[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Violeta Georgieva changed: What|Removed |Added CC||polina.gen...@gmail.com --- Comment #10 from Violeta Georgieva --- *** Bug 52751 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Konstantin Kolinko changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #9 from Konstantin Kolinko --- (In reply to Konstantin Kolinko from comment #8) Fixed, will be in 8.0.6 and 7.0.54. I went with the standard title "Error report". When I tried repeating the header text in the title, it looked bad for 404 errors. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Konstantin Kolinko changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #8 from Konstantin Kolinko --- When both showServerInfo and showReport are false, the generated HTML will have no element. If I remember the specs correctly a is required. A good alternative will be sb.append(smClient.getString("errorReportValve.statusHeader", String.valueOf(statusCode), message)) // errorReportValve.statusHeader=HTTP Status {0} - {1} -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Violeta Georgieva changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #7 from Violeta Georgieva --- Thanks for the report and the patch. This has been fixed in trunk for 8.0.6 and in 7.0.x for 7.0.54 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 --- Comment #6 from Nick Bunn --- My first patch did actually keep the css. However, after talking more with my team at work and looking at what the TomEE team has done(doesn't have css as well), it was determined if i left it you would then know its tomcat so you would still have a possible security issue. I just want to note you have to set both settings to false to remove the css. if you just disable the version you will see the css for the report part. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 --- Comment #5 from Violeta Georgieva --- Hi, I see that you are removing the CSS when showReport is false. Why is that? When showServerInfo is false you are removing the whole footer. Why is that? You can remove only the text so that the page stays with the same look and feel. Regards Violeta -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 --- Comment #4 from Nick Bunn --- Do i need to provide a patch for tomcat 6 and 8? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Nick Bunn changed: What|Removed |Added Attachment #31510|0 |1 is obsolete|| --- Comment #3 from Nick Bunn --- Created attachment 31529 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31529&action=edit Patch for ErrorReportValve_03 Changed the variables to protected from private -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56383] Securing ErrorReportValve [PATCH]
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 Christopher Schultz changed: What|Removed |Added Summary|Securing ErrorReportValve |Securing ErrorReportValve ||[PATCH] -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org