71b009 Set context CL before calling 
> > XMLInputFactory.newFactory
> > 510c71b009 is described below
> >
> > commit 510c71b009085f94122bc18501d1981322846540
> > Author: remm 
> > AuthorDate: Mon Mar 25 10:45:28 2024 +0100
> >
> >  Set context CL before calling XMLInputFactory.newFactory
> >
> >  Passing the CL to XMLInputFactory.newFactory does not work because it
> >  needs an id (basically the concrete class to load).
> >  Try the context CL instead.
> >  The class is preloaded for previous Tomcat versions so it shouldn't be 
> > a
> >  security manager issue.
>
> Ugh, sorry about that. Thanks for fixing it.
>
> Setting the ContextClassLoader seems like the wrong approach. Isn't
> there a ClassLoader parameter to newFactory for a reason?

Yes, but there's no way to use the default factory (which is
"com.sun.xml.internal.stream.XMLInputFactoryImpl") with that call
which allows specifying the classloader. Setting null for the factory
doesn't work, same as the interface name. I read the JVM code, but I
could not find a way to make it work.
It seems the user gave you some advice but without testing it ;)

Rémy

> -chris
>
> > ---
> >   java/org/apache/jasper/compiler/EncodingDetector.java | 11 +--
> >   1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
> > b/java/org/apache/jasper/compiler/EncodingDetector.java
> > index cf3b623104..fb7795ca16 100644
> > --- a/java/org/apache/jasper/compiler/EncodingDetector.java
> > +++ b/java/org/apache/jasper/compiler/EncodingDetector.java
> > @@ -35,8 +35,15 @@ class EncodingDetector {
> >
> >   private static final XMLInputFactory XML_INPUT_FACTORY;
> >   static {
> > -XML_INPUT_FACTORY = 
> > XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
> > -EncodingDetector.class.getClassLoader());
> > +ClassLoader oldCl = Thread.currentThread().getContextClassLoader();
> > +try {
> > +
> > Thread.currentThread().setContextClassLoader(EncodingDetector.class.getClassLoader());
> > +XML_INPUT_FACTORY = XMLInputFactory.newFactory();
> > +} finally {
> > +if (oldCl != null) {
> > +Thread.currentThread().setContextClassLoader(oldCl);
> > +}
> > +}
> >   }
> >
> >   private final String encoding;
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Set context CL before calling XMLInputFactory.newFactory

2024-03-25 Thread Christopher Schultz


Rémy,

On 3/25/24 05:45, r...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 510c71b009 Set context CL before calling XMLInputFactory.newFactory
510c71b009 is described below

commit 510c71b009085f94122bc18501d1981322846540
Author: remm 
AuthorDate: Mon Mar 25 10:45:28 2024 +0100

 Set context CL before calling XMLInputFactory.newFactory
 
 Passing the CL to XMLInputFactory.newFactory does not work because it

 needs an id (basically the concrete class to load).
 Try the context CL instead.
 The class is preloaded for previous Tomcat versions so it shouldn't be a
 security manager issue.


Ugh, sorry about that. Thanks for fixing it.

Setting the ContextClassLoader seems like the wrong approach. Isn't 
there a ClassLoader parameter to newFactory for a reason?


-chris


---
  java/org/apache/jasper/compiler/EncodingDetector.java | 11 +--
  1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index cf3b623104..fb7795ca16 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,8 +35,15 @@ class EncodingDetector {
  
  private static final XMLInputFactory XML_INPUT_FACTORY;

  static {
-XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
-EncodingDetector.class.getClassLoader());
+ClassLoader oldCl = Thread.currentThread().getContextClassLoader();
+try {
+
Thread.currentThread().setContextClassLoader(EncodingDetector.class.getClassLoader());
+XML_INPUT_FACTORY = XMLInputFactory.newFactory();
+} finally {
+if (oldCl != null) {
+Thread.currentThread().setContextClassLoader(oldCl);
+}
+}
  }
  
  private final String encoding;



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-9.0.x

2024-03-25 Thread buildbot

Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/37/builds/899
Blamelist: Christopher Schultz , remm 

Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 9.0.x] 3b8f277a7ffc1193ed6c6d4fff85db6dc7327e39


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-10.1.x

2024-03-25 Thread buildbot

Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/44/builds/1191
Blamelist: Christopher Schultz , remm 

Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 10.1.x] 9f4a88697b717fcf783596938da005df0899e2fe


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-11.0.x

2024-03-25 Thread buildbot

Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/994
Blamelist: Christopher Schultz , remm 

Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch main] 510c71b009085f94122bc18501d1981322846540


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  shell_6: 0

  compile: 1

  shell_7: 0

  shell_8: 0

  shell_9: 0

  shell_10: 0

  Rsync docs to nightlies.apache.org: 0

  shell_11: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_12: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Set context CL before calling XMLInputFactory.newFactory

2024-03-25 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 3b8f277a7f Set context CL before calling XMLInputFactory.newFactory
3b8f277a7f is described below

commit 3b8f277a7ffc1193ed6c6d4fff85db6dc7327e39
Author: remm 
AuthorDate: Mon Mar 25 10:45:28 2024 +0100

Set context CL before calling XMLInputFactory.newFactory

Passing the CL to XMLInputFactory.newFactory does not work because it
needs an id (basically the concrete class to load).
Try the context CL instead.
The class is preloaded for previous Tomcat versions so it shouldn't be a
security manager issue.
---
 java/org/apache/jasper/compiler/EncodingDetector.java | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index cf3b623104..fb7795ca16 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,8 +35,15 @@ class EncodingDetector {
 
 private static final XMLInputFactory XML_INPUT_FACTORY;
 static {
-XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
-EncodingDetector.class.getClassLoader());
+ClassLoader oldCl = Thread.currentThread().getContextClassLoader();
+try {
+
Thread.currentThread().setContextClassLoader(EncodingDetector.class.getClassLoader());
+XML_INPUT_FACTORY = XMLInputFactory.newFactory();
+} finally {
+if (oldCl != null) {
+Thread.currentThread().setContextClassLoader(oldCl);
+}
+}
 }
 
 private final String encoding;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Set context CL before calling XMLInputFactory.newFactory

2024-03-25 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 9f4a88697b Set context CL before calling XMLInputFactory.newFactory
9f4a88697b is described below

commit 9f4a88697b717fcf783596938da005df0899e2fe
Author: remm 
AuthorDate: Mon Mar 25 10:45:28 2024 +0100

Set context CL before calling XMLInputFactory.newFactory

Passing the CL to XMLInputFactory.newFactory does not work because it
needs an id (basically the concrete class to load).
Try the context CL instead.
The class is preloaded for previous Tomcat versions so it shouldn't be a
security manager issue.
---
 java/org/apache/jasper/compiler/EncodingDetector.java | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index cf3b623104..fb7795ca16 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,8 +35,15 @@ class EncodingDetector {
 
 private static final XMLInputFactory XML_INPUT_FACTORY;
 static {
-XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
-EncodingDetector.class.getClassLoader());
+ClassLoader oldCl = Thread.currentThread().getContextClassLoader();
+try {
+
Thread.currentThread().setContextClassLoader(EncodingDetector.class.getClassLoader());
+XML_INPUT_FACTORY = XMLInputFactory.newFactory();
+} finally {
+if (oldCl != null) {
+Thread.currentThread().setContextClassLoader(oldCl);
+}
+}
 }
 
 private final String encoding;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Set context CL before calling XMLInputFactory.newFactory

2024-03-25 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 510c71b009 Set context CL before calling XMLInputFactory.newFactory
510c71b009 is described below

commit 510c71b009085f94122bc18501d1981322846540
Author: remm 
AuthorDate: Mon Mar 25 10:45:28 2024 +0100

Set context CL before calling XMLInputFactory.newFactory

Passing the CL to XMLInputFactory.newFactory does not work because it
needs an id (basically the concrete class to load).
Try the context CL instead.
The class is preloaded for previous Tomcat versions so it shouldn't be a
security manager issue.
---
 java/org/apache/jasper/compiler/EncodingDetector.java | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index cf3b623104..fb7795ca16 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,8 +35,15 @@ class EncodingDetector {
 
 private static final XMLInputFactory XML_INPUT_FACTORY;
 static {
-XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
-EncodingDetector.class.getClassLoader());
+ClassLoader oldCl = Thread.currentThread().getContextClassLoader();
+try {
+
Thread.currentThread().setContextClassLoader(EncodingDetector.class.getClassLoader());
+XML_INPUT_FACTORY = XMLInputFactory.newFactory();
+} finally {
+if (oldCl != null) {
+Thread.currentThread().setContextClassLoader(oldCl);
+}
+}
 }
 
 private final String encoding;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 10.1.20 Available

svn commit: r1916540 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa

[ANN] Apache Tomcat 8.5.100 Available

svn commit: r1916539 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-8.5-doc/ docs/tomcat-8.5-doc/annotationapi/ docs/tomcat-8.5-doc/annotationapi/javax/annotation/ docs/tomcat-8.5-doc/annotationapi/jav

svn commit: r68131 - /dev/tomcat/tomcat-10/v10.1.20/ /release/tomcat/tomcat-10/v10.1.20/

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

svn commit: r68130 - /dev/tomcat/tomcat-8/v8.5.100/ /release/tomcat/tomcat-8/v8.5.100/

[VOTE][RESULT] Release Apache Tomcat 10.1.20

[VOTE][RESULT] Release Apache Tomcat 8.5.100

[Bug 68826] Tomcat fails on startup with signed jar with logging.properties inside

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

(tomcat-tck) 02/03: Use HTTP by default

(tomcat-tck) 03/03: Update WebSocket for recent changes including addition of signature test

(tomcat-tck) branch main updated (f9e6fd9 -> 59e9c2a)

(tomcat-tck) 01/03: Add required setting for signature test

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

Re: (tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

Re: HTTP / 3 protocol updates

Re: (tomcat) branch main updated: Set context CL before calling XMLInputFactory.newFactory

Re: (tomcat) branch main updated: Set context CL before calling XMLInputFactory.newFactory

Buildbot success in on tomcat-9.0.x

Buildbot success in on tomcat-10.1.x

Buildbot success in on tomcat-11.0.x

(tomcat) branch 9.0.x updated: Set context CL before calling XMLInputFactory.newFactory

(tomcat) branch 10.1.x updated: Set context CL before calling XMLInputFactory.newFactory

(tomcat) branch main updated: Set context CL before calling XMLInputFactory.newFactory

26 matches

Site Navigation

Mail list logo

Footer information