Re: [PR] Merged two loops into one to simplify the logic [tomcat]
markt-asf commented on PR #739: URL: https://github.com/apache/tomcat/pull/739#issuecomment-2211679939 This won't be merged for the reason Chuck explained. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Merged two loops into one to simplify the logic [tomcat]
markt-asf closed pull request #739: Merged two loops into one to simplify the logic URL: https://github.com/apache/tomcat/pull/739 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] New committer: Dimitris Soumis
Congrats Dimitris! Welcome to the team! Igal On Fri, Jul 5, 2024, 13:25 Mark Thomas wrote: > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. > > Please join me in congratulating Dimitris. > > Kind regards, > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: Reduce default for maxParameterCount
пт, 5 июл. 2024 г. в 23:40, Christopher Schultz : > > Mark, > > On 7/2/24 06:33, Mark Thomas wrote: > > [...] > > I would support a move to throw an unchecked exception from > getParameter* in older versions of Tomcat in order to produce a hard-fail. > > But I'm somewhat more bullish about this kind of thing. The good news is > that anyone disturbed by this will already have an application bug they > didn't know they had... which is the whole point of making it a hard-fail. > > Hmm. Existing applications using FailedRequestFilter, though... > > On application startup, we could check to see if the FailedRequestFilter > has been installed at all and, if not, configure to hard-fail. WDYT? It is solvable by simply adding a try/catch (for this exception) around the getParameters call in the FailedRequestFilter. The expected use of the filter is that it is placed "in front" of the app, so the result is that it is the one who triggers parameter parsing. Thus if parsing results in an exception - just catch it and go on. :) Best regards, K.Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Merged two loops into one to simplify the logic [tomcat]
n828cl commented on PR #739: URL: https://github.com/apache/tomcat/pull/739#issuecomment-2211492415 The proposed change would violate the servlet spec, which requires that filters matching URL patterns must precede those matching servlet names, even when using the same filter for both. See section 6.2.4 of the current spec: https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] New committer: Dimitris Soumis
Congratulations!!! From: Jonathan S. Fisher Sent: Friday, July 5, 2024 6:00:30 PM To: Tomcat Users List Cc: Tomcat Developers List Subject: Re: [ANN] New committer: Dimitris Soumis Many new committers lately, congrats to everyone! On Fri, Jul 5, 2024 at 2: 25 PM Mark Thomas wrote: > > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been Many new committers lately, congrats to everyone! On Fri, Jul 5, 2024 at 2:25 PM Mark Thomas wrote: > > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. > > Please join me in congratulating Dimitris. > > Kind regards, > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- Jonathan | exabr...@gmail.com Pessimists, see a jar as half empty. Optimists, in contrast, see it as half full. Engineers, of course, understand the glass is twice as big as it needs to be. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] New committer: Dimitris Soumis
Many new committers lately, congrats to everyone! On Fri, Jul 5, 2024 at 2:25 PM Mark Thomas wrote: > > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. > > Please join me in congratulating Dimitris. > > Kind regards, > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- Jonathan | exabr...@gmail.com Pessimists, see a jar as half empty. Optimists, in contrast, see it as half full. Engineers, of course, understand the glass is twice as big as it needs to be. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] Merged two loops into one to simplify the logic [tomcat]
lee-jeong-geun opened a new pull request, #739: URL: https://github.com/apache/tomcat/pull/739 Hello. Reduced the filter addition logic in createFilterChain to a single loop. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] New committer: Dimitris Soumis
On Fri, Jul 5, 2024 at 3:24 PM Mark Thomas wrote: > > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. > > Please join me in congratulating Dimitris. > > Kind regards, > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > Congrats!!! - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] New committer: Dimitris Soumis
Dimitris, On 7/5/24 15:24, Mark Thomas wrote: On behalf of the Tomcat committers I am delighted to announce that Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. Please join me in congratulating Dimitris. Welcome! It was nice meeting you briefly in Bratislava. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat-native) branch main updated: Fix broken XML
Mark, On 7/5/24 07:45, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new a4c6e182b Fix broken XML a4c6e182b is described below commit a4c6e182be11ac2e9bbf7e9a0f3ab25331fc03aa Author: Mark Thomas AuthorDate: Fri Jul 5 12:45:11 2024 +0100 Fix broken XML :( Sorry about that. -chris --- xdocs/miscellaneous/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 59ec98a58..7f5cd92b4 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -47,6 +47,7 @@ Ensure local reference capacity is available when creating new arrays and Strings. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: OpenSSL alternatives using FFM
Rémy, On 7/4/24 09:15, Rémy Maucherat wrote: As an experiment, I tested with LibreSSL and BoringSSL on LInux using the FFM code. Both did not need too many API changes to start working, so I committed the changes to "add support" for them. \o/ I'm very happy that you have had the inclination to make this work. While OpenSSL is everywhere, many OSs are opting to provide "compatible" clones such as LibreSSL and BoringSSL and the fact is that they aren't 100% compatible. I'd really like to support them because that means supporting Good Crypto in as many places as are possible. (I'd like to see some updated performance numbers from Jean-Frederic on "Pure Java" TLS versus OpenSSL-based TLS. When we talked about it years ago it looked like there was a bug in Java preventing it from using hardware crypto to Java performed terribly in comparison. And of course used much more resources (e.g. power). LibreSSL: - I cannot get it to renegotiate anything. The client always gets a "no_renegotiation" alert. - Seems relatively complete. - I tested with Linux and 3.9. - Testing is easy on GitHub. Out of the box with macos-latest using LibreSSL 3.3. Verified it does the same as my 3.9. Maybe LibreSSL refuses to renegotiate? BoringSSL: - Only TLS 1.3 "renegotiation" seems to work (TestClientCertTls13). This could be seen as acceptable. - It seems very bare bones, all the stuff for supporting exotic certs seems to be gone. So basically you need a standard certificate doing TLS 1.3 and that's all it does, but it then just works. - When it doesn't like something, the client gets a connection close (no alert, no nothing; I guess sending alerts is less efficient ;) ). - Testing is far more problematic. The project is quite "original" in that it does not do releases. Funny (not ...). I think the above (except maybe lack of alerts) is all intentional. BoringSSL is intended to support "What people should be using today" and so it lacks all those decades of old code to support things nobody should be using anymore. I thought it supported TLSv1.2 though... I don't have much experience with these so maybe I'm doing something wrong. For both, the basics (TestSsl) and quite a bit more work, but not everything. BoringSSL inspires more confidence in what it does and how it does it than the other one, but not having releases is obviously a deal breaker ... So I'm not very impressed. Given the amount of work it still seems "ok", but that's about it, OpenSSL is by far the best choice for Tomcat without even factoring in possible quic support in the future. I think michael-o has done some more elaborate testing with LibreSSL. He might be willing to enable FFM and put it through its paces a little more than you have had time for so far. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Reduce default for maxParameterCount
Mark, On 7/2/24 06:33, Mark Thomas wrote: On 01/07/2024 07:17, Michael Osipov wrote: On 2024/06/27 17:13:56 Christopher Schultz wrote: Michael, On 6/27/24 08:46, Michael Osipov wrote: On 2023/03/09 14:23:33 Christopher Schultz wrote: A potential use-case for "large numbers of parameters" might be an application that uses something like a multi-select list and the number of choices is stupendously high. As in, when the application was designed, the designers said "we can use a multi-select list for this postal-code selector" and then 5-10 years later, someone said "hey let's dump all postal codes in the entire US into this multi-select" and there you have thousands of possibilities which the browser will happily package-off to the server. FTR, guess what? We have been hit by this. Nostradamus. Spot on. We have an HTML form for the user where he sees a diff between a src and dest. Technical values, can be thousands. The selected value ids are POSTed. Users have been complaining that they miss data. I took me some time to remember (actually weeks between report and memory) that I have replicated maxParameterCount="1000" to our server.xml without using FailedRequestFilter. Retrospectively, it should have gone hand in hand with that filter and not without. Rather fail fast than suffer data truncation. I don't think there is really a way for us to push a into all web applications. I mean... there MAY be a way to do it, but it will likely be ugly and we would also have to "move" it if the application defines filters in a specific order including the FailedRequestFilter. The good news is it doesn't do anything weird like trigger request-parsing or try to do anything with character sets or whatever. The real question is whether or not this kind of thing should be handled in a Filter or just handled by Tomcat itself. Why bother waiting for the application to check: just throw an exception and kill the request processing. I have spent the whole Friday to provide data to engineeing that has been truncated. It seems that we have upto 3000 form values submitted. I have bumbed to 5000 now. I would really really expect that Tomcat fails hard with 4xx if the input is invalid and not issue a simple INFO at the log. The huge problem is that the request is seen as 2xx or 3xx in the access log and if you have a lot of requests or forms it will be needle in the haystack to identify which is really the problem. Even worse, if this has not been written by you you can play ping pong with the software vendor. Therefore, I'd like all of us (committers) to reconsider this soft non-failing approach. It is not helpful. If the client provides garbage it should fail immediately. With Tomcat 11.0.x you will get a hard fail. Prior to Tomcat 11 our hands are somewhat tied by the Servlet specification since getParameter() and friends are documented to not throw an exception. We can't change the default behaviour for Tomcat versions before 11 as that runs the risk of breaking existing applications that have been designed for the current behaviour. All we can do is make that hard failure optional and it already is. For a (very) long time we have had the FailedRequestFilter for folks that wanted a hard failure if there was an issue with parameter parsing. Changing the default for maxParameterCount from 10,000 to 1,000 doesn't change this. The documentation for maxParameterCount already documents all of this. I don't see a need for any changes here. I would support a move to throw an unchecked exception from getParameter* in older versions of Tomcat in order to produce a hard-fail. But I'm somewhat more bullish about this kind of thing. The good news is that anyone disturbed by this will already have an application bug they didn't know they had... which is the whole point of making it a hard-fail. Hmm. Existing applications using FailedRequestFilter, though... On application startup, we could check to see if the FailedRequestFilter has been installed at all and, if not, configure to hard-fail. WDYT? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch dependabot/maven/modules/openssl-foreign/org.apache.tomcat-tomcat-coyote-11.0.0-M21 created (now d6127dce77)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/maven/modules/openssl-foreign/org.apache.tomcat-tomcat-coyote-11.0.0-M21 in repository https://gitbox.apache.org/repos/asf/tomcat.git at d6127dce77 Bump org.apache.tomcat:tomcat-coyote in /modules/openssl-foreign No new revisions were added by this update. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] Bump org.apache.tomcat:tomcat-coyote from 11.0.0-M18 to 11.0.0-M21 in /modules/openssl-foreign [tomcat]
dependabot[bot] opened a new pull request, #738: URL: https://github.com/apache/tomcat/pull/738 Bumps org.apache.tomcat:tomcat-coyote from 11.0.0-M18 to 11.0.0-M21. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat:tomcat-coyote&package-manager=maven&previous-version=11.0.0-M18&new-version=11.0.0-M21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/tomcat/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] New committer: Dimitris Soumis
On behalf of the Tomcat committers I am delighted to announce that Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. Please join me in congratulating Dimitris. Kind regards, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70154 - /release/tomcat/tomcat-11/v11.0.0-M21/
Author: markt Date: Fri Jul 5 19:18:47 2024 New Revision: 70154 Log: Drop old version from CDN Removed: release/tomcat/tomcat-11/v11.0.0-M21/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 11.0.0-M22 (beta) available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M22 (beta). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process. Apache Tomcat 11.0.0-M22 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to 11.0.0-M21 include: - Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm.jar that advertises Java 22 in its manifest. - When using include directives in a tag file packaged in a JAR file, ensure that the include directives are processed correctly. - Expand the implementation of the filter value of the Authenticator attribute allowCorsPreflight, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /* Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-11.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-11.cgi Migration guides from Apache Tomcat 9.0.x and 10.1.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add release date for 11.0.0-M22
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new e900685ce2 Add release date for 11.0.0-M22 e900685ce2 is described below commit e900685ce236b8d970232272a2d760309a0813e3 Author: Mark Thomas AuthorDate: Fri Jul 5 20:13:49 2024 +0100 Add release date for 11.0.0-M22 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3f5fcb2949..68a9c6b794 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -126,7 +126,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1918950 - in /tomcat/site/trunk: docs/download-11.html docs/index.html docs/migration-11.0.html docs/oldnews.html docs/whichversion.html xdocs/download-11.xml xdocs/index.xml xdocs/migrat
Author: markt Date: Fri Jul 5 19:13:16 2024 New Revision: 1918950 URL: http://svn.apache.org/viewvc?rev=1918950&view=rev Log: Update site for 11.0.0-M22 (beta) release Modified: tomcat/site/trunk/docs/download-11.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-11.0.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/download-11.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-11.0.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/download-11.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-11.html?rev=1918950&r1=1918949&r2=1918950&view=diff == --- tomcat/site/trunk/docs/download-11.html (original) +++ tomcat/site/trunk/docs/download-11.html Fri Jul 5 19:13:16 2024 @@ -19,7 +19,7 @@ Quick Navigation -[define v]11.0.0-M21[end] +[define v]11.0.0-M22[end] https://downloads.apache.org/tomcat/tomcat-11/KEYS";>KEYS | [v] (beta) | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1918950&r1=1918949&r2=1918950&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri Jul 5 19:13:16 2024 @@ -34,6 +34,39 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2024-07-05 Tomcat 11.0.0-M22 Released + +The Apache Tomcat Project is proud to announce the release of version 11.0.0-M22 +(beta) of Apache Tomcat. This release is a milestone release and is targeted at +Jakarta EE 11. +Users of Tomcat 10 onwards should be aware that, as a result of the move from +Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse +Foundation, the primary package for all implemented APIs has changed from +javax.* to jakarta.*. This will almost certainly +require code changes to enable applications to migrate from Tomcat 9 and earlier +to Tomcat 10 and later. A +https://github.com/apache/tomcat-jakartaee-migration";>migration +tool is available to aid this process. +The notable changes in this release are: + +Move OpenSSL support using FFM to a separate JAR named +tomcat-coyote-ffm.jar that advertises Java 22 in its manifest. +When using include directives in a tag file packaged in a JAR file, +ensure that the include directives are processed correctly. +Expand the implementation of the filter value of the Authenticator +attribute allowCorsPreflight, so that it applies to all requests that +match the configured URL patterns for the CORS filter, rather than +only applying if the CORS filter is mapped to /* + + +Full details of these changes, and all the other changes, are available in the +Tomcat 11 +(beta) changelog. + + + +https://tomcat.apache.org/download-11.cgi";>Download + 2024-06-19 Tomcat 10.1.25 Released The Apache Tomcat Project is proud to announce the release of version 10.1.25 @@ -88,37 +121,6 @@ changelog. https://tomcat.apache.org/download-90.cgi";>Download -2024-06-18 Tomcat 11.0.0-M21 Released - -The Apache Tomcat Project is proud to announce the release of version 11.0.0-M21 -(beta) of Apache Tomcat. This release is a milestone release and is targeted at -Jakarta EE 11. -Users of Tomcat 10 onwards should be aware that, as a result of the move from -Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse -Foundation, the primary package for all implemented APIs has changed from -javax.* to jakarta.*. This will almost certainly -require code changes to enable applications to migrate from Tomcat 9 and earlier -to Tomcat 10 and later. A -https://github.com/apache/tomcat-jakartaee-migration";>migration -tool is available to aid this process. -The notable changes in this release are: - -Ensure that static resources deployed via a JAR file remain accessible -when the context is configured to use a bloom filter. Based on a pull -request provided by bergander. -Add task queue size configuration on the Connector element, similar to the -Executor element, for consistency. -Update to Commons Daemon 1.4.0 - - -Full details of these changes, and all the other changes, are available in the -Tomcat 11 -(beta) changelog. - - - -https://tomcat.apache.org/download-11.cgi";>Download - 2024-02-12 Tomcat Native 1.3.0 Released The Apache Tomcat Project is proud to announce the release of version 1.3.0 of Modified: tomcat/site/trunk/docs/migration-11.0.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-11.0.html?rev=1918950&r1=1918949&r2=1918950&view=diff ==
svn commit: r1918949 - in /tomcat/site/trunk: ./ docs/tomcat-11.0-doc/ docs/tomcat-11.0-doc/annotationapi/ docs/tomcat-11.0-doc/annotationapi/jakarta/annotation/ docs/tomcat-11.0-doc/annotationapi/jak
Author: markt Date: Fri Jul 5 19:06:47 2024 New Revision: 1918949 URL: http://svn.apache.org/viewvc?rev=1918949&view=rev Log: Updates docs for 11.0.0-M22 release [This commit notification would consist of 62 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70150 - /dev/tomcat/tomcat-11/v11.0.0-M22/ /release/tomcat/tomcat-11/v11.0.0-M22/
Author: markt Date: Fri Jul 5 18:33:15 2024 New Revision: 70150 Log: Release Apache Tomcat 11.0.0-M22 Added: release/tomcat/tomcat-11/v11.0.0-M22/ - copied from r70149, dev/tomcat/tomcat-11/v11.0.0-M22/ Removed: dev/tomcat/tomcat-11/v11.0.0-M22/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 11.0.0-M22
The following votes were cast: Binding: +1: remm, markt, jfclere Non-binding: +1: dsoumis No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 68876] serverStartup.pdf missing sources
https://bz.apache.org/bugzilla/show_bug.cgi?id=68876 --- Comment #3 from Mark Thomas --- I've redrawn and updated the first of the six start-up diagrams. I plan to work through the rest over the coming months. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Re-draw first of six sequence diagrams showing how Tomcat starts.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 16b0320db5 Re-draw first of six sequence diagrams showing how Tomcat starts. 16b0320db5 is described below commit 16b0320db55d3c50a9d09d3034a77b358ca633cd Author: Mark Thomas AuthorDate: Fri Jul 5 17:08:41 2024 +0100 Re-draw first of six sequence diagrams showing how Tomcat starts. --- webapps/docs/architecture/startup.xml| 40 --- webapps/docs/architecture/startup/1_overview.png | Bin 0 -> 74703 bytes webapps/docs/architecture/startup/1_overview.vpd | 1 + 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index 3f821b6ce9..5fbcfc57e5 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -44,15 +44,47 @@ different ways to start tomcat, including: -A text description of the startup procedure is available -here. +A text description of the startup +procedure created for Tomcat 5. The updated version of this description for +Tomcat 11 will be included in the updated diagrams and diagram descriptions in +the following section. This text file will be removed when that update is +complete. -A UML sequence diagram of the startup procedure is available -here. +The UML sequence diagram of the startup +procedure created for Tomcat 5 is gradually being replaced with updated diagrams +based on Tomcat 11. The scope of these diagrams may be adjusted as they are +produced. + + +A series of UML diagrams have been created to document the start-up process for +Tomcat. + + +Diagram 1 shows an overview of how Tomcat +start, serves requests and then stops. Once the class loaders have been +initialized, Tomcat parses server.xml using the Digester and the Digester +creates the objects defined in server.xml, configures them using the property +values defined in server.xml and the starts the Server. The main Java thread +waits in the await() method for a shutdown signal. Once a shutdown signal is +received, the Server object is stopped and then destroyed. The JVM then exits. + + +Diagram 2 will show how the Server initialises the Connectors and associated +objects. + + +Diagram 3 will show how the Server initialises the Service(s), Engine(s) and +Host(s). + + +Diagram 4 will show how the Host initialises the Context(s). + + +Diagram 5 will show how the Context initialises the Filters, Servlets etc. diff --git a/webapps/docs/architecture/startup/1_overview.png b/webapps/docs/architecture/startup/1_overview.png new file mode 100644 index 00..2c130168b5 Binary files /dev/null and b/webapps/docs/architecture/startup/1_overview.png differ diff --git a/webapps/docs/architecture/startup/1_overview.vpd b/webapps/docs/architecture/startup/1_overview.vpd new file mode 100644 index 00..083325348d --- /dev/null +++ b/webapps/docs/architecture/startup/1_overview.vpd @@ -0,0 +1 @@ +3cU2FsddGVkX1m8qyJvCmbQ45f5RMzVMYxS+OtBawSwaWtA+PrPB8=s8NGgRx5nMKgY1hQkLc0l2LqiRpcpyinKZfwCUAmEsVcSLNFuH41WXSWmfwnQj2rNkpFe+9indI4MBZ+ZTqmw77I7quY0lY66s5NyEMhYH9u58cKn1lzd6iVlqs1zLuJDgmAF1WnTxq8gGd1K1Pq9VMw2BP+WOPhft772ekgv4xlGJOP9n3X6KEf+mYHbfTXZnJK4coOLJ3jadjmJdm2MtRjTIwtvnUejTmVgB1mCAIcL+EiVJAGHcz9GrNzrXakwzwv/xOsw8oWCtR+vUCra1+DARJzEew55xQb/yJDbYT86T7SSkPncaxectV6UdziYNW/Y50w0Pf4WBdWJbfKenqUbcC2JtnE0bmbxNnqu00Py1/gLYaWkVO7vH3doj4De0GCT/eSU9MNHmnaj2hHOIyg4knr6+w0antzbaB5wgrAjb2KQZy3Wv [...] \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Re-draw first of six sequence diagrams showing how Tomcat starts.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 0b0d64d11c Re-draw first of six sequence diagrams showing how Tomcat starts. 0b0d64d11c is described below commit 0b0d64d11c752d20da7766eb0cea4089f6828550 Author: Mark Thomas AuthorDate: Fri Jul 5 17:08:41 2024 +0100 Re-draw first of six sequence diagrams showing how Tomcat starts. --- webapps/docs/architecture/startup.xml| 40 --- webapps/docs/architecture/startup/1_overview.png | Bin 0 -> 74703 bytes webapps/docs/architecture/startup/1_overview.vpd | 1 + 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index 3f821b6ce9..5fbcfc57e5 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -44,15 +44,47 @@ different ways to start tomcat, including: -A text description of the startup procedure is available -here. +A text description of the startup +procedure created for Tomcat 5. The updated version of this description for +Tomcat 11 will be included in the updated diagrams and diagram descriptions in +the following section. This text file will be removed when that update is +complete. -A UML sequence diagram of the startup procedure is available -here. +The UML sequence diagram of the startup +procedure created for Tomcat 5 is gradually being replaced with updated diagrams +based on Tomcat 11. The scope of these diagrams may be adjusted as they are +produced. + + +A series of UML diagrams have been created to document the start-up process for +Tomcat. + + +Diagram 1 shows an overview of how Tomcat +start, serves requests and then stops. Once the class loaders have been +initialized, Tomcat parses server.xml using the Digester and the Digester +creates the objects defined in server.xml, configures them using the property +values defined in server.xml and the starts the Server. The main Java thread +waits in the await() method for a shutdown signal. Once a shutdown signal is +received, the Server object is stopped and then destroyed. The JVM then exits. + + +Diagram 2 will show how the Server initialises the Connectors and associated +objects. + + +Diagram 3 will show how the Server initialises the Service(s), Engine(s) and +Host(s). + + +Diagram 4 will show how the Host initialises the Context(s). + + +Diagram 5 will show how the Context initialises the Filters, Servlets etc. diff --git a/webapps/docs/architecture/startup/1_overview.png b/webapps/docs/architecture/startup/1_overview.png new file mode 100644 index 00..2c130168b5 Binary files /dev/null and b/webapps/docs/architecture/startup/1_overview.png differ diff --git a/webapps/docs/architecture/startup/1_overview.vpd b/webapps/docs/architecture/startup/1_overview.vpd new file mode 100644 index 00..083325348d --- /dev/null +++ b/webapps/docs/architecture/startup/1_overview.vpd @@ -0,0 +1 @@ +3cU2FsddGVkX1m8qyJvCmbQ45f5RMzVMYxS+OtBawSwaWtA+PrPB8=s8NGgRx5nMKgY1hQkLc0l2LqiRpcpyinKZfwCUAmEsVcSLNFuH41WXSWmfwnQj2rNkpFe+9indI4MBZ+ZTqmw77I7quY0lY66s5NyEMhYH9u58cKn1lzd6iVlqs1zLuJDgmAF1WnTxq8gGd1K1Pq9VMw2BP+WOPhft772ekgv4xlGJOP9n3X6KEf+mYHbfTXZnJK4coOLJ3jadjmJdm2MtRjTIwtvnUejTmVgB1mCAIcL+EiVJAGHcz9GrNzrXakwzwv/xOsw8oWCtR+vUCra1+DARJzEew55xQb/yJDbYT86T7SSkPncaxectV6UdziYNW/Y50w0Pf4WBdWJbfKenqUbcC2JtnE0bmbxNnqu00Py1/gLYaWkVO7vH3doj4De0GCT/eSU9MNHmnaj2hHOIyg4knr6+w0antzbaB5wgrAjb2KQZy3Wv [...] \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add a couple of calls identified when reviewing diagram for backport
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 77175ae889 Add a couple of calls identified when reviewing diagram for backport 77175ae889 is described below commit 77175ae88968607fb92a5276d6e07e0004f00207 Author: Mark Thomas AuthorDate: Fri Jul 5 17:19:30 2024 +0100 Add a couple of calls identified when reviewing diagram for backport --- webapps/docs/architecture/startup/1_overview.png | Bin 72424 -> 74703 bytes webapps/docs/architecture/startup/1_overview.vpd | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/architecture/startup/1_overview.png b/webapps/docs/architecture/startup/1_overview.png index 9c02faaea7..2c130168b5 100644 Binary files a/webapps/docs/architecture/startup/1_overview.png and b/webapps/docs/architecture/startup/1_overview.png differ diff --git a/webapps/docs/architecture/startup/1_overview.vpd b/webapps/docs/architecture/startup/1_overview.vpd index cf61c01611..083325348d 100644 --- a/webapps/docs/architecture/startup/1_overview.vpd +++ b/webapps/docs/architecture/startup/1_overview.vpd @@ -1 +1 @@ -3cU2FsdDGVkX12+DOLPzUrKR9yY8ArIhhl+WwWluyNe7SPvY5m6H4=h8XxGNv5TfmA/+YE/UH8FrCL+u+gLqNirKivHwV16YQPjt/3V/ctjmDPHN845Xf3eywHNpte4Avppwt1nqB9kv69A4WTrivlA1WRo5Ef8imIQ6ESwmp0IXD03OZaC7ScOwBYksM+2Pid+x0u3SiXh6M0wF4rx7j4mRHQtxwGQ9tcIql4zVSrp8H7ObGZBEB/ZtEduIIKh096DKYs3tyAF4Ga+zoeSj02QpmuWe8tqgiPLLRY1t92qqVKPCU/RGmG0Z18pHHrZ0JhuiOqxaGmqZ6MY/1F7HFfMaDZEKWBRKsbo+2Ctf6S3FmS7dX+NJo65eWSLeMs302k2aLuVB3lJuALu91GlQzOAGBodYrUvRzhVIrkSKzpJw8zEEC3JDhLC0Fpn2e10TNgU/JyaYcvyEX49yRaz3yGvw0CU6foYXb3y4OS8u8tSZ [...] \ No newline at end of file +3cU2FsddGVkX1m8qyJvCmbQ45f5RMzVMYxS+OtBawSwaWtA+PrPB8=s8NGgRx5nMKgY1hQkLc0l2LqiRpcpyinKZfwCUAmEsVcSLNFuH41WXSWmfwnQj2rNkpFe+9indI4MBZ+ZTqmw77I7quY0lY66s5NyEMhYH9u58cKn1lzd6iVlqs1zLuJDgmAF1WnTxq8gGd1K1Pq9VMw2BP+WOPhft772ekgv4xlGJOP9n3X6KEf+mYHbfTXZnJK4coOLJ3jadjmJdm2MtRjTIwtvnUejTmVgB1mCAIcL+EiVJAGHcz9GrNzrXakwzwv/xOsw8oWCtR+vUCra1+DARJzEew55xQb/yJDbYT86T7SSkPncaxectV6UdziYNW/Y50w0Pf4WBdWJbfKenqUbcC2JtnE0bmbxNnqu00Py1/gLYaWkVO7vH3doj4De0GCT/eSU9MNHmnaj2hHOIyg4knr6+w0antzbaB5wgrAjb2KQZy3Wv [...] \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Re-draw first of six sequence diagrams showing how Tomcat starts.
On 05/07/2024 17:08, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new e002744d83 Re-draw first of six sequence diagrams showing how Tomcat starts. e002744d83 is described below commit e002744d83d4b0334dcbf7bb5f55e1222e47d4cf Author: Mark Thomas AuthorDate: Fri Jul 5 17:08:41 2024 +0100 Re-draw first of six sequence diagrams showing how Tomcat starts. I've started work on this as the CRA and similar legislation is going to require us to provide some design / architectural / security model documentation. I'm planning on working my way through these diagrams re-drawing them using tools any committer can access - currently the free on-line version of Visual Paradigm. I am also updating the diagrams for the current code base and adding them to the docs as they are completed. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Re-draw first of six sequence diagrams showing how Tomcat starts.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new e002744d83 Re-draw first of six sequence diagrams showing how Tomcat starts. e002744d83 is described below commit e002744d83d4b0334dcbf7bb5f55e1222e47d4cf Author: Mark Thomas AuthorDate: Fri Jul 5 17:08:41 2024 +0100 Re-draw first of six sequence diagrams showing how Tomcat starts. --- webapps/docs/architecture/startup.xml | 40 +- .../docs/architecture/startup/1_catalina_load.svg | 523 - webapps/docs/architecture/startup/1_overview.png | Bin 0 -> 72424 bytes webapps/docs/architecture/startup/1_overview.vpd | 1 + 4 files changed, 37 insertions(+), 527 deletions(-) diff --git a/webapps/docs/architecture/startup.xml b/webapps/docs/architecture/startup.xml index 3f821b6ce9..5fbcfc57e5 100644 --- a/webapps/docs/architecture/startup.xml +++ b/webapps/docs/architecture/startup.xml @@ -44,15 +44,47 @@ different ways to start tomcat, including: -A text description of the startup procedure is available -here. +A text description of the startup +procedure created for Tomcat 5. The updated version of this description for +Tomcat 11 will be included in the updated diagrams and diagram descriptions in +the following section. This text file will be removed when that update is +complete. -A UML sequence diagram of the startup procedure is available -here. +The UML sequence diagram of the startup +procedure created for Tomcat 5 is gradually being replaced with updated diagrams +based on Tomcat 11. The scope of these diagrams may be adjusted as they are +produced. + + +A series of UML diagrams have been created to document the start-up process for +Tomcat. + + +Diagram 1 shows an overview of how Tomcat +start, serves requests and then stops. Once the class loaders have been +initialized, Tomcat parses server.xml using the Digester and the Digester +creates the objects defined in server.xml, configures them using the property +values defined in server.xml and the starts the Server. The main Java thread +waits in the await() method for a shutdown signal. Once a shutdown signal is +received, the Server object is stopped and then destroyed. The JVM then exits. + + +Diagram 2 will show how the Server initialises the Connectors and associated +objects. + + +Diagram 3 will show how the Server initialises the Service(s), Engine(s) and +Host(s). + + +Diagram 4 will show how the Host initialises the Context(s). + + +Diagram 5 will show how the Context initialises the Filters, Servlets etc. diff --git a/webapps/docs/architecture/startup/1_catalina_load.svg b/webapps/docs/architecture/startup/1_catalina_load.svg deleted file mode 100644 index 7e87bcdd82..00 --- a/webapps/docs/architecture/startup/1_catalina_load.svg +++ /dev/null @@ -1,523 +0,0 @@ - -http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd'> -http://www.w3.org/1999/xlink"; color-rendering="auto" color-interpolation="auto" text-rendering="auto" stroke="rgb(0,0,0)" stroke-linecap="square" width="746" stroke-miterlimit="10" shape-rendering="auto" stroke-opacity="0" fill="rgb(0,0,0)" stroke-dasharray="none" font-weight="normal" stroke-width="1" height="720" xmlns="http://www.w3.org/2000/svg"; font-family="'Dialog'" font-style="normal" stroke-linejoin="miter" font-size="12px" stroke-dashoffset="0" [...] ->CatalinaSecurityConfigGlobalResourcesLifecycleListenerServerLifecycleListenerDigesterBootstrapsetPackageAccess()setPackageDefinition()newInstance()newInstance()newInstance()parse()createDigester()load()setParentClassLoader()newInstance()initialize()initNaming()initDirs()initClassLoaders() diff --git a/webapps/docs/architecture/startup/1_overview.png b/webapps/docs/architecture/startup/1_overview.png new file mode 100644 index 00..9c02faaea7 Binary files /dev/null and b/webapps/docs/architecture/startup/1_overview.png differ diff --git a/webapps/docs/architecture/startup/1_overview.vpd b/webapps/docs/architecture/startup/1_overview.vpd new file mode 100644 index 00..cf61c01611 --- /dev/null +++ b/webapps/docs/architecture/startup/1_overview.vpd @@ -0,0 +1 @@ +3cU2FsdDGVkX12+DOLPzUrKR9yY8ArIhhl+WwWluyNe7SPvY5m6H4=h8XxGNv5TfmA/+YE/UH8FrCL+u+gLqNirKivHwV16YQPjt/3V/ctjmDPHN845Xf3eywHNpte4Avppwt1nqB9kv69A4WTrivlA1WRo5Ef8imIQ6ESwmp0IXD03OZaC7ScOwBYksM+2Pid+x0u3SiXh6M0wF4rx7j4mRHQtxwGQ9tcIql4zVSrp8H7ObGZBEB/ZtEduIIKh096DKYs3tyAF4Ga+zoeSj02QpmuWe8tqgiPLLRY1t92qqVKPCU/RGmG0Z18pHHrZ0JhuiOqxaGmqZ6MY/1F7HFfMaDZEKWBRKsbo+2Ctf6S3FmS7dX+NJo65eWSLeMs302k2aLuVB3lJuALu91GlQzOAGBodYrUvRzhVIrkSKzpJw8zEEC3JDhLC0Fpn2e10TNgU/JyaYcvyEX49yRaz3yGvw0CU6foYXb3y4OS8u8tSZ [...] \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional c
Re: [VOTE] Release Apache Tomcat 11.0.0-M22
On 7/2/24 2:01 PM, Mark Thomas wrote: [X] +1 Beta - go ahead and release as 11.0.0-M22 -- Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.3.x updated: Fix broken XML
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new f832e92cf Fix broken XML f832e92cf is described below commit f832e92cf291b4628c67fd3473a4728cdacd54dd Author: Mark Thomas AuthorDate: Fri Jul 5 12:45:45 2024 +0100 Fix broken XML --- xdocs/miscellaneous/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 7b2e74142..b332e5f3b 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -47,6 +47,7 @@ Ensure local reference capacity is available when creating new arrays and Strings. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Fix broken XML
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new a4c6e182b Fix broken XML a4c6e182b is described below commit a4c6e182be11ac2e9bbf7e9a0f3ab25331fc03aa Author: Mark Thomas AuthorDate: Fri Jul 5 12:45:11 2024 +0100 Fix broken XML --- xdocs/miscellaneous/changelog.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 59ec98a58..7f5cd92b4 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -47,6 +47,7 @@ Ensure local reference capacity is available when creating new arrays and Strings. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69167] Is tomcat10.1 impacted with these vulnerabilities (CVE-2024-5535, CVE-2024-4603, CVE-2024-2511)
https://bz.apache.org/bugzilla/show_bug.cgi?id=69167 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas --- Bugzilla is not a support forum. Please direct you question to the Tomcat users mailing list. https://tomcat.apache.org/lists.html#tomcat-users -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.91
On 7/2/24 3:00 PM, Rémy Maucherat wrote: [X] +1, Stable - go ahead and release as 9.0.91 -- Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69167] New: Is tomcat10.1 impacted with these vulnerabilities (CVE-2024-5535, CVE-2024-4603, CVE-2024-2511)
https://bz.apache.org/bugzilla/show_bug.cgi?id=69167 Bug ID: 69167 Summary: Is tomcat10.1 impacted with these vulnerabilities (CVE-2024-5535, CVE-2024-4603, CVE-2024-2511) Product: Tomcat Native Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: major Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: zjhua2...@163.com Target Milestone: --- Hi colleague, In BDBA (Black Duck Binary Analysis) scans, it detected a critical vulnerability: CVE-2024-5535(https://nvd.nist.gov/vuln/detail/CVE-2024-5535) in openssl 3.0.13 in Tomcat 10.1.20 The detected object is: apache-tomcat-10.1.20/bin/tcnative-2.dll There are other vulnerabilities inside OpenSSL, such as CVE-2024-4603, CVE-2024-2511. Pls. kindly help check whether it is true positive or not in Tomcat, and when and which release it will be mitigated? Best regards, Peyton Zhong -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/03: Add basic LibreSSL support
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit b978d153aff7ec24b8e562bd247ddf956626d523 Author: remm AuthorDate: Wed Jul 3 15:08:43 2024 +0200 Add basic LibreSSL support Client cert and similar do not appear to work ("no renegotiation" error seen on the client). Skip conf test. Update the MacOS default behavior using two system properties. --- .../util/net/openssl/panama/OpenSSLContext.java| 35 +++ .../util/net/openssl/panama/OpenSSLEngine.java | 21 +++-- .../util/net/openssl/panama/OpenSSLLibrary.java| 7 +- java/org/apache/tomcat/util/openssl/openssl_h.java | 52 +-- .../util/openssl/openssl_h_Compatibility.java | 101 + .../tomcat/util/net/openssl/TestOpenSSLConf.java | 1 + webapps/docs/changelog.xml | 12 +++ webapps/docs/config/systemprops.xml| 13 +++ 8 files changed, 205 insertions(+), 37 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index 3dedf0fd22..e186586d78 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -66,6 +66,7 @@ import org.apache.tomcat.util.openssl.SSL_CTX_set_alpn_select_cb$cb; import org.apache.tomcat.util.openssl.SSL_CTX_set_cert_verify_callback$cb; import org.apache.tomcat.util.openssl.SSL_CTX_set_tmp_dh_callback$dh; import org.apache.tomcat.util.openssl.SSL_CTX_set_verify$callback; +import org.apache.tomcat.util.openssl.openssl_h_Compatibility; import org.apache.tomcat.util.openssl.pem_password_cb; import org.apache.tomcat.util.res.StringManager; @@ -135,13 +136,13 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { private static String[] getCiphers(MemorySegment sslCtx) { MemorySegment sk = SSL_CTX_get_ciphers(sslCtx); -int len = OPENSSL_sk_num(sk); +int len = openssl_h_Compatibility.OPENSSL_sk_num(sk); if (len <= 0) { return null; } ArrayList ciphers = new ArrayList<>(len); for (int i = 0; i < len; i++) { -MemorySegment cipher = OPENSSL_sk_value(sk, i); +MemorySegment cipher = openssl_h_Compatibility.OPENSSL_sk_value(sk, i); MemorySegment cipherName = SSL_CIPHER_get_name(cipher); ciphers.add(cipherName.getString(0)); } @@ -243,14 +244,14 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { SSL_CTX_set_min_proto_version(sslCtx, prot); // Disable compression, usually unsafe -SSL_CTX_set_options(sslCtx, SSL_OP_NO_COMPRESSION()); +openssl_h_Compatibility.SSL_CTX_set_options(sslCtx, SSL_OP_NO_COMPRESSION()); // Disallow a session from being resumed during a renegotiation, // so that an acceptable cipher suite can be negotiated. -SSL_CTX_set_options(sslCtx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION()); +openssl_h_Compatibility.SSL_CTX_set_options(sslCtx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION()); -SSL_CTX_set_options(sslCtx, SSL_OP_SINGLE_DH_USE()); -SSL_CTX_set_options(sslCtx, SSL_OP_SINGLE_ECDH_USE()); +openssl_h_Compatibility.SSL_CTX_set_options(sslCtx, SSL_OP_SINGLE_DH_USE()); +openssl_h_Compatibility.SSL_CTX_set_options(sslCtx, SSL_OP_SINGLE_ECDH_USE()); // Default session context id and cache size SSL_CTX_sess_set_cache_size(sslCtx, 256); @@ -463,31 +464,31 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { boolean success = true; try (var localArena = Arena.ofConfined()) { if (sslHostConfig.getInsecureRenegotiation()) { -SSL_CTX_set_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION()); +openssl_h_Compatibility.SSL_CTX_set_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION()); } else { -SSL_CTX_clear_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION()); +openssl_h_Compatibility.SSL_CTX_clear_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION()); } // Use server's preference order for ciphers (rather than // client's) if (sslHostConfig.getHonorCipherOrder()) { -SSL_CTX_set_options(state.sslCtx, SSL_OP_CIPHER_SERVER_PREFERENCE()); +openssl_h_Compatibility.SSL_CTX_set_options(state.sslCtx, SSL_OP_CIPHER_SERVER_PREFERENCE()); } else { -SSL_CTX_clear_options(state.sslCtx, SSL_OP_CIPHER_SERVER_PREFEREN
(tomcat) branch 10.1.x updated (7a8bedcb8e -> 3ed089982b)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 7a8bedcb8e Remove out of date comment. new b978d153af Add basic LibreSSL support new 3f42ee6e70 Add basic compatibility for BoringSSL new 3ed089982b Fix IDE warnings The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../util/net/openssl/panama/OpenSSLContext.java| 125 ++--- .../util/net/openssl/panama/OpenSSLEngine.java | 28 +-- .../util/net/openssl/panama/OpenSSLLibrary.java| 29 +-- java/org/apache/tomcat/util/openssl/openssl_h.java | 52 +- .../util/openssl/openssl_h_Compatibility.java | 144 +-- .../tomcat/util/openssl/openssl_h_Macros.java | 201 +++-- .../tomcat/util/net/openssl/TestOpenSSLConf.java | 1 + webapps/docs/changelog.xml | 16 ++ webapps/docs/config/systemprops.xml| 13 ++ 9 files changed, 488 insertions(+), 121 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/03: Add basic compatibility for BoringSSL
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 3f42ee6e706efcdca4064ba295da10e5c0508a4b Author: remm AuthorDate: Thu Jul 4 12:37:05 2024 +0200 Add basic compatibility for BoringSSL --- .../util/net/openssl/panama/OpenSSLContext.java| 90 +- .../util/net/openssl/panama/OpenSSLEngine.java | 7 +- .../util/net/openssl/panama/OpenSSLLibrary.java| 22 +-- .../util/openssl/openssl_h_Compatibility.java | 47 +++-- .../tomcat/util/openssl/openssl_h_Macros.java | 199 +++-- webapps/docs/changelog.xml | 4 + 6 files changed, 284 insertions(+), 85 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index e186586d78..29d017f496 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -114,8 +114,6 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } } -static final boolean OPENSSL_3 = (OpenSSL_version_num() >= 0x300fL); - private final SSLHostConfig sslHostConfig; private final SSLHostConfigCertificate certificate; private final boolean alpn; @@ -1053,57 +1051,61 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { // Try to read DH parameters from the (first) SSLCertificateFile if (index == SSL_AIDX_RSA) { BIO_reset(certificateBIO); -if (!OPENSSL_3) { -var dh = PEM_read_bio_DHparams(certificateBIO, MemorySegment.NULL, MemorySegment.NULL, MemorySegment.NULL); -if (!MemorySegment.NULL.equals(dh)) { -SSL_CTX_set_tmp_dh(state.sslCtx, dh); -DH_free(dh); -} -} else { -var pkey = PEM_read_bio_Parameters(certificateBIO, MemorySegment.NULL); -if (!MemorySegment.NULL.equals(pkey)) { -int numBits = EVP_PKEY_get_bits(pkey); -if (SSL_CTX_set0_tmp_dh_pkey(state.sslCtx, pkey) <= 0) { -EVP_PKEY_free(pkey); -} else { - log.debug(sm.getString("openssl.setCustomDHParameters", Integer.valueOf(numBits), certificate.getCertificateFile())); +if (!openssl_h_Compatibility.BORINGSSL) { +if (!openssl_h_Compatibility.OPENSSL3) { +var dh = PEM_read_bio_DHparams(certificateBIO, MemorySegment.NULL, MemorySegment.NULL, MemorySegment.NULL); +if (!MemorySegment.NULL.equals(dh)) { +SSL_CTX_set_tmp_dh(state.sslCtx, dh); +DH_free(dh); } } else { -String errMessage = OpenSSLLibrary.getLastError(); -if (errMessage != null) { - log.debug(sm.getString("openssl.errorReadingPEMParameters", errMessage, certificate.getCertificateFile())); +var pkey = PEM_read_bio_Parameters(certificateBIO, MemorySegment.NULL); +if (!MemorySegment.NULL.equals(pkey)) { +int numBits = EVP_PKEY_get_bits(pkey); +if (SSL_CTX_set0_tmp_dh_pkey(state.sslCtx, pkey) <= 0) { +EVP_PKEY_free(pkey); +} else { + log.debug(sm.getString("openssl.setCustomDHParameters", Integer.valueOf(numBits), certificate.getCertificateFile())); +} +} else { +String errMessage = OpenSSLLibrary.getLastError(); +if (errMessage != null) { + log.debug(sm.getString("openssl.errorReadingPEMParameters", errMessage, certificate.getCertificateFile())); +} +SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_DH_AUTO(), 1, MemorySegment.NULL); } -SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_DH_AUTO(), 1, MemorySegment.NULL); } } } // Similarly, try to read the ECDH curve name from SSLCertificateFile... BIO_reset(certificateBIO); -if (!OPENSSL_3) { -var ecparams = PEM_read_
(tomcat) 03/03: Fix IDE warnings
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 3ed089982baa6ef9654dd701030ff6e97c6cfe6e Author: Mark Thomas AuthorDate: Thu Jul 4 13:26:54 2024 +0100 Fix IDE warnings --- .../tomcat/util/openssl/openssl_h_Compatibility.java | 2 +- java/org/apache/tomcat/util/openssl/openssl_h_Macros.java | 14 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java index 04578ceafd..29f39f0481 100644 --- a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java +++ b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java @@ -217,7 +217,7 @@ public class openssl_h_Compatibility { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, x0, x1); +openssl_h.traceDowncall(Holder.NAME, x0, Integer.valueOf(x1)); } return (MemorySegment) mh$.invokeExact(x0, x1); } catch (Throwable ex$) { diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java index 5c6101c7f4..dcb6984fe8 100644 --- a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java +++ b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java @@ -52,7 +52,7 @@ public class openssl_h_Macros { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, sslCtx, version); +openssl_h.traceDowncall(Holder.NAME, sslCtx, Long.valueOf(version)); } return (long) mh$.invokeExact(sslCtx, version); } catch (Throwable ex$) { @@ -85,7 +85,7 @@ public class openssl_h_Macros { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, sslCtx, version); +openssl_h.traceDowncall(Holder.NAME, sslCtx, Long.valueOf(version)); } return (long) mh$.invokeExact(sslCtx, version); } catch (Throwable ex$) { @@ -150,7 +150,7 @@ public class openssl_h_Macros { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, sslCtx, cacheSize); +openssl_h.traceDowncall(Holder.NAME, sslCtx, Long.valueOf(cacheSize)); } return (long) mh$.invokeExact(sslCtx, cacheSize); } catch (Throwable ex$) { @@ -215,7 +215,7 @@ public class openssl_h_Macros { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, sslCtx, cacheMode); +openssl_h.traceDowncall(Holder.NAME, sslCtx, Long.valueOf(cacheMode)); } return (long) mh$.invokeExact(sslCtx, cacheMode); } catch (Throwable ex$) { @@ -282,7 +282,7 @@ public class openssl_h_Macros { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, sslCtx, keys, keyLength); +openssl_h.traceDowncall(Holder.NAME, sslCtx, keys, Long.valueOf(keyLength)); } return (long) mh$.invokeExact(sslCtx, keys, keyLength); } catch (Throwable ex$) { @@ -412,7 +412,7 @@ public class openssl_h_Macros { var mh$ = Holder.MH; try { if (openssl_h.TRACE_DOWNCALLS) { -openssl_h.traceDowncall(Holder.NAME, sslCtx, groupsList, listLength); +openssl_h.traceDowncall(Holder.NAME, sslCtx, groupsList, Integer.valueOf(listLength)); } return (long) mh$.invokeExact(sslCtx, groupsList, listLength); } catch (Throwable ex$) { @@ -463,7 +463,7 @@ public class openssl_h_Macros { * @return the symbol */ public static MemorySegment d2i_ECPKParameters$SYMBOL() { -return openssl_h.findOrThrow("d2i_ECPKParameters"); +return openssl_h.findOrThrow("d2i_ECPKParameters"); } } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org