Buildbot failure in on tomcat-11.0.x

2024-04-16 Thread buildbot 
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1037
Blamelist: Mark Thomas 
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch main] dab2b1027521ccad85685a7c2b868fc4abab82c8


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  shell_6: 0

  compile: 1

  shell_7: 0

  shell_8: 0

  shell_9: 0

  shell_10: 0

  Rsync docs to nightlies.apache.org: 0

  shell_11: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 2

  shell_12: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 68908] New: Tomcat feints death, there is no ClientPoller thread in the stack information

2024-04-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=68908

Bug ID: 68908
   Summary: Tomcat feints death, there is no ClientPoller thread
in the stack information
   Product: Tomcat 9
   Version: 9.0.39
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: WebSocket
  Assignee: dev@tomcat.apache.org
  Reporter: huangzeling8...@dingtalk.com
  Target Milestone: -

springboot Tomcat 9.0.39  feints death, there is no ClientPoller thread in the
stack information,The error is as follows
[http-nio-18080-exec-146] o.s.web.servlet.HandlerExecutionChain:
HandlerInterceptor.afterCompletion threw exception
java.lang.NullPointerException: null
org.springframework.boot.actuate.metrics.web.servlet.LongTaskTimingHandlerInterceptor.stopLongTaskTimers(LongTaskTimingHandlerInterceptor.java:123)
~[spring-boot-actuator-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
org.springframework.boot.actuate.metrics.web.servlet.LongTaskTimingHandlerInterceptor.afterCompletion(LongTaskTimingHandlerInterceptor.java:79)
~[spring-boot-actuator-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
Upon checking the stack information, it was found that the thread of
ClientPoller in Tomcat was missing. Tomcat experienced a fake death situation
without any access log. I suspect it may be related to websocket, as a
websocket client disconnected and experienced the following situation

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot failure in on tomcat-10.1.x

2024-04-16 Thread buildbot 
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/44/builds/1221
Blamelist: Mark Thomas 
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch 10.1.x] bbb3821e56e4b9928b09d0ce6057f5f1500c960f


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 2

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23

2024-04-16 Thread Christopher Schultz 

Rémy,

On 4/16/24 14:34, Rémy Maucherat wrote:

On Tue, Apr 16, 2024 at 3:11 PM Christopher Schultz
 wrote:


The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build
mistake and Apache Tomcat 10.1.22 was cancelled due to an option in
startup scripts which would have caused Java 11 environments to fail to
start.

The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.1.23


+1
Sorry again for the trouble ...


It's no trouble.

When I was still doing Tomcat 8.5 it would have been worse. I managed to 
get things such that the final digit of both releases was the same and 
it was hard to mess them up. Burning .21 and .22 would have thrown that 
out of wack and I probably would have been doing wrong-tags or 
wrong-emails or whatever.


So don't worry about it :)

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/02: Remove the internal fork of Commons Codec.

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0e55afa1fc821f70d6e81fe20c096cfba1d2d932
Author: Mark Thomas 
AuthorDate: Tue Apr 16 15:33:41 2024 +0100

Remove the internal fork of Commons Codec.
---
 MERGE.txt  |   9 -
 .../apache/tomcat/util/codec/binary/Base64.java| 661 -
 .../tomcat/util/codec/binary/BaseNCodec.java   | 478 ---
 .../util/codec/binary/LocalStrings.properties  |  21 -
 .../util/codec/binary/LocalStrings_fr.properties   |  20 -
 .../util/codec/binary/LocalStrings_ja.properties   |  20 -
 .../util/codec/binary/LocalStrings_ko.properties   |  19 -
 .../codec/binary/LocalStrings_zh_CN.properties |  19 -
 .../tomcat/util/codec/binary/StringUtils.java  | 116 
 .../tomcat/util/codec/binary/package-info.java |  21 -
 webapps/docs/changelog.xml |   3 +-
 11 files changed, 2 insertions(+), 1385 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index c3e81ab842..a4c15506df 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -39,15 +39,6 @@ src/main/java/org/apache/bcel
 The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
 rel/commons-bcel-6.8.2 (2024-02-25)
 
-Codec
--
-Unused code is removed
-Sub-tree:
-src/main/java/org/apache/commons/codec
-The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-rel/commons-codec-1.16.1 (2024-02-09)
-Note: Only classes required for Base64 encoding/decoding. The rest are removed.
-
 FileUpload
 --
 Unused code is removed
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java 
b/java/org/apache/tomcat/util/codec/binary/Base64.java
deleted file mode 100644
index e38bf3df17..00
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ /dev/null
@@ -1,661 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomcat.util.codec.binary;
-
-/**
- * Provides Base64 encoding and decoding as defined by http://www.ietf.org/rfc/rfc2045.txt;>RFC 2045.
- *
- * 
- * This class implements section 6.8. Base64 
Content-Transfer-Encoding from RFC 2045 Multipurpose
- * Internet Mail Extensions (MIME) Part One: Format of Internet Message 
Bodies by Freed and Borenstein.
- * 
- * 
- * The class can be parameterized in the following manner with various 
constructors:
- * 
- * 
- * URL-safe mode: Default off.
- * Line length: Default 76. Line length that aren't multiples of 4 will 
still essentially end up being multiples of
- * 4 in the encoded data.
- * Line separator: Default is CRLF ("\r\n")
- * 
- * 
- * The URL-safe parameter is only applied to encode operations. Decoding 
seamlessly handles both modes.
- * 
- * 
- * Since this class operates directly on byte streams, and not character 
streams, it is hard-coded to only
- * encode/decode character encodings which are compatible with the lower 127 
ASCII chart (ISO-8859-1, Windows-1252,
- * UTF-8, etc).
- * 
- * 
- * This class is thread-safe.
- * 
- *
- * @see http://www.ietf.org/rfc/rfc2045.txt;>RFC 2045
- * @since 1.0
- */
-public class Base64 extends BaseNCodec {
-
-/**
- * BASE64 characters are 6 bits in length.
- * They are formed by taking a block of 3 octets to form a 24-bit string,
- * which is converted into 4 BASE64 characters.
- */
-private static final int BITS_PER_ENCODED_BYTE = 6;
-private static final int BYTES_PER_UNENCODED_BLOCK = 3;
-private static final int BYTES_PER_ENCODED_BLOCK = 4;
-
-/**
- * This array is a lookup table that translates 6-bit positive integer 
index values into their "Base64 Alphabet"
- * equivalents as specified in Table 1 of RFC 2045.
- * 
- * Thanks to "commons" project in ws.apache.org for this code.
- * https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
- * 
- */
-private static final byte[] STANDARD_ENCODE_TABLE = {
-'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
-'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
-'a', 'b', 'c', 'd', 'e',

(tomcat) 01/02: Switch to the Base64 encoder and decoder provided by the JRE.

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bd23ba3b79f21210891f036e54c3b80886401ef0
Author: Mark Thomas 
AuthorDate: Tue Apr 16 15:31:37 2024 +0100

Switch to the Base64 encoder and decoder provided by the JRE.

This removes the dependency on the internal fork of Commons Codec.
---
 .../authenticator/SpnegoAuthenticator.java |  9 +++
 .../realm/MessageDigestCredentialHandler.java  |  6 ++---
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  4 ++--
 .../http/fileupload/util/mime/MimeUtility.java |  5 ++--
 .../tomcat/util/http/parser/StructuredField.java   |  4 ++--
 java/org/apache/tomcat/util/net/jsse/PEMFile.java  |  7 +++---
 .../tomcat/websocket/WsWebSocketContainer.java |  4 ++--
 .../tomcat/websocket/server/UpgradeUtil.java   | 28 +++---
 .../authenticator/TestAuthInfoResponseHeaders.java |  4 ++--
 .../TestNonLoginAndBasicAuthenticator.java |  4 ++--
 .../TestSSOnonLoginAndBasicAuthenticator.java  |  4 ++--
 .../core/TestPropertiesRoleMappingListener.java|  4 ++--
 .../filters/TestRestCsrfPreventionFilter2.java |  4 ++--
 test/org/apache/coyote/http2/Http2TestBase.java|  4 ++--
 webapps/docs/changelog.xml |  8 +++
 15 files changed, 47 insertions(+), 52 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index 6377416ea4..ab4a8c3287 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -22,6 +22,7 @@ import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Base64;
 import java.util.LinkedHashMap;
 import java.util.regex.Pattern;
 
@@ -38,7 +39,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.compat.JreVendor;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
@@ -166,8 +166,9 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 
 authorizationBC.setOffset(authorizationBC.getOffset() + 10);
 
-byte[] decoded = Base64.decodeBase64(authorizationBC.getBuffer(), 
authorizationBC.getOffset(),
-authorizationBC.getLength());
+byte[] encoded = new byte[authorizationBC.getLength()];
+System.arraycopy(authorizationBC.getBuffer(), 0, encoded, 0, 
authorizationBC.getLength());
+byte[] decoded = Base64.getDecoder().decode(encoded);
 
 if (getApplyJava8u40Fix()) {
 SpnegoTokenFixer.fix(decoded);
@@ -264,7 +265,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 }
 
 // Send response token on success and failure
-response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " " 
+ Base64.encodeBase64String(outToken));
+response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " " 
+ Base64.getEncoder().encodeToString(outToken));
 
 if (principal != null) {
 register(request, response, principal, Constants.SPNEGO_METHOD, 
principal.getName(), null);
diff --git a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java 
b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
index 7945af8490..e3aa771d60 100644
--- a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
+++ b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
@@ -21,12 +21,12 @@ import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
+import java.util.Base64;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.HexUtils;
-import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.security.ConcurrentMessageDigest;
 
 /**
@@ -110,7 +110,7 @@ public class MessageDigestCredentialHandler extends 
DigestCredentialHandlerBase
 String base64ServerDigest = storedCredentials.substring(5);
 byte[] userDigest = 
ConcurrentMessageDigest.digest(getAlgorithm(),
 
inputCredentials.getBytes(StandardCharsets.ISO_8859_1));
-String base64UserDigest = 
Base64.encodeBase64String(userDigest);
+String base64UserDigest = 
Base64.getEncoder().encodeToString(userDigest);
 
 return DigestCredentialHandlerBase.equals(base64UserDigest,

(tomcat) branch main updated (973881f808 -> 0e55afa1fc)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 973881f808 Fix Gump issue - Gump tests with OpenSSL master which is 
now 3.4.x
 new bd23ba3b79 Switch to the Base64 encoder and decoder provided by the 
JRE.
 new 0e55afa1fc Remove the internal fork of Commons Codec.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 MERGE.txt  |   9 -
 .../authenticator/SpnegoAuthenticator.java |   9 +-
 .../realm/MessageDigestCredentialHandler.java  |   6 +-
 .../apache/coyote/http2/Http2UpgradeHandler.java   |   4 +-
 .../apache/tomcat/util/codec/binary/Base64.java| 661 -
 .../tomcat/util/codec/binary/BaseNCodec.java   | 478 ---
 .../util/codec/binary/LocalStrings.properties  |  21 -
 .../util/codec/binary/LocalStrings_fr.properties   |  20 -
 .../util/codec/binary/LocalStrings_ja.properties   |  20 -
 .../util/codec/binary/LocalStrings_ko.properties   |  19 -
 .../codec/binary/LocalStrings_zh_CN.properties |  19 -
 .../tomcat/util/codec/binary/StringUtils.java  | 116 
 .../tomcat/util/codec/binary/package-info.java |  21 -
 .../http/fileupload/util/mime/MimeUtility.java |   5 +-
 .../tomcat/util/http/parser/StructuredField.java   |   4 +-
 java/org/apache/tomcat/util/net/jsse/PEMFile.java  |   7 +-
 .../tomcat/websocket/WsWebSocketContainer.java |   4 +-
 .../tomcat/websocket/server/UpgradeUtil.java   |  28 +-
 .../authenticator/TestAuthInfoResponseHeaders.java |   4 +-
 .../TestNonLoginAndBasicAuthenticator.java |   4 +-
 .../TestSSOnonLoginAndBasicAuthenticator.java  |   4 +-
 .../core/TestPropertiesRoleMappingListener.java|   4 +-
 .../filters/TestRestCsrfPreventionFilter2.java |   4 +-
 test/org/apache/coyote/http2/Http2TestBase.java|   4 +-
 webapps/docs/changelog.xml |   9 +
 25 files changed, 48 insertions(+), 1436 deletions(-)
 delete mode 100644 java/org/apache/tomcat/util/codec/binary/Base64.java
 delete mode 100644 java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
 delete mode 100644 
java/org/apache/tomcat/util/codec/binary/LocalStrings.properties
 delete mode 100644 
java/org/apache/tomcat/util/codec/binary/LocalStrings_fr.properties
 delete mode 100644 
java/org/apache/tomcat/util/codec/binary/LocalStrings_ja.properties
 delete mode 100644 
java/org/apache/tomcat/util/codec/binary/LocalStrings_ko.properties
 delete mode 100644 
java/org/apache/tomcat/util/codec/binary/LocalStrings_zh_CN.properties
 delete mode 100644 java/org/apache/tomcat/util/codec/binary/StringUtils.java
 delete mode 100644 java/org/apache/tomcat/util/codec/binary/package-info.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917035 - /tomcat/site/trunk/docs/tomcat-11.0-doc/api/org/apache/catalina/util/StringUtil.html

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 14:45:12 2024
New Revision: 1917035

URL: http://svn.apache.org/viewvc?rev=1917035=rev
Log:
Javadoc update for 11.0.0-M19

Added:

tomcat/site/trunk/docs/tomcat-11.0-doc/api/org/apache/catalina/util/StringUtil.html

Added: 
tomcat/site/trunk/docs/tomcat-11.0-doc/api/org/apache/catalina/util/StringUtil.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-11.0-doc/api/org/apache/catalina/util/StringUtil.html?rev=1917035=auto
==
--- 
tomcat/site/trunk/docs/tomcat-11.0-doc/api/org/apache/catalina/util/StringUtil.html
 (added)
+++ 
tomcat/site/trunk/docs/tomcat-11.0-doc/api/org/apache/catalina/util/StringUtil.html
 Tue Apr 16 14:45:12 2024
@@ -0,0 +1,192 @@
+
+
+
+
+StringUtil (Apache Tomcat 11.0.0-M19 API Documentation)
+
+
+
+
+
+
+
+
+
+
+
+var pathtoroot = "../../../../";
+loadScripts(document, 'script');
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+Apache Tomcat® 11.0.0-M19
+
+Overview
+Package
+Class
+Tree
+Deprecated
+Index
+Help
+
+
+
+Summary:
+
+Nested
+Field
+Constr
+Method
+
+
+
+Detail:
+
+Field
+Constr
+Method
+
+
+
+
+
+
+
+Summary:
+Nested|
+Field|
+Constr|
+Method
+
+
+Detail:
+Field|
+Constr|
+Method
+
+
+SEARCH
+
+
+
+
+
+
+
+
+
+
+Packageorg.apache.catalina.util
+Class StringUtil
+
+https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html;
 title="class or interface in java.lang" 
class="external-link">java.lang.Object
+org.apache.catalina.util.StringUtil
+
+
+
+
+public class StringUtil
+extends https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html;
 title="class or interface in java.lang" 
class="external-link">Object
+
+
+
+
+
+
+
+Constructor Summary
+Constructors
+
+Constructor
+Description
+StringUtil()
+
+
+
+
+
+
+
+Method Summary
+
+All 
MethodsStatic MethodsConcrete Methods
+
+
+Modifier and Type
+Method
+Description
+static https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/String.html;
 title="class or interface in java.lang" 
class="external-link">String[]
+splitCommaSeparated(https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/String.html;
 title="class or interface in java.lang" 
class="external-link">Strings)
+
+Splits a comma-separated string into an array of String 
values.
+
+
+
+
+
+Methods inherited from 
classjava.lang.https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html;
 title="class or interface in java.lang" class="external-link">Object
+https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#clone()"
 title="class or interface in java.lang" class="external-link">clone, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#equals(java.lang.Object)"
 title="class or interface in java.lang" class="external-link">equals, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#finalize()"
 title="class or interface in java.lang" class="external-link">finalize, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#getClass()"
 title="class or interface in java.lang" class="external-link">getClass, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#hashCode()"
 title="class or interface in java.lang" class="external-link">hashCode, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Objec
 t.html#notify()" title="class or interface in java.lang" 
class="external-link">notify, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#notifyAll()"
 title="class or interface in java.lang" class="external-link">notifyAll, 
https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#toString()"
 title="class or interface in java.lang" class="external-link">toString, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#wait()"
 title="class or interface in java.lang" class="external-link">wait, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#wait(long)"
 title="class or interface in java.lang" class="external-link">wait, https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Object.html#wait(long,int)"
 title="class or interface in java.lang" 
class="external-link">wait
+
+
+
+
+
+
+
+
+
+Constructor Details
+
+
+
+StringUtil
+
+publicStringUtil()
+
+
+
+
+
+
+
+
+
+Method Details
+
+
+
+splitCommaSeparated
+
+public 
statichttps://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/String.html;
 title="class or interface in java.lang" 
class="external-link">String[]splitCommaSeparated(https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/String.html;
 title="class or interface in java.lang" 
class="external-link">Strings)
+Splits a comma-separated string into an array of String

svn commit: r1917034 - in /tomcat/site/trunk/docs/tomcat-11.0-doc: ./ annotationapi/ annotationapi/jakarta/annotation/ annotationapi/jakarta/annotation/security/ annotationapi/jakarta/annotation/sql/

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 14:44:28 2024
New Revision: 1917034

URL: http://svn.apache.org/viewvc?rev=1917034=rev
Log:
Javadoc update for 11.0.0-M19


[This commit notification would consist of 72 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 11.0.0-M19 (alpha) available

2024-04-16 Thread Rémy Maucherat 
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M19 (alpha).

Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is available to aid this process.

Apache Tomcat 11.0.0-M19 is a milestone release of the 11.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 11.0.x so that they may provide feedback. The notable
changes compared to 11.0.0-M18 include:

- Finalize update to the Jakarta EE 11 specifications.

- Cookies header generation enhancements.

- Fix regression when reloading TLS configuration and files.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-11.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-11.cgi

Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated (ea37a83dd4 -> 972f2913c4)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from ea37a83dd4 Fix Gump issue - Gump tests with OpenSSL master which is 
now 3.4.x
 new 2c470e1bb0 Switch to the Base64 encoder and decoder provided by the 
JRE.
 new 972f2913c4 Deprecate the internal fork of Commons Codec

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../authenticator/SpnegoAuthenticator.java |  9 +++
 .../realm/MessageDigestCredentialHandler.java  |  6 ++---
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  4 ++--
 .../apache/tomcat/util/codec/binary/Base64.java|  3 +++
 .../tomcat/util/codec/binary/BaseNCodec.java   |  3 +++
 .../tomcat/util/codec/binary/StringUtils.java  |  3 +++
 .../tomcat/util/codec/binary/package-info.java |  2 ++
 .../http/fileupload/util/mime/MimeUtility.java |  5 ++--
 .../tomcat/util/http/parser/StructuredField.java   |  4 ++--
 java/org/apache/tomcat/util/net/jsse/PEMFile.java  |  7 +++---
 .../tomcat/websocket/WsWebSocketContainer.java |  4 ++--
 .../tomcat/websocket/server/UpgradeUtil.java   | 28 +++---
 .../authenticator/TestAuthInfoResponseHeaders.java |  4 ++--
 .../TestNonLoginAndBasicAuthenticator.java |  4 ++--
 .../TestSSOnonLoginAndBasicAuthenticator.java  |  4 ++--
 .../core/TestPropertiesRoleMappingListener.java|  4 ++--
 .../filters/TestRestCsrfPreventionFilter2.java |  4 ++--
 test/org/apache/coyote/http2/Http2TestBase.java|  4 ++--
 webapps/docs/changelog.xml | 10 
 19 files changed, 60 insertions(+), 52 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Switch to the Base64 encoder and decoder provided by the JRE.

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9ce43c498064e54504c29af65d32cd815f1ee0f9
Author: Mark Thomas 
AuthorDate: Tue Apr 16 15:31:37 2024 +0100

Switch to the Base64 encoder and decoder provided by the JRE.

This removes the dependency on the internal fork of Commons Codec.
---
 .../authenticator/SpnegoAuthenticator.java |  9 +++
 .../realm/MessageDigestCredentialHandler.java  |  6 ++---
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  4 ++--
 .../http/fileupload/util/mime/MimeUtility.java |  5 ++--
 .../tomcat/util/http/parser/StructuredField.java   |  4 ++--
 java/org/apache/tomcat/util/net/jsse/PEMFile.java  |  7 +++---
 .../tomcat/websocket/WsWebSocketContainer.java |  4 ++--
 .../tomcat/websocket/server/UpgradeUtil.java   | 28 +++---
 .../authenticator/TestAuthInfoResponseHeaders.java |  4 ++--
 .../TestNonLoginAndBasicAuthenticator.java |  4 ++--
 .../TestSSOnonLoginAndBasicAuthenticator.java  |  4 ++--
 .../core/TestPropertiesRoleMappingListener.java|  4 ++--
 .../filters/TestRestCsrfPreventionFilter2.java |  4 ++--
 test/org/apache/coyote/http2/Http2TestBase.java|  4 ++--
 webapps/docs/changelog.xml |  8 +++
 15 files changed, 47 insertions(+), 52 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index 08ae4e1426..7f7656dae4 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -22,6 +22,7 @@ import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Base64;
 import java.util.LinkedHashMap;
 import java.util.regex.Pattern;
 
@@ -37,7 +38,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.compat.JreVendor;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
@@ -165,8 +165,9 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 
 authorizationBC.setOffset(authorizationBC.getOffset() + 10);
 
-byte[] decoded = Base64.decodeBase64(authorizationBC.getBuffer(), 
authorizationBC.getOffset(),
-authorizationBC.getLength());
+byte[] encoded = new byte[authorizationBC.getLength()];
+System.arraycopy(authorizationBC.getBuffer(), 0, encoded, 0, 
authorizationBC.getLength());
+byte[] decoded = Base64.getDecoder().decode(encoded);
 
 if (getApplyJava8u40Fix()) {
 SpnegoTokenFixer.fix(decoded);
@@ -263,7 +264,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 }
 
 // Send response token on success and failure
-response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " " 
+ Base64.encodeBase64String(outToken));
+response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " " 
+ Base64.getEncoder().encodeToString(outToken));
 
 if (principal != null) {
 register(request, response, principal, Constants.SPNEGO_METHOD, 
principal.getName(), null);
diff --git a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java 
b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
index 7945af8490..e3aa771d60 100644
--- a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
+++ b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
@@ -21,12 +21,12 @@ import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
+import java.util.Base64;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.HexUtils;
-import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.security.ConcurrentMessageDigest;
 
 /**
@@ -110,7 +110,7 @@ public class MessageDigestCredentialHandler extends 
DigestCredentialHandlerBase
 String base64ServerDigest = storedCredentials.substring(5);
 byte[] userDigest = 
ConcurrentMessageDigest.digest(getAlgorithm(),
 
inputCredentials.getBytes(StandardCharsets.ISO_8859_1));
-String base64UserDigest = 
Base64.encodeBase64String(userDigest);
+String base64UserDigest = 
Base64.getEncoder().encodeToString(userDigest);
 
 return DigestCredentialHandlerBase.equals(base64UserDigest,

(tomcat) 02/02: Deprecate the internal fork of Commons Codec

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 64746104ce3e06da628c86679a2bca63a4fd94d6
Author: Mark Thomas 
AuthorDate: Tue Apr 16 15:37:40 2024 +0100

Deprecate the internal fork of Commons Codec
---
 java/org/apache/tomcat/util/codec/binary/Base64.java   | 3 +++
 java/org/apache/tomcat/util/codec/binary/BaseNCodec.java   | 3 +++
 java/org/apache/tomcat/util/codec/binary/StringUtils.java  | 3 +++
 java/org/apache/tomcat/util/codec/binary/package-info.java | 2 ++
 webapps/docs/changelog.xml | 4 +++-
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java 
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index e38bf3df17..5f6fdbd7a5 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -46,7 +46,10 @@ package org.apache.tomcat.util.codec.binary;
  *
  * @see http://www.ietf.org/rfc/rfc2045.txt;>RFC 2045
  * @since 1.0
+ *
+ * @deprecated Unused. This class will be removed in Tomcat 11 onwards.
  */
+@Deprecated
 public class Base64 extends BaseNCodec {
 
 /**
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 7492773fe0..2eaa78e940 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -27,7 +27,10 @@ import org.apache.tomcat.util.res.StringManager;
  * 
  * This class is thread-safe.
  * 
+ *
+ * @deprecated Unused. This class will be removed in Tomcat 11 onwards.
  */
+@Deprecated
 public abstract class BaseNCodec {
 
 protected static final StringManager sm = 
StringManager.getManager(BaseNCodec.class);
diff --git a/java/org/apache/tomcat/util/codec/binary/StringUtils.java 
b/java/org/apache/tomcat/util/codec/binary/StringUtils.java
index ab050f3509..619964105b 100644
--- a/java/org/apache/tomcat/util/codec/binary/StringUtils.java
+++ b/java/org/apache/tomcat/util/codec/binary/StringUtils.java
@@ -29,7 +29,10 @@ import java.nio.charset.StandardCharsets;
  * @see Charset
  * @see StandardCharsets
  * @since 1.4
+ *
+ * @deprecated Unused. This class will be removed in Tomcat 11 onwards.
  */
+@Deprecated
 public class StringUtils {
 
 /**
diff --git a/java/org/apache/tomcat/util/codec/binary/package-info.java 
b/java/org/apache/tomcat/util/codec/binary/package-info.java
index 605aeded44..c41bd15a4e 100644
--- a/java/org/apache/tomcat/util/codec/binary/package-info.java
+++ b/java/org/apache/tomcat/util/codec/binary/package-info.java
@@ -17,5 +17,7 @@
 
 /**
  * Base64 String encoding and decoding.
+ *
+ * Unused. This package will be removed in Tomcat 11 onwards.
  */
 package org.apache.tomcat.util.codec.binary;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 95655b67a4..d24e2b190a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,7 +131,9 @@
 
   
 Switch to using the Base64 encoder and decoder provided by the JRE
-rather than the version provided by Commons Codec. (markt)
+rather than the version provided by Commons Codec. The internal fork of
+Commons Codec has been deprecated and will be removed in Tomcat 11.
+(markt)
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated (d7ae6515dc -> 64746104ce)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from d7ae6515dc Fix Gump issue - Gump tests with OpenSSL master which is 
now 3.4.x
 new 9ce43c4980 Switch to the Base64 encoder and decoder provided by the 
JRE.
 new 64746104ce Deprecate the internal fork of Commons Codec

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../authenticator/SpnegoAuthenticator.java |  9 +++
 .../realm/MessageDigestCredentialHandler.java  |  6 ++---
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  4 ++--
 .../apache/tomcat/util/codec/binary/Base64.java|  3 +++
 .../tomcat/util/codec/binary/BaseNCodec.java   |  3 +++
 .../tomcat/util/codec/binary/StringUtils.java  |  3 +++
 .../tomcat/util/codec/binary/package-info.java |  2 ++
 .../http/fileupload/util/mime/MimeUtility.java |  5 ++--
 .../tomcat/util/http/parser/StructuredField.java   |  4 ++--
 java/org/apache/tomcat/util/net/jsse/PEMFile.java  |  7 +++---
 .../tomcat/websocket/WsWebSocketContainer.java |  4 ++--
 .../tomcat/websocket/server/UpgradeUtil.java   | 28 +++---
 .../authenticator/TestAuthInfoResponseHeaders.java |  4 ++--
 .../TestNonLoginAndBasicAuthenticator.java |  4 ++--
 .../TestSSOnonLoginAndBasicAuthenticator.java  |  4 ++--
 .../core/TestPropertiesRoleMappingListener.java|  4 ++--
 .../filters/TestRestCsrfPreventionFilter2.java |  4 ++--
 test/org/apache/coyote/http2/Http2TestBase.java|  4 ++--
 webapps/docs/changelog.xml | 10 
 19 files changed, 60 insertions(+), 52 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917037 - in /tomcat/site/trunk/docs/tomcat-9.0-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ api/ ap

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 14:57:05 2024
New Revision: 1917037

URL: http://svn.apache.org/viewvc?rev=1917037=rev
Log:
Javadoc update for 9.0.88


[This commit notification would consist of 69 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917038 - in /tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache: catalina/util/ tomcat/dbcp/pool2/ tomcat/util/http/fileupload/servlet/

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 14:58:12 2024
New Revision: 1917038

URL: http://svn.apache.org/viewvc?rev=1917038=rev
Log:
Javadoc update for 9.0.88

Added:

tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/util/StringUtil.html
Removed:

tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.html

tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/tomcat/dbcp/pool2/BasePooledObjectFactory.html

tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/tomcat/util/http/fileupload/servlet/ServletFileUpload.html

Added: 
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/util/StringUtil.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/util/StringUtil.html?rev=1917038=auto
==
--- 
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/util/StringUtil.html
 (added)
+++ 
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/util/StringUtil.html
 Tue Apr 16 14:58:12 2024
@@ -0,0 +1,176 @@
+
+
+
+
+StringUtil (Apache Tomcat 9.0.88 API Documentation)
+
+
+
+
+
+
+
+
+
+
+
+
+var evenRowColor = "even-row-color";
+var oddRowColor = "odd-row-color";
+var tableTab = "table-tab";
+var activeTableTab = "active-table-tab";
+var pathtoroot = "../../../../";
+loadScripts(document, 'script');
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+
+Skip navigation links
+Apache Tomcat® 9.0.88
+
+Overview
+Package
+Class
+Tree
+Deprecated
+Index
+Help
+
+
+
+
+
+Summary:
+Nested|
+Field|
+Constr|
+Method
+
+
+Detail:
+Field|
+Constr|
+Method
+
+
+SEARCH:
+
+
+
+
+
+
+
+
+
+
+
+Packageorg.apache.catalina.util
+Class StringUtil
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html; 
title="class or interface in java.lang" 
class="external-link">java.lang.Object
+org.apache.catalina.util.StringUtil
+
+
+
+public class StringUtil
+extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html; 
title="class or interface in java.lang" 
class="external-link">Object
+
+
+
+
+
+
+Constructor Summary
+Constructors
+
+Constructor
+Description
+StringUtil()
+
+
+
+
+
+
+
+Method Summary
+
+All 
MethodsStatic MethodsConcrete Methods
+
+
+Modifier and Type
+Method
+Description
+static https://docs.oracle.com/javase/8/docs/api/java/lang/String.html; 
title="class or interface in java.lang" 
class="external-link">String[]
+splitCommaSeparated(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html; 
title="class or interface in java.lang" 
class="external-link">Strings)
+
+Splits a comma-separated string into an array of String 
values.
+
+
+
+
+
+Methods inherited from 
classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html; 
title="class or interface in java.lang" class="external-link">Object
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--; 
title="class or interface in java.lang" class="external-link">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-;
 title="class or interface in java.lang" class="external-link">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--;
 title="class or interface in java.lang" class="external-link">finalize, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--;
 title="class or interface in java.lang" class="external-link">getClass, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--;
 title="class or interface in java.lang" class="external-link">hashCode, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--; 
title="class or interface in java.lang" class="external-link">notify, https://docs.o
 racle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--" title="class or 
interface in java.lang" class="external-link">notifyAll, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--;
 title="class or interface in java.lang" class="external-link">toString, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--; 
title="class or interface in java.lang" class="external-link">wait, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-;
 title="class or interface in java.lang" class="external-link">wait, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-;
 title="class or interface in java.lang" 
class="external-link">wait
+
+
+
+
+
+
+
+
+
+Constructor Details
+
+
+
+StringUtil
+publicStringUtil()
+
+
+
+
+
+
+
+
+Method Details
+
+
+
+splitCommaSeparated
+public 
statichttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html; 
title="class or interface in java.lang" 
class="external-link">String[]splitCommaSeparated(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html; 
title="class or interface in java.lang" 
class="external-link">Strings)
+Splits a comma-separated string

[ANN] Apache Tomcat 9.0.88 available

2024-04-16 Thread Rémy Maucherat 
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.88.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.88 is a bugfix and feature release. The notable
changes compared to 9.0.87 include:

- Cookies header generation enhancements.

- Fix regression when reloading TLS configuration and files.

Along with lots of other bug fixes and improvements.

Please refer to the change log for the complete list of changes:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Downloads:
https://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 7.x and 8.x:
https://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23

2024-04-16 Thread Christopher Schultz 

All,

On 4/16/24 09:11, Christopher Schultz wrote:

The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build 
mistake and Apache Tomcat 10.1.22 was cancelled due to an option in 
startup scripts which would have caused Java 11 environments to fail to 
start.


The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.23


+1 for stable release

Unit tests pass on MacOS aarch64.

Details:

* Environment
*  Java (build):openjdk version "22" 2024-03-19 OpenJDK Runtime 
Environment Temurin-22+36 (build 22+36) OpenJDK 64-Bit Server VM 
Temurin-22+36 (build 22+36, mixed mode)
*  Java (test): openjdk version "22" 2024-03-19 OpenJDK Runtime 
Environment Temurin-22+36 (build 22+36) OpenJDK 64-Bit Server VM 
Temurin-22+36 (build 22+36, mixed mode)
*  Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 
2023

*  OS:  Darwin 23.4.0 arm64
*  cc:  Apple clang version 15.0.0 (clang-1500.3.9.4)
*  make:GNU Make 3.81
*  OpenSSL: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 
Nov 2023)

*  APR: 1.7.4
*
* Valid SHA-512 signature for apache-tomcat-10.1.23.zip
* Valid GPG signature for apache-tomcat-10.1.23.zip
* Valid SHA-512 signature for apache-tomcat-10.1.23.tar.gz
* Valid GPG signature for apache-tomcat-10.1.23.tar.gz
* Valid SHA-512 signature for apache-tomcat-10.1.23.exe
* Valid GPG signature for apache-tomcat-10.1.23.exe
* Valid SHA512 signature for apache-tomcat-10.1.23-src.zip
* Valid GPG signature for apache-tomcat-10.1.23-src.zip
* Valid SHA512 signature for apache-tomcat-10.1.23-src.tar.gz
* Valid GPG signature for apache-tomcat-10.1.23-src.tar.gz
*
* Binary Zip and tarball: Same
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: PASSED

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Switch to the Base64 encoder and decoder provided by the JRE.

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2c470e1bb039e532f02d6e4a08efd21275a8d8e5
Author: Mark Thomas 
AuthorDate: Tue Apr 16 15:31:37 2024 +0100

Switch to the Base64 encoder and decoder provided by the JRE.

This removes the dependency on the internal fork of Commons Codec.
---
 .../authenticator/SpnegoAuthenticator.java |  9 +++
 .../realm/MessageDigestCredentialHandler.java  |  6 ++---
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  4 ++--
 .../http/fileupload/util/mime/MimeUtility.java |  5 ++--
 .../tomcat/util/http/parser/StructuredField.java   |  4 ++--
 java/org/apache/tomcat/util/net/jsse/PEMFile.java  |  7 +++---
 .../tomcat/websocket/WsWebSocketContainer.java |  4 ++--
 .../tomcat/websocket/server/UpgradeUtil.java   | 28 +++---
 .../authenticator/TestAuthInfoResponseHeaders.java |  4 ++--
 .../TestNonLoginAndBasicAuthenticator.java |  4 ++--
 .../TestSSOnonLoginAndBasicAuthenticator.java  |  4 ++--
 .../core/TestPropertiesRoleMappingListener.java|  4 ++--
 .../filters/TestRestCsrfPreventionFilter2.java |  4 ++--
 test/org/apache/coyote/http2/Http2TestBase.java|  4 ++--
 webapps/docs/changelog.xml |  8 +++
 15 files changed, 47 insertions(+), 52 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index 6377416ea4..ab4a8c3287 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -22,6 +22,7 @@ import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Base64;
 import java.util.LinkedHashMap;
 import java.util.regex.Pattern;
 
@@ -38,7 +39,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.compat.JreVendor;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
@@ -166,8 +166,9 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 
 authorizationBC.setOffset(authorizationBC.getOffset() + 10);
 
-byte[] decoded = Base64.decodeBase64(authorizationBC.getBuffer(), 
authorizationBC.getOffset(),
-authorizationBC.getLength());
+byte[] encoded = new byte[authorizationBC.getLength()];
+System.arraycopy(authorizationBC.getBuffer(), 0, encoded, 0, 
authorizationBC.getLength());
+byte[] decoded = Base64.getDecoder().decode(encoded);
 
 if (getApplyJava8u40Fix()) {
 SpnegoTokenFixer.fix(decoded);
@@ -264,7 +265,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 }
 
 // Send response token on success and failure
-response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " " 
+ Base64.encodeBase64String(outToken));
+response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " " 
+ Base64.getEncoder().encodeToString(outToken));
 
 if (principal != null) {
 register(request, response, principal, Constants.SPNEGO_METHOD, 
principal.getName(), null);
diff --git a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java 
b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
index 7945af8490..e3aa771d60 100644
--- a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
+++ b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
@@ -21,12 +21,12 @@ import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
+import java.util.Base64;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.HexUtils;
-import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.security.ConcurrentMessageDigest;
 
 /**
@@ -110,7 +110,7 @@ public class MessageDigestCredentialHandler extends 
DigestCredentialHandlerBase
 String base64ServerDigest = storedCredentials.substring(5);
 byte[] userDigest = 
ConcurrentMessageDigest.digest(getAlgorithm(),
 
inputCredentials.getBytes(StandardCharsets.ISO_8859_1));
-String base64UserDigest = 
Base64.encodeBase64String(userDigest);
+String base64UserDigest = 
Base64.getEncoder().encodeToString(userDigest);
 
 return DigestCredentialHandlerBase.equals(base64UserDigest,

svn commit: r1917033 - in /tomcat/site/trunk: ./ docs/ xdocs/

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 14:38:49 2024
New Revision: 1917033

URL: http://svn.apache.org/viewvc?rev=1917033=rev
Log:
Website update for 11.0.0-M19

Modified:
tomcat/site/trunk/build.properties.default
tomcat/site/trunk/docs/download-11.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-11.0.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/download-11.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-11.0.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1917033=1917032=1917033=diff
==
--- tomcat/site/trunk/build.properties.default (original)
+++ tomcat/site/trunk/build.properties.default Tue Apr 16 14:38:49 2024
@@ -39,7 +39,7 @@ tomcat.loc=https://downloads.apache.org/
 tomcat8.5=8.5.100
 tomcat9.0=9.0.87
 tomcat10.1=10.1.20
-tomcat11.0=11.0.0-M17
+tomcat11.0=11.0.0-M19
 
 # - Download destination -
 tomcat-site-docs.home=${base.path}/tomcat-site-docs/

Modified: tomcat/site/trunk/docs/download-11.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-11.html?rev=1917033=1917032=1917033=diff
==
--- tomcat/site/trunk/docs/download-11.html (original)
+++ tomcat/site/trunk/docs/download-11.html Tue Apr 16 14:38:49 2024
@@ -19,7 +19,7 @@
 
   Quick Navigation
 
-[define v]11.0.0-M18[end]
+[define v]11.0.0-M19[end]
 https://downloads.apache.org/tomcat/tomcat-11/KEYS;>KEYS |
 [v] (alpha) |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1917033=1917032=1917033=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Tue Apr 16 14:38:49 2024
@@ -34,6 +34,34 @@ wiki page.
 Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
 project logo are trademarks of the Apache Software Foundation.
 
+2024-04-16 Tomcat 11.0.0-M19 Released
+
+The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M19
+(alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
+Jakarta EE 11.
+Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
+Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
+Foundation, the primary package for all implemented APIs has changed from
+javax.* to jakarta.*. This will almost certainly
+require code changes to enable applications to migrate from Tomcat 9 and 
earlier
+to Tomcat 10 and later. A
+https://github.com/apache/tomcat-jakartaee-migration;>migration
+tool is available to aid this process.
+The notable changes in this release are:
+
+Finalize update to the Jakarta EE 11 specifications.
+Cookies header generation enhancements.
+Fix regression when reloading TLS configuration and files. 
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 11
+(alpha) changelog.
+
+
+
+https://tomcat.apache.org/download-11.cgi;>Download
+
 2024-03-25 Tomcat 10.1.20 Released
 
 The Apache Tomcat Project is proud to announce the release of version 10.1.20
@@ -128,39 +156,6 @@ changelog.
 
 https://tomcat.apache.org/download-90.cgi;>Download
 
-2024-03-14 Tomcat 11.0.0-M18 Released
-
-The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M18
-(alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
-Jakarta EE 11.
-Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
-Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
-Foundation, the primary package for all implemented APIs has changed from
-javax.* to jakarta.*. This will almost certainly
-require code changes to enable applications to migrate from Tomcat 9 and 
earlier
-to Tomcat 10 and later. A
-https://github.com/apache/tomcat-jakartaee-migration;>migration
-tool is available to aid this process.
-The notable changes in this release are:
-
-Reduce minimum Java version to Java 17
-When restoring a saved POST request after a successful FORM
-authentication, ensure that neither the URI, the query string no
-the protocol are corrupted when restoring the request body.
-Align error handling for Writer and OutputStream. Ensure use of either
-once the response has been recycled triggers a NullPointerException
-provided that discardFacades is configured with the default value of
-true. 
-
-
-Full details of these changes, and all the other changes, are available in the
-Tomcat 11
-(alpha) changelog.
-
-
-

(tomcat) 02/02: Deprecate the internal fork of Commons Codec

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 972f2913c46e6312cdba5d4d1e2a9362db778be4
Author: Mark Thomas 
AuthorDate: Tue Apr 16 15:37:40 2024 +0100

Deprecate the internal fork of Commons Codec
---
 java/org/apache/tomcat/util/codec/binary/Base64.java   | 3 +++
 java/org/apache/tomcat/util/codec/binary/BaseNCodec.java   | 3 +++
 java/org/apache/tomcat/util/codec/binary/StringUtils.java  | 3 +++
 java/org/apache/tomcat/util/codec/binary/package-info.java | 2 ++
 webapps/docs/changelog.xml | 4 +++-
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java 
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index e38bf3df17..5f6fdbd7a5 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -46,7 +46,10 @@ package org.apache.tomcat.util.codec.binary;
  *
  * @see http://www.ietf.org/rfc/rfc2045.txt;>RFC 2045
  * @since 1.0
+ *
+ * @deprecated Unused. This class will be removed in Tomcat 11 onwards.
  */
+@Deprecated
 public class Base64 extends BaseNCodec {
 
 /**
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 7492773fe0..2eaa78e940 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -27,7 +27,10 @@ import org.apache.tomcat.util.res.StringManager;
  * 
  * This class is thread-safe.
  * 
+ *
+ * @deprecated Unused. This class will be removed in Tomcat 11 onwards.
  */
+@Deprecated
 public abstract class BaseNCodec {
 
 protected static final StringManager sm = 
StringManager.getManager(BaseNCodec.class);
diff --git a/java/org/apache/tomcat/util/codec/binary/StringUtils.java 
b/java/org/apache/tomcat/util/codec/binary/StringUtils.java
index ab050f3509..619964105b 100644
--- a/java/org/apache/tomcat/util/codec/binary/StringUtils.java
+++ b/java/org/apache/tomcat/util/codec/binary/StringUtils.java
@@ -29,7 +29,10 @@ import java.nio.charset.StandardCharsets;
  * @see Charset
  * @see StandardCharsets
  * @since 1.4
+ *
+ * @deprecated Unused. This class will be removed in Tomcat 11 onwards.
  */
+@Deprecated
 public class StringUtils {
 
 /**
diff --git a/java/org/apache/tomcat/util/codec/binary/package-info.java 
b/java/org/apache/tomcat/util/codec/binary/package-info.java
index 605aeded44..c41bd15a4e 100644
--- a/java/org/apache/tomcat/util/codec/binary/package-info.java
+++ b/java/org/apache/tomcat/util/codec/binary/package-info.java
@@ -17,5 +17,7 @@
 
 /**
  * Base64 String encoding and decoding.
+ *
+ * Unused. This package will be removed in Tomcat 11 onwards.
  */
 package org.apache.tomcat.util.codec.binary;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f946c6f347..423e024c74 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -141,7 +141,9 @@
 
   
 Switch to using the Base64 encoder and decoder provided by the JRE
-rather than the version provided by Commons Codec. (markt)
+rather than the version provided by Commons Codec. The internal fork of
+Commons Codec has been deprecated and will be removed in Tomcat 11.
+(markt)
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917036 - in /tomcat/site/trunk: ./ docs/ xdocs/

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 14:51:28 2024
New Revision: 1917036

URL: http://svn.apache.org/viewvc?rev=1917036=rev
Log:
Website update for 9.0.88

Modified:
tomcat/site/trunk/build.properties.default
tomcat/site/trunk/docs/doap_Tomcat.rdf
tomcat/site/trunk/docs/download-90.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-9.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/doap_Tomcat.rdf
tomcat/site/trunk/xdocs/download-90.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-9.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1917036=1917035=1917036=diff
==
--- tomcat/site/trunk/build.properties.default (original)
+++ tomcat/site/trunk/build.properties.default Tue Apr 16 14:51:28 2024
@@ -37,7 +37,7 @@ tomcat.loc=https://downloads.apache.org/
 
 # - Tomcat versions -
 tomcat8.5=8.5.100
-tomcat9.0=9.0.87
+tomcat9.0=9.0.88
 tomcat10.1=10.1.20
 tomcat11.0=11.0.0-M19
 

Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1917036=1917035=1917036=diff
==
--- tomcat/site/trunk/docs/doap_Tomcat.rdf (original)
+++ tomcat/site/trunk/docs/doap_Tomcat.rdf Tue Apr 16 14:51:28 2024
@@ -74,8 +74,8 @@
 
   
 Latest Stable 9.0.x Release
-2024-03-14
-9.0.87
+2024-04-16
+9.0.88
   
 
 

Modified: tomcat/site/trunk/docs/download-90.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-90.html?rev=1917036=1917035=1917036=diff
==
--- tomcat/site/trunk/docs/download-90.html (original)
+++ tomcat/site/trunk/docs/download-90.html Tue Apr 16 14:51:28 2024
@@ -10,7 +10,7 @@
 
   Quick Navigation
 
-[define v]9.0.87[end]
+[define v]9.0.88[end]
 https://downloads.apache.org/tomcat/tomcat-9/KEYS;>KEYS |
 [v] |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1917036=1917035=1917036=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Tue Apr 16 14:51:28 2024
@@ -34,6 +34,24 @@ wiki page.
 Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
 project logo are trademarks of the Apache Software Foundation.
 
+2024-04-16 Tomcat 9.0.88 Released
+
+The Apache Tomcat Project is proud to announce the release of version 9.0.88
+of Apache Tomcat. This release implements specifications that are part of the
+Java EE 8 platform. The notable changes compared to 9.0.87 include:
+
+Cookies header generation enhancements.
+Fix regression when reloading TLS configuration and files.
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 9
+changelog.
+
+
+
+https://tomcat.apache.org/download-90.cgi;>Download
+
 2024-04-16 Tomcat 11.0.0-M19 Released
 
 The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M19

Modified: tomcat/site/trunk/docs/migration-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1917036=1917035=1917036=diff
==
--- tomcat/site/trunk/docs/migration-9.html (original)
+++ tomcat/site/trunk/docs/migration-9.html Tue Apr 16 14:51:28 2024
@@ -470,7 +470,8 @@ versions of Apache Tomcat9.0.83
 9.0.84
 9.0.85
-9.0.86
+9.0.86
+9.0.87
 , new version:
 
 9.0.0-M1
@@ -560,7 +561,8 @@ versions of Apache Tomcat9.0.84
 9.0.85
 9.0.86
-9.0.87
+9.0.87
+9.0.88
 trunk (unreleased)
 
 

Modified: tomcat/site/trunk/docs/oldnews.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews.html?rev=1917036=1917035=1917036=diff
==
--- tomcat/site/trunk/docs/oldnews.html (original)
+++ tomcat/site/trunk/docs/oldnews.html Tue Apr 16 14:51:28 2024
@@ -18,6 +18,32 @@
   year 2011
   year 2010
 
+2024-03-14 Tomcat 9.0.87 Released
+
+The Apache Tomcat Project is proud to announce the release of version 9.0.87
+of Apache Tomcat. This release implements specifications that are part of the
+Java EE 8 platform. The notable changes compared to 9.0.86 include:
+
+When restoring a saved POST request after a successful FORM
+authentication, ensure that neither the URI, the query string nor
+the protocol are

svn commit: r68584 - /release/tomcat/tomcat-11/KEYS

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 15:05:29 2024
New Revision: 68584

Log:
Add my key to the top level KEYS (just in case)

Modified:
release/tomcat/tomcat-11/KEYS

Modified: release/tomcat/tomcat-11/KEYS
==
--- release/tomcat/tomcat-11/KEYS (original)
+++ release/tomcat/tomcat-11/KEYS Tue Apr 16 15:05:29 2024
@@ -451,3 +451,63 @@ wgS+SH6oAHlGwpxhhzXBlqZsHXm+w+2oazWUhxFF
 yZUcTCEB33B2jQ9z0XUEp+6B2F5iZQ==
 =4AB7
 -END PGP PUBLIC KEY BLOCK-
+
+pub   rsa4096 2019-05-05 [SC]
+  48F8 E69F 6390 C9F2 5CFE  DCD2 6824 8959 359E 722B
+uid   [ultimate] Remy Maucherat 
+sig 368248959359E722B 2019-05-05  Remy Maucherat 
+sub   rsa4096 2019-05-05 [E]
+sig  68248959359E722B 2019-05-05  Remy Maucherat 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+
+mQINBFzO4ecBEACVS86VyuTSJmLmApi92R6D3/L3EIBFXhagJbrLkodkTuG9efYo
+vM1DJPWEFs5kux8a8UPwn2gbQFPJg1AH77GqjP8gtn0KHQvXgYC9+7cTqDl6C7k9
+n3BkB9bRIhHileYyIJfnycjJdrGFEmwGu0pBOEdr01R0kFprqYu9DwcD6oUvmZRn
+OMoQQeLEC0cw/VzJ/ZqzJwO0t+rMCozqJ9/BfJZUqwijDZnJAZWnIVxjqxrUgyYA
+5/0g9X8YHrIz09XuzaE64VAl0q3nrFJWvDCwE/ZM7w8jlUqtQgLu4K2U82G0YXw3
+KJ1EbigEmtEohu6HVnAToCJuOnQ8m0rZxbyNMeYF9pyohdFEca4I0B8Evy2dYFnJ
+Y2gghuU80vct54536WWz9mAjKwBFQUtxX0EjYrYN9ckzCK6fRqrnVv0USVp7N/ZY
+PQkOEJSdmRdpvTMwfCuAyT0/3cxuC7NyAWiZDXJv7OVcDr/REfWAA7XMQOErwdGJ
+gViG58YhLw0Pgdumg+prqQXowzlRzGAsV5VntCh+4LV8/ESmvWAE3V+jgZFB3cSp
+g58NKjp1EwKwX6BCICyX+Oe03cnlC0UJ7S9FccrjNrkiwxxOVAnmy4kxX/P3Cuqc
+C/b6BeeUA1hBNWNe42mr6YczS+dhpCSUVWQJp/TxdoXA2fGG1OS1FMaICwARAQAB
+tCBSZW15IE1hdWNoZXJhdCA8cmVtbUBhcGFjaGUub3JnPokCOAQTAQIAIgUCXM7h
+5wIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQaCSJWTWecisVSA/9Eh3h
+0jeyy51rA1nqq9imbH0YC85A/wZjhb06UXwWBPozJR8UJsOJZ7kBzCW4gfkC9zTD
+GStSHHAej9o96FHVRLzCyjaaZVuRUl2qCz9U+pnGMxb5aRNVAQ/wE10hHu3Yc+48
+cc0sPCCPMdshAj1VOHczTU/LSv21TWBaKO3NMV9KilPzKvXHdPFYssVcUt2NgQLm
+2Bx/ELTCVj5c9Ih2cz3T7kxf8LKsGALIfjcp8g9DlvMjVLKBFZqU94C4V0mba2Fd
+6xHpdmcgMbSNo6poQ0M0O7CN5qVJFm/v4ZDooLNWRMeL66oen3LrZ8HRpPxfic77
+JLKn60dywuYU8WYp7cV+3AnaDn/ggvC1x79LSmX4PFyG9/F5M7gp0HFrVdyc0nBo
+UTejZXehwKrfvF/isPf7pUv2fGXwg07zTz8OMLQo4h9poB5YuuinjuxjBfmc2AvB
+WbRcKNvHXHUlaVeK+VvohfPuetJESS4YB7fLMQPdGIckDFQub4SvXPNPPToLsbDB
+2GGguqhwWD9ECa2o1RqX8LnCdB71uBcyiW8UIkLxwaygsciVm7SFz+pqAKJgzWwI
+AsVYVOIKdq0GWaLDtMGJGQFfxuMVmMGGbvueAMcOCSSsGemkElan33VS8Zu1sjeY
+P0Jt4ws6gcbUHI27l5Pvk06uWzaN8uyXGA03d4y5Ag0EXM7h5wEQALG3oikRAQqf
+um+wW6oW2d1mIk0PtnC3l3/kGTA92kIqJzQ3Ua0mFaVGxdg2J/I1MF7HdlZJbGyP
+5b0PdbSjLHFbQfFD6LHsLw9StVrkjbBKYaP0gRWxEIHMN4Qv01I2Lyc9ONlMjUIf
+xNK/AG6oT/Ia53VVET78HOj01L7JjBAPuW8UPoy27s2gQ02smbA7iRUeZ3dpN2fy
+027aKbimIl1ZrxJbcbxw29PXWJZP+CxJEnqwEw78QbqSsFMAhR9wZHTfEtUzYy6h
+hyngwYQ+iBnB+1cYTEB9KbWWpP5n12iuRin77r2RwrHYAW/RUILK2rOJqPcIg6CX
+P1o9UKPeN5QE/ScU5427XKZZscaQrvBPoN3G2RWmMuHM2cchXgRRMMaSvufocLjj
+gKj/aPUDCkvJ5MyTNtMfVDx0Tw3aQpf2Fr1L1Hu2GyBqifioZGdzLL0LtdeXzkJy
+nZGj/L5jzIlNBnQG97rgCuPflbIl2S1izNexnuX2Z1dcyS2MTrj3nnK6HoW+gvCc
+oqq01S410wxaAUidJeGwLzgUa9Ig+6BVPT7sZrbc0IoNP+JdoqPxiEkqy4Msy9WJ
+RVeJM520Q2T1YM7xm/4E8C7H+Fis5u4GNswk5qsXEOyLcHBzGEik3BDylp+sJ6/F
+DuAN7k64RV2m+lKpjngiKZxo9LmqnsWTABEBAAGJAh8EGAECAAkFAlzO4ecCGwwA
+CgkQaCSJWTWecishvg//ZDuhkbSUgIIjG9Rzq3cHNxZ4sFrUwL19AtGNktiwt0QA
+GCKPnf4SdHZGKSeOqUHeDT/l/5l4Xc/JgRk/t2bEeC3cHE/Xc5V6I2n28HQiJScX
+UJdnO3QdTCMEYVedu/9JhmA37eznQhm+UAcxT9tew3nSd0KkkMQyW6YpBEgcdsFd
+aLiFPzbySjRWplyCdELPRFtW2ZHnJ5gVGYZ060EOHcdPb/4Gz/mA6dIjQ5N+vKlA
+GNdYZgv3w4NRGLmni5T7jDAY6T2CJXxvcgfYfh3oY3aiZaWzKKQyLEVaoZ6dJbsm
+mi2if7MZ/SVCMdM3MXiRpCeyyw9MTylGzgwbDYSz2ZkGvy9k+1M75q5QEfvVM8R3
+guaBJR+e4fkfsRBUAqwmHy8TrXghf5eOCsJx/9yyRXvK4tnwSBUIzFa1q0POESul
+jFWYFkvRjKIYfFWS6cY37sPNLvEQQmP2O07ttaYfIXcMcVF+HsDBUftGRWIkkPn2
+LucW7f0Lqlbv/mlJpqByz522jmJRNFLVQh87LYz91FgsLAgDkPpi8mzRrEfb2nHD
++PIKpoO499AKQ8hETMbfzmpJUIV2Bhd7OqKDSf+yHiYSje9evofP+4lDUx3u7tQ3
+4OUzLqBRVrhFDI9keHnhOFMJSrnrpXe7Cm9JujvTX/hy2iOpTOuflj0Djsc8dnQ=
+=l4Ry
+-END PGP PUBLIC KEY BLOCK-
+
+



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: jakartaee/servlet pom.xml

2024-04-16 Thread Mark Thomas 

How is this an Apache Tomcat issue?

Mark


On 16/04/2024 07:41, xulin y wrote:

Hi,

System OS: Windows 10
Maven: 3.9.6
Java: 17.0.1

When I was "mvn install" jakartaee/servlet on my desktop. I found 
https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37  can give me exception. This is because https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/  does not have jakarta.servlet-api 6.1.0

image.png
I use 6.1.0-SNAPSHOT on my desktop instead. Could you take a look at this?

Appendix:
[ERROR] Failed to execute goal on project tck-runtime: Could not resolve 
dependencies for project jakarta.servlet:tck-runtime:jar:6.1.0-SNAPSHOT: 
The following artifacts could not be resolved: 
jakarta.servlet:jakarta.servlet-api:jar:6.1.0 (absent): 
jakarta.servlet:jakarta.servlet-api:jar:6.1.0 was not found


By Xulin Yang
Kind Regards


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

jakartaee/servlet pom.xml

2024-04-16 Thread xulin y 
Hi,

System OS: Windows 10
Maven: 3.9.6
Java: 17.0.1

When I was "mvn install" jakartaee/servlet on my desktop. I found
https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37
can give me exception. This is because
https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/
does not have jakarta.servlet-api 6.1.0
[image: image.png]
I use 6.1.0-SNAPSHOT on my desktop instead. Could you take a look at this?

Appendix:
[ERROR] Failed to execute goal on project tck-runtime: Could not resolve
dependencies for project jakarta.servlet:tck-runtime:jar:6.1.0-SNAPSHOT:
The following artifacts could not be resolved:
jakarta.servlet:jakarta.servlet-api:jar:6.1.0 (absent):
jakarta.servlet:jakarta.servlet-api:jar:6.1.0 was not found

By Xulin Yang
Kind Regards

Re: jakartaee/servlet pom.xml

2024-04-16 Thread xulin y 
Hi,

I refer to this commit:
https://github.com/jakartaee/servlet/commit/1455686360e118a68a545fb2e1b74f1c79abcfb5

By Xulin Yang
Kind Regards

Mark Thomas  于2024年4月16日周二 15:20写道:

> The list drops images. What changed?
>
> Mark
>
>
> On 16/04/2024 07:52, xulin y wrote:
> > Hi,
> >
> > image.png
> > You can see this version was changed from 6.1.0-M2 to 6.1.0 on 2024 Mar
> > 27 while 6.1.0 is not present in
> >
> https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/
>  >
> > image.png
> >
> > By Xulin Yang
> > Kind Regards
> >
> > Mark Thomas mailto:ma...@apache.org>> 于2024年4月16日
> > 周二 14:48写道:
> >
> > How is this an Apache Tomcat issue?
> >
> > Mark
> >
> >
> > On 16/04/2024 07:41, xulin y wrote:
> >  > Hi,
> >  >
> >  > System OS: Windows 10
> >  > Maven: 3.9.6
> >  > Java: 17.0.1
> >  >
> >  > When I was "mvn install" jakartaee/servlet on my desktop. I found
> >  >
> >
> https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37
> <
> https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37>
> <
> https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37
> <
> https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37>>
> can give me exception. This is because
> https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/
> 
>  >
> does not have jakarta.servlet-api 6.1.0
> >  > image.png
> >  > I use 6.1.0-SNAPSHOT on my desktop instead. Could you take a look
> > at this?
> >  >
> >  > Appendix:
> >  > [ERROR] Failed to execute goal on project tck-runtime: Could not
> > resolve
> >  > dependencies for project
> > jakarta.servlet:tck-runtime:jar:6.1.0-SNAPSHOT:
> >  > The following artifacts could not be resolved:
> >  > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 (absent):
> >  > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 was not found
> >  >
> >  > By Xulin Yang
> >  > Kind Regards
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > 
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> > 
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: jakartaee/servlet pom.xml

2024-04-16 Thread xulin y 
Hi,

[image: image.png]
You can see this version was changed from 6.1.0-M2 to 6.1.0 on 2024 Mar 27
while 6.1.0 is not present in
https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/
[image: image.png]

By Xulin Yang
Kind Regards

Mark Thomas  于2024年4月16日周二 14:48写道:

> How is this an Apache Tomcat issue?
>
> Mark
>
>
> On 16/04/2024 07:41, xulin y wrote:
> > Hi,
> >
> > System OS: Windows 10
> > Maven: 3.9.6
> > Java: 17.0.1
> >
> > When I was "mvn install" jakartaee/servlet on my desktop. I found
> >
> https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37
> <
> https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37>
> can give me exception. This is because
> https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/
> 
> does not have jakarta.servlet-api 6.1.0
> > image.png
> > I use 6.1.0-SNAPSHOT on my desktop instead. Could you take a look at
> this?
> >
> > Appendix:
> > [ERROR] Failed to execute goal on project tck-runtime: Could not resolve
> > dependencies for project jakarta.servlet:tck-runtime:jar:6.1.0-SNAPSHOT:
> > The following artifacts could not be resolved:
> > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 (absent):
> > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 was not found
> >
> > By Xulin Yang
> > Kind Regards
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Base64 and BASIC authentication

2024-04-16 Thread Mark Thomas 

Hi all,

TL;DR - we need to tighten up parsing of BASIC authentication headers.

When I switched out Tomcat's Base64 handling for the built-in JRE 
handling, I noticed that BASIC authentication was using a very relaxed 
version of the Base64 decoder. That seemed odd, so I replaced it with 
the standard Base64 decoder. That broke a bunch of tests so I switched 
to the MIME decoder (the most relaxed) which fixed most - but not all - 
of the issues. Then I started look at what the tests were testing and 
the relevant RFCs.


The current RFC for HTTP BASIC authentication is RFC 7617. This in turn 
references numerous other RFCs, most notably RFC 7235 (HTTP 
Authentication) and RFC 4648 (Base64). Taken together these require that 
the format of the Authorization header is:

- The token "Basic"
- Exactly 1 space
- The base64 encoding of username:password

Tomcat's current implementation is based on RFC 2617 and allows the 
following:

- white space around the base64
- allows embedded line breaks in the base64
- missing padding
- illegal characters in the base64 (ignored)
- illegal characters in the base64 padding (ignored)
- excessive padding
- whitespace around the decoded password

I don't see any of the above causing issues apart from the last one 
which prevents the use of passwords with leading or trailing whitespace. 
This is mostly of a cleaning up exercise so the switch to Java's base64 
decoder is simpler.


Before I merge the change to use the JRE's Base64 encoder, I intend to 
tighten up the parsing of Basic authentication headers. I intend to do 
this for all currently supported versions.


Any objections?

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: jakartaee/servlet pom.xml

2024-04-16 Thread Mark Thomas 

The list drops images. What changed?

Mark


On 16/04/2024 07:52, xulin y wrote:

Hi,

image.png
You can see this version was changed from 6.1.0-M2 to 6.1.0 on 2024 Mar 
27 while 6.1.0 is not present in 
https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/ 

image.png

By Xulin Yang
Kind Regards

Mark Thomas mailto:ma...@apache.org>> 于2024年4月16日 
周二 14:48写道:


How is this an Apache Tomcat issue?

Mark


On 16/04/2024 07:41, xulin y wrote:
 > Hi,
 >
 > System OS: Windows 10
 > Maven: 3.9.6
 > Java: 17.0.1
 >
 > When I was "mvn install" jakartaee/servlet on my desktop. I found
 >
https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37 
 
> can give me exception. 
This is because https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/ 
 
> does not have 
jakarta.servlet-api 6.1.0
 > image.png
 > I use 6.1.0-SNAPSHOT on my desktop instead. Could you take a look
at this?
 >
 > Appendix:
 > [ERROR] Failed to execute goal on project tck-runtime: Could not
resolve
 > dependencies for project
jakarta.servlet:tck-runtime:jar:6.1.0-SNAPSHOT:
 > The following artifacts could not be resolved:
 > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 (absent):
 > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 was not found
 >
 > By Xulin Yang
 > Kind Regards

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 11.0.0-M19

2024-04-16 Thread Rainer Jung 

Am 09.04.24 um 15:13 schrieb Rémy Maucherat:

The proposed Apache Tomcat 11.0.0-M19 release is now available for
voting.

Apache Tomcat 11.0.0-M19 is a milestone release of the 11.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 11.0.x so that they may provide feedback. The notable
changes compared to the previous milestone include:

- Finalize update to the Jakarta EE 11 specifications.

- Cookies header generation enhancements.

- Fix regression when reloading TLS configuration and files.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. Applications using deprecated APIs may require
further changes.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M19/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1488

The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M19
19e301275f23056e3c46ab296c87cf6e16fbe68f

The proposed 11.0.0-M19 release is:
[ ] -1 Broken - do not release
[X] +1 Alpha  - go ahead and release as 11.0.0-M19


Thanks for RM!

Rainer

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Update Basic authentication to RFC 7617

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new edaf5efd93 Update Basic authentication to RFC 7617
edaf5efd93 is described below

commit edaf5efd93f9ff409630bc2338f21e1a60abbf73
Author: Mark Thomas 
AuthorDate: Tue Apr 16 12:10:52 2024 +0100

Update Basic authentication to RFC 7617
---
 .../catalina/authenticator/BasicAuthenticator.java |  45 --
 .../authenticator/TestBasicAuthParser.java | 173 ++---
 webapps/docs/changelog.xml |   7 +
 webapps/docs/config/valve.xml  |   4 +-
 4 files changed, 121 insertions(+), 108 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java 
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index acdf084051..63ac050f69 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.Principal;
+import java.util.Base64;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -29,7 +30,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
 
 /**
  * An Authenticator and Valve implementation of HTTP BASIC 
Authentication, as outlined in RFC 7617: "The
@@ -43,7 +43,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
 
 private Charset charset = StandardCharsets.ISO_8859_1;
 private String charsetString = null;
-private boolean trimCredentials = true;
+private boolean trimCredentials = false;
 
 
 public String getCharset() {
@@ -64,11 +64,27 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 
+/**
+ * Obtain the current setting for the removal of whitespace around the 
decoded user name and password.
+ *
+ * @return {@code true} if white space will be removed around the decoded 
user name and password
+ *
+ * @deprecated Will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public boolean getTrimCredentials() {
 return trimCredentials;
 }
 
 
+/**
+ * Configures trimming of whitespace around the decoded user name and 
password.
+ *
+ * @param trimCredentials {@code true} to remove white space around the 
decoded user name and password
+ *
+ * @deprecated Will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public void setTrimCredentials(boolean trimCredentials) {
 this.trimCredentials = trimCredentials;
 }
@@ -155,31 +171,29 @@ public class BasicAuthenticator extends AuthenticatorBase 
{
 private String password = null;
 
 /**
- * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 2617 section 2, and the Base64
- * encoded credentials as per RFC 2045 section 6.8.
+ * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 7617.
  *
  * @param input   The header value to parse in-place
  * @param charset The character set to use to convert the bytes to a 
string
  *
- * @throws IllegalArgumentException If the header does not conform to 
RFC 2617
- *
- * @deprecated Unused. Will be removed in Tomcat 10. Use 3-arg 
constructor
+ * @throws IllegalArgumentException If the header does not conform to 
RFC 7617
  */
-@Deprecated
 public BasicCredentials(ByteChunk input, Charset charset) throws 
IllegalArgumentException {
-this(input, charset, true);
+this(input, charset, false);
 }
 
 /**
- * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 2617 section 2, and the Base64
- * encoded credentials as per RFC 2045 section 6.8.
+ * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 7617.
  *
  * @param input   The header value to parse in-place
  * @param charset The character set to use to convert the 
bytes to a string
  * @param trimCredentials Should leading and trailing whitespace be 
removed from the parsed credentials
  *
- * @throws IllegalArgumentException If the header does not conform to 
RFC 2617
+ * @throws IllegalArgumentException If the header does not conform to 
RFC 7617
+ *
+ * @deprecated Will be removed in Tomcat 11 onwards
  */
+@Deprecated
 public BasicCredentials(ByteChunk

[Bug 68901] New: Coyote is hardcoded to drop connections on 400|408|411|414|500|503|501 which should be configurable for application level errors to prevent expensive TLS handshake/resumption on recon

2024-04-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=68901

Bug ID: 68901
   Summary: Coyote is hardcoded to drop connections on
400|408|411|414|500|503|501 which should be
configurable for application level errors to prevent
expensive TLS handshake/resumption on reconnect
   Product: Tomcat 10
   Version: unspecified
  Hardware: All
OS: Linux
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: alessandro.vermeu...@ing.com
  Target Milestone: --

Overview:

Currently Coyote is hardcoded to drop connections when a request generates a
response with one of the following status codes:  400|408|411|414|500|503|501.
This behaviour has been around for at least 15 years and has been copied from
Apache HTTPd[1]. It makes sense in case the server itself is the origin of the
error responses.

However, in our case we have plenty of scenarios we have applications returning
generic 500 responses on generic errors, causing connections to drop and
subsequent reconnects. Status codes 503 and 501 also seem to cases which should
be handled just fine without needing to reset the connection.

We terminate TLS in the application where even session resumption is expensive
and a full TLS handshake is even more expensive. 

Together with Tomcat dropping the connections on 500 errors this leads to
cascade failures where spurious load-related errors cause a spike in CPU usage
which can trigger further errors, further consuming CPU until most CPU is used
to handle TLS connections instead of actual value.

We suggest to make the the behaviour to drop connections is configurable.
Either to completely disable it, or to make the status codes configurable.

[1]:
https://github.com/apache/tomcat/blame/bc900e0100de9879604b93af4722c272ab3d1a24/java/org/apache/coyote/http11/Http11Processor.java#L604-L617
```
/**
 * Determine if we must drop the connection because of the HTTP status
code. Use the same list of codes as
 * Apache/httpd.
 */
private static boolean statusDropsConnection(int status) {
return status == 400 /* SC_BAD_REQUEST */ || status == 408 /*
SC_REQUEST_TIMEOUT */ ||
status == 411 /* SC_LENGTH_REQUIRED */ || status == 413 /*
SC_REQUEST_ENTITY_TOO_LARGE */ ||
status == 414 /* SC_REQUEST_URI_TOO_LONG */ || status == 500 /*
SC_INTERNAL_SERVER_ERROR */ ||
status == 503 /* SC_SERVICE_UNAVAILABLE */ || status == 501 /*
SC_NOT_IMPLEMENTED */;
}
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 68901] Coyote is hardcoded to drop connections on 400|408|411|414|500|503|501 which should be configurable for application level errors to prevent expensive TLS handshake/resumption on reconnect

2024-04-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=68901

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Correct RM for 11.0.0-M19

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 62e5237261 Correct RM for 11.0.0-M19
62e5237261 is described below

commit 62e5237261ea71393e5a45edc44f2b021be6c3ac
Author: Mark Thomas 
AuthorDate: Tue Apr 16 11:58:27 2024 +0100

Correct RM for 11.0.0-M19
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 73dc64ce03..8be61d7d88 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,7 +133,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Move entry to correct version

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 789f056a9c Move entry to correct version
789f056a9c is described below

commit 789f056a9cf0275251bb8196631bc4b88f260357
Author: Mark Thomas 
AuthorDate: Tue Apr 16 12:10:52 2024 +0100

Move entry to correct version
---
 webapps/docs/changelog.xml | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4ec65bc19f..9e62e190f7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,13 @@
 68890 Align output encoding of JSPs in the Manager webapp
 with the XML declarations in those same files. (schultz)
   
+  
+Update Basic authentication to implement the requirements of RFC 7617
+including the changing of the trimCredentials setting 
which
+is now defaults to false. Note that the
+trimCredentials setting will be removed in Tomcat 11.
+(markt)
+  
 
   
 
@@ -160,13 +167,6 @@
 68862: Handle possible response commit when processing read
 errors. (remm)
   
-  
-Update Basic authentication to implement the requirements of RFC 7617
-including the changing of the trimCredentials setting 
which
-is now defaults to false. Note that the
-trimCredentials setting will be removed in Tomcat 11.
-(markt)
-  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Update Basic authentication to RFC 7617

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new e2a0578de1 Update Basic authentication to RFC 7617
e2a0578de1 is described below

commit e2a0578de1b0f15a3de078f14a3004a09e17921a
Author: Mark Thomas 
AuthorDate: Tue Apr 16 11:55:49 2024 +0100

Update Basic authentication to RFC 7617
---
 .../catalina/authenticator/BasicAuthenticator.java |  47 +-
 .../authenticator/TestBasicAuthParser.java | 173 ++---
 webapps/docs/changelog.xml |   7 +
 webapps/docs/config/valve.xml  |   4 +-
 4 files changed, 130 insertions(+), 101 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java 
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index dd8e3c751f..7060cca97c 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.Principal;
+import java.util.Base64;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -29,7 +30,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
 
 /**
  * An Authenticator and Valve implementation of HTTP BASIC 
Authentication, as outlined in RFC 7617: "The
@@ -43,7 +43,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
 
 private Charset charset = StandardCharsets.ISO_8859_1;
 private String charsetString = null;
-private boolean trimCredentials = true;
+private boolean trimCredentials = false;
 
 
 public String getCharset() {
@@ -64,11 +64,27 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 
+/**
+ * Obtain the current setting for the removal of whitespace around the 
decoded user name and password.
+ *
+ * @return {@code true} if white space will be removed around the decoded 
user name and password
+ *
+ * @deprecated Will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public boolean getTrimCredentials() {
 return trimCredentials;
 }
 
 
+/**
+ * Configures trimming of whitespace around the decoded user name and 
password.
+ *
+ * @param trimCredentials {@code true} to remove white space around the 
decoded user name and password
+ *
+ * @deprecated Will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public void setTrimCredentials(boolean trimCredentials) {
 this.trimCredentials = trimCredentials;
 }
@@ -155,15 +171,29 @@ public class BasicAuthenticator extends AuthenticatorBase 
{
 private String password = null;
 
 /**
- * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 2617 section 2, and the Base64
- * encoded credentials as per RFC 2045 section 6.8.
+ * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 7617.
+ *
+ * @param input   The header value to parse in-place
+ * @param charset The character set to use to convert the bytes to a 
string
+ *
+ * @throws IllegalArgumentException If the header does not conform to 
RFC 7617
+ */
+public BasicCredentials(ByteChunk input, Charset charset) throws 
IllegalArgumentException {
+this(input, charset, false);
+}
+
+/**
+ * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 7617.
  *
  * @param input   The header value to parse in-place
  * @param charset The character set to use to convert the 
bytes to a string
  * @param trimCredentials Should leading and trailing whitespace be 
removed from the parsed credentials
  *
- * @throws IllegalArgumentException If the header does not conform to 
RFC 2617
+ * @throws IllegalArgumentException If the header does not conform to 
RFC 7617
+ *
+ * @deprecated Will be removed in Tomcat 11 onwards
  */
+@Deprecated
 public BasicCredentials(ByteChunk input, Charset charset, boolean 
trimCredentials)
 throws IllegalArgumentException {
 authorization = input;
@@ -196,7 +226,8 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 /*
- * The authorization method string is case-insensitive and must hae at 
least one space character as a delimiter.
+ * The authorization method string is

Re: Base64 and BASIC authentication

2024-04-16 Thread Mark Thomas 

On 16/04/2024 08:18, Mark Thomas wrote:



Tomcat's current implementation is based on RFC 2617 and allows the 
following:

- white space around the base64
- allows embedded line breaks in the base64
- missing padding
- illegal characters in the base64 (ignored)
- illegal characters in the base64 padding (ignored)
- excessive padding
- whitespace around the decoded password

I don't see any of the above causing issues apart from the last one 
which prevents the use of passwords with leading or trailing whitespace.


Just following up on this.

Prior to Tomcat 9.0.15, Tomcat always did this.

From 9.0.15 Tomcat did this by default but it could be disabled.

Intend to remove this feature from Tomcat 11 and disable it by default 
in earlier versions.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: jakartaee/servlet pom.xml

2024-04-16 Thread Mark Thomas 

On 16/04/2024 08:23, xulin y wrote:

Hi,

I refer to this commit:
https://github.com/jakartaee/servlet/commit/1455686360e118a68a545fb2e1b74f1c79abcfb5


And I ask again. How is that a Tomcat issue?

Mark




By Xulin Yang
Kind Regards

Mark Thomas  于2024年4月16日周二 15:20写道:


The list drops images. What changed?

Mark


On 16/04/2024 07:52, xulin y wrote:

Hi,

image.png
You can see this version was changed from 6.1.0-M2 to 6.1.0 on 2024 Mar
27 while 6.1.0 is not present in


https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/
> 于2024年4月16日
周二 14:48写道:

 How is this an Apache Tomcat issue?

 Mark


 On 16/04/2024 07:41, xulin y wrote:
  > Hi,
  >
  > System OS: Windows 10
  > Maven: 3.9.6
  > Java: 17.0.1
  >
  > When I was "mvn install" jakartaee/servlet on my desktop. I found
  >


https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37
<
https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37>
<
https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37
<
https://github.com/jakartaee/servlet/blob/master/tck/tck-runtime/pom.xml#L37>>
can give me exception. This is because
https://repo.maven.apache.org/maven2/jakarta/servlet/jakarta.servlet-api/

>
does not have jakarta.servlet-api 6.1.0

  > image.png
  > I use 6.1.0-SNAPSHOT on my desktop instead. Could you take a look
 at this?
  >
  > Appendix:
  > [ERROR] Failed to execute goal on project tck-runtime: Could not
 resolve
  > dependencies for project
 jakarta.servlet:tck-runtime:jar:6.1.0-SNAPSHOT:
  > The following artifacts could not be resolved:
  > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 (absent):
  > jakarta.servlet:jakarta.servlet-api:jar:6.1.0 was not found
  >
  > By Xulin Yang
  > Kind Regards

 -
 To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
 
 For additional commands, e-mail: dev-h...@tomcat.apache.org
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org






-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Update changelog for cancelled 10.1.22 release

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 950b4c5207 Update changelog for cancelled 10.1.22 release
950b4c5207 is described below

commit 950b4c52077c6d8b6f32c8ec854dfc12525f015e
Author: Mark Thomas 
AuthorDate: Tue Apr 16 12:05:48 2024 +0100

Update changelog for cancelled 10.1.22 release
---
 webapps/docs/changelog.xml | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 89bd49ddc8..562b746fc0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -138,7 +138,14 @@
 
   
 
-
+
+  
+
+  
+Release re-built using correct JDK version.
+  
+
+  
 
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-11.0.x

2024-04-16 Thread buildbot 
Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1030
Blamelist: Christopher Schultz , Mark Thomas 

Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch main] 61419c2e68842690259aabc9d3dfea5575ef0c64


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  shell_6: 0

  compile: 1

  shell_7: 0

  shell_8: 0

  shell_9: 0

  shell_10: 0

  Rsync docs to nightlies.apache.org: 0

  shell_11: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_12: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 68901] Coyote is hardcoded to drop connections on 400|408|411|414|500|503|501 which should be configurable for application level errors to prevent expensive TLS handshake/resumption on reconnect

2024-04-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=68901

Tiago do Couto  changed:

   What|Removed |Added

 CC||ti...@docouto.dev

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 68901] Coyote is hardcoded to drop connections on 400|408|411|414|500|503|501 which should be configurable for application level errors to prevent expensive TLS handshake/resumption on reconnect

2024-04-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=68901

--- Comment #1 from Michael Osipov  ---
I'd like to see this backed by the current RFC if it is a requirement or just
the way Tomcat handles it. Also maybe it might be worth to raise the same issue
with HTTPd as well.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Update Basic authentication to RFC 7617

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 61419c2e68 Update Basic authentication to RFC 7617
61419c2e68 is described below

commit 61419c2e68842690259aabc9d3dfea5575ef0c64
Author: Mark Thomas 
AuthorDate: Tue Apr 16 10:34:56 2024 +0100

Update Basic authentication to RFC 7617
---
 .../catalina/authenticator/BasicAuthenticator.java |  41 ++
 .../authenticator/TestBasicAuthParser.java | 153 -
 webapps/docs/changelog.xml |   5 +
 webapps/docs/config/valve.xml  |   6 -
 4 files changed, 69 insertions(+), 136 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java 
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 168d7505f6..28114ec24a 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.Principal;
+import java.util.Base64;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -29,7 +30,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
 
 /**
  * An Authenticator and Valve implementation of HTTP BASIC 
Authentication, as outlined in RFC 7617: "The
@@ -43,7 +43,6 @@ public class BasicAuthenticator extends AuthenticatorBase {
 
 private Charset charset = StandardCharsets.UTF_8;
 private String charsetString = "UTF-8";
-private boolean trimCredentials = true;
 
 
 public String getCharset() {
@@ -64,16 +63,6 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 
-public boolean getTrimCredentials() {
-return trimCredentials;
-}
-
-
-public void setTrimCredentials(boolean trimCredentials) {
-this.trimCredentials = trimCredentials;
-}
-
-
 @Override
 protected boolean doAuthenticate(Request request, HttpServletResponse 
response) throws IOException {
 
@@ -89,7 +78,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
 ByteChunk authorizationBC = authorization.getByteChunk();
 BasicCredentials credentials = null;
 try {
-credentials = new BasicCredentials(authorizationBC, charset, 
getTrimCredentials());
+credentials = new BasicCredentials(authorizationBC, charset);
 String username = credentials.getUsername();
 String password = credentials.getPassword();
 
@@ -145,7 +134,6 @@ public class BasicAuthenticator extends AuthenticatorBase {
 private static final String METHOD = "basic ";
 
 private final Charset charset;
-private final boolean trimCredentials;
 private final ByteChunk authorization;
 private final int initialOffset;
 private int base64blobOffset;
@@ -155,21 +143,17 @@ public class BasicAuthenticator extends AuthenticatorBase 
{
 private String password = null;
 
 /**
- * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 2617 section 2, and the Base64
- * encoded credentials as per RFC 2045 section 6.8.
+ * Parse the HTTP Authorization header for BASIC authentication as per 
RFC 7617.
  *
  * @param input   The header value to parse in-place
  * @param charset The character set to use to convert the 
bytes to a string
- * @param trimCredentials Should leading and trailing whitespace be 
removed from the parsed credentials
  *
- * @throws IllegalArgumentException If the header does not conform to 
RFC 2617
+ * @throws IllegalArgumentException If the header does not conform to 
RFC 7617
  */
-public BasicCredentials(ByteChunk input, Charset charset, boolean 
trimCredentials)
-throws IllegalArgumentException {
+public BasicCredentials(ByteChunk input, Charset charset) throws 
IllegalArgumentException {
 authorization = input;
 initialOffset = input.getOffset();
 this.charset = charset;
-this.trimCredentials = trimCredentials;
 
 parseMethod();
 byte[] decoded = parseBase64();
@@ -196,7 +180,8 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 /*
- * The authorization method string is case-insensitive and must hae at 
least one space character as a delimiter.
+ * The authorization method

(tomcat) branch 10.1.x updated: Updating version info

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 8321821e55 Updating version info
8321821e55 is described below

commit 8321821e554052b5feb04cac082fcfbebed712aa
Author: Mark Thomas 
AuthorDate: Tue Apr 16 12:05:11 2024 +0100

Updating version info
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 6fa20d3d3d..0efb35249b 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,7 +31,7 @@
 # - Version Control Flags -
 version.major=10
 version.minor=1
-version.build=22
+version.build=23
 version.patch=0
 version.suffix=
 version.dev=-dev
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 1f48ad8fdc..0e3eb7861b 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.1.22
+maven.asf.release.deploy.version=10.1.23
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68575 - in /dev/tomcat/tomcat-10/v10.1.23: ./ bin/ bin/embed/ src/

2024-04-16 Thread schultz 
Author: schultz
Date: Tue Apr 16 12:26:24 2024
New Revision: 68575

Log:
Upload v10.1.23 for voting

Added:
dev/tomcat/tomcat-10/v10.1.23/
dev/tomcat/tomcat-10/v10.1.23/KEYS
dev/tomcat/tomcat-10/v10.1.23/README.html
dev/tomcat/tomcat-10/v10.1.23/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.1.23/bin/
dev/tomcat/tomcat-10/v10.1.23/bin/README.html
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.zip.asc
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-fulldocs.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x64.zip.asc

dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x86.zip.asc

dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.exe   (with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.exe.asc
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.exe.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.zip   (with props)
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.zip.asc
dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.zip.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/embed/
dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.tar.gz  
 (with props)

dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.zip.asc

dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.zip.sha512
dev/tomcat/tomcat-10/v10.1.23/src/
dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.zip   (with 
props)
dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.zip.asc
dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.1.23/KEYS
==
--- dev/tomcat/tomcat-10/v10.1.23/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.1.23/KEYS Tue Apr 16 12:26:24 2024
@@ -0,0 +1,562 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn
+lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi
+GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8

(tomcat) branch 8.5.x updated: Set final release date.

2024-04-16 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 8ff7e6fc86 Set final release date.
8ff7e6fc86 is described below

commit 8ff7e6fc86af3c3e82f318e7f62dc9ae41984be9
Author: Christopher Schultz 
AuthorDate: Tue Apr 16 08:45:20 2024 -0400

Set final release date.
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1317ec9d3c..2093bfe034 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 9.0.88

2024-04-16 Thread Rémy Maucherat 
The following votes were cast:

Binding:
+1: schultz, remm, lihan

Non-binding
+1: Dimitris Soumis

No other votes were cast.

The vote therefore passes.

Thanks to everyone who contributed to this release.

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68577 - /dev/tomcat/tomcat-11/v11.0.0-M19/ /release/tomcat/tomcat-11/v11.0.0-M19/

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 13:12:36 2024
New Revision: 68577

Log:
Release Tomcat 11.0.0-M19

Added:
release/tomcat/tomcat-11/v11.0.0-M19/
  - copied from r68576, dev/tomcat/tomcat-11/v11.0.0-M19/
Removed:
dev/tomcat/tomcat-11/v11.0.0-M19/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68578 - /dev/tomcat/tomcat-9/v9.0.88/ /release/tomcat/tomcat-9/v9.0.88/

2024-04-16 Thread remm 
Author: remm
Date: Tue Apr 16 13:13:27 2024
New Revision: 68578

Log:
Release Tomcat 9.0.88

Added:
release/tomcat/tomcat-9/v9.0.88/
  - copied from r68577, dev/tomcat/tomcat-9/v9.0.88/
Removed:
dev/tomcat/tomcat-9/v9.0.88/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/01: Tag 10.1.23

2024-04-16 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 10.1.23
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9062d27dc5122e8241ea62a4c4312af0dc71da49
Author: ChristopherSchultz 
AuthorDate: Tue Apr 16 08:22:55 2024 -0400

Tag 10.1.23
---
 build.properties.release |  54 +++
 res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes
 res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes
 res/maven/mvn.properties.release |  27 
 webapps/docs/changelog.xml   |   2 +-
 5 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/build.properties.release b/build.properties.release
new file mode 100644
index 00..80d2fff8b5
--- /dev/null
+++ b/build.properties.release
@@ -0,0 +1,54 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Any unwanted settings may be over-ridden in a build.properties file located
+# in the same directory as this file.
+
+# Set the version-dev to "" (empty string) as this is not a development 
release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds.
+ant.tstamp.now.iso=2024-04-16T12:17:18Z
+
+# Enable insertion of detached signatures into the Windows installer.
+do.codesigning=true
+
+# Re-use the same GPG executable.
+gpg.exec=/opt/homebrew/bin/gpg
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a 
reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process.
+#
+# Apache Ant:  Apache Ant(TM) version 1.10.14 compiled on August 16 2023
+#
+# Java Name:   OpenJDK 64-Bit Server VM
+# Java Vendor: Eclipse Adoptium
+# Java Version:22+36
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build environment is consistent with this information.
+#
+# OS:  aarch64 Mac OS X 14.4.1
+# File encoding:   UTF-8
+#
+# Release Manager: schultz
+release-java-version=22+36
+release-ant-version=1.10.14
diff --git a/res/install-win/Uninstall.exe.sig 
b/res/install-win/Uninstall.exe.sig
new file mode 100644
index 00..bcaa8f5f46
Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ
diff --git a/res/install-win/tomcat-installer.exe.sig 
b/res/install-win/tomcat-installer.exe.sig
new file mode 100644
index 00..eedcad1e17
Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ
diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release
new file mode 100644
index 00..eb2c6072ba
--- /dev/null
+++ b/res/maven/mvn.properties.release
@@ -0,0 +1,27 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Remove "-dev" from the version since this is not a development release.
+maven.asf.release.deploy.version=10.1.23
+
+# Re-use the same GPG executable.

(tomcat) tag 10.1.23 created (now 9062d27dc5)

2024-04-16 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 10.1.23
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at 9062d27dc5 (commit)
This tag includes the following new commits:

 new 9062d27dc5 Tag 10.1.23

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-native) branch 1.3.x updated: Correct version

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.3.x by this push:
 new b29b00d9c Correct version
b29b00d9c is described below

commit b29b00d9ca4dce0d6dac198b4989d8482cc98f23
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:18:36 2024 +0100

Correct version
---
 xdocs/miscellaneous/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index f61381a63..027f715f7 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -31,7 +31,7 @@
   started from the 1.2.39 tag.
   
 
-
+
   
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68574 - /dev/tomcat/tomcat-10/v10.1.22/

2024-04-16 Thread schultz 
Author: schultz
Date: Tue Apr 16 12:24:13 2024
New Revision: 68574

Log:
Drop cancelled release artifacts

Removed:
dev/tomcat/tomcat-10/v10.1.22/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 11.0.0-M19

2024-04-16 Thread Rémy Maucherat 
On Tue, Apr 16, 2024 at 8:04 AM Rainer Jung  wrote:
>
> Am 09.04.24 um 15:13 schrieb Rémy Maucherat:
> > The proposed Apache Tomcat 11.0.0-M19 release is now available for
> > voting.
> >
> > Apache Tomcat 11.0.0-M19 is a milestone release of the 11.0.x branch and
> > has been made to provide users with early access to the new features in
> > Apache Tomcat 11.0.x so that they may provide feedback. The notable
> > changes compared to the previous milestone include:
> >
> > - Finalize update to the Jakarta EE 11 specifications.
> >
> > - Cookies header generation enhancements.
> >
> > - Fix regression when reloading TLS configuration and files.
> >
> > For full details, see the change log:
> > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
> >
> > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
> > without changes. Java EE applications designed for Tomcat 9 and earlier
> > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> > will automatically convert them to Jakarta EE and copy them to the
> > webapps directory. Applications using deprecated APIs may require
> > further changes.
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M19/
> >
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1488
> >
> > The tag is:
> > https://github.com/apache/tomcat/tree/11.0.0-M19
> > 19e301275f23056e3c46ab296c87cf6e16fbe68f
> >
> > The proposed 11.0.0-M19 release is:
> > [ ] -1 Broken - do not release
> > [X] +1 Alpha  - go ahead and release as 11.0.0-M19
>
> Thanks for RM!

Np ;)
I managed to *not* mess up this release, but I messed up 10.1 pretty
bad however ...

Rémy

> Rainer
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 11.0.0-M19

2024-04-16 Thread Rémy Maucherat 
The following votes were cast:

Binding:
+1: schultz, remm, lihan, rjung

Non-binding
+1: Dimitris Soumis

No other votes were cast.

The vote therefore passes.

Thanks to everyone who contributed to this release.

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Fix comment (thanks to Chuck)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 22190db22c Fix comment (thanks to Chuck)
22190db22c is described below

commit 22190db22c67fd4bfb5537c4bc7f4a1f4091aa01
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:20:04 2024 +0100

Fix comment (thanks to Chuck)
---
 java/org/apache/catalina/authenticator/BasicAuthenticator.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java 
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 63ac050f69..c293af288c 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -226,8 +226,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 /*
- * The authorization method string is case-insensitive and must have 
at exactly one space character as a
- * delimiter.
+ * The authorization method string is case-insensitive and must have 
exactly one space character as a delimiter.
  */
 private void parseMethod() throws IllegalArgumentException {
 if (authorization.startsWithIgnoreCase(METHOD, 0)) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Fix comment (thanks to Chuck)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new b0d06dc8ca Fix comment (thanks to Chuck)
b0d06dc8ca is described below

commit b0d06dc8cae59b624adc91777f3e42552a3b141b
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:20:04 2024 +0100

Fix comment (thanks to Chuck)
---
 java/org/apache/catalina/authenticator/BasicAuthenticator.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java 
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 28114ec24a..8421dc54b1 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -180,8 +180,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 /*
- * The authorization method string is case-insensitive and must have 
at exactly one space character as a
- * delimiter.
+ * The authorization method string is case-insensitive and must have 
exactly one space character as a delimiter.
  */
 private void parseMethod() throws IllegalArgumentException {
 if (authorization.startsWithIgnoreCase(METHOD, 0)) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Fix comment (thanks to Chuck)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 63f72b89ff Fix comment (thanks to Chuck)
63f72b89ff is described below

commit 63f72b89fffe8ad60b1d3c8edf6221f78a11c539
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:20:04 2024 +0100

Fix comment (thanks to Chuck)
---
 java/org/apache/catalina/authenticator/BasicAuthenticator.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java 
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 7060cca97c..1bfd552cf1 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -226,8 +226,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
 }
 
 /*
- * The authorization method string is case-insensitive and must have 
at exactly one space character as a
- * delimiter.
+ * The authorization method string is case-insensitive and must have 
exactly one space character as a delimiter.
  */
 private void parseMethod() throws IllegalArgumentException {
 if (authorization.startsWithIgnoreCase(METHOD, 0)) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Base64 and BASIC authentication

2024-04-16 Thread Christopher Schultz 

Mark,

On 4/16/24 03:18, Mark Thomas wrote:

TL;DR - we need to tighten up parsing of BASIC authentication headers.

When I switched out Tomcat's Base64 handling for the built-in JRE 
handling, I noticed that BASIC authentication was using a very relaxed 
version of the Base64 decoder. That seemed odd, so I replaced it with 
the standard Base64 decoder. That broke a bunch of tests so I switched 
to the MIME decoder (the most relaxed) which fixed most - but not all - 
of the issues. Then I started look at what the tests were testing and 
the relevant RFCs.


The current RFC for HTTP BASIC authentication is RFC 7617. This in turn 
references numerous other RFCs, most notably RFC 7235 (HTTP 
Authentication) and RFC 4648 (Base64). Taken together these require that 
the format of the Authorization header is:

- The token "Basic"
- Exactly 1 space
- The base64 encoding of username:password

Tomcat's current implementation is based on RFC 2617 and allows the 
following:

- white space around the base64


Meh. This doesn't seem too impactful. If any part of the credential 
needs to contain whitespace, that whitespace will be base64 encoded and 
therefore not-whitespace in the header value.



- allows embedded line breaks in the base64


Ew. -1 please


- missing padding


This seems okay to me. JWT as a very modern example of base64-encoded 
data in HTTP allows missing padding just to save 1-3 bytes even though 
the JWTs themselves are monstrous.



- illegal characters in the base64 (ignored)
- illegal characters in the base64 padding (ignored)


These these should probably no longer be ignored.


- excessive padding


Weird. I wonder if that was intentional.


- whitespace around the decoded password


Full -1 from me. Whitespace should be allowed as part of a username or 
password and trimming it is inappropriate.


I don't see any of the above causing issues apart from the last one 
which prevents the use of passwords with leading or trailing whitespace. 
This is mostly of a cleaning up exercise so the switch to Java's base64 
decoder is simpler.


Before I merge the change to use the JRE's Base64 encoder, I intend to 
tighten up the parsing of Basic authentication headers. I intend to do 
this for all currently supported versions.


Any objections?


None here.

Do the relevant RFCs say anything about the missing padding? If Java 
allows us to accept pad-less values, I would allow that to continue.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.1.23

2024-04-16 Thread Christopher Schultz 

The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build 
mistake and Apache Tomcat 10.1.22 was cancelled due to an option in 
startup scripts which would have caused Java 11 environments to fail to 
start.


The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.23

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Fix Gump issue - Gump tests with OpenSSL master which is now 3.4.x

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 973881f808 Fix Gump issue - Gump tests with OpenSSL master which is 
now 3.4.x
973881f808 is described below

commit 973881f8083c5f7064ce61441640bd2069de65c5
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:46:41 2024 +0100

Fix Gump issue - Gump tests with OpenSSL master which is now 3.4.x
---
 test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 6f51c27f8a..28a2582d70 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
 } catch (IOException e) {
 versionString = "";
 }
-if (versionString.startsWith("OpenSSL 3.3.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+if (versionString.startsWith("OpenSSL 3.4.")) {
+// Note: Gump currently tests 11.x with OpenSSL HEAD which is 
current 3.4.x
+VERSION = 30400;
+} else if (versionString.startsWith("OpenSSL 3.3.")) {
 VERSION = 30300;
 } else if (versionString.startsWith("OpenSSL 3.2.")) {
 VERSION = 30200;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Fix Gump issue - Gump tests with OpenSSL master which is now 3.4.x

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new d7ae6515dc Fix Gump issue - Gump tests with OpenSSL master which is 
now 3.4.x
d7ae6515dc is described below

commit d7ae6515dcd82aa72f3bd05200dd32717454a286
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:46:41 2024 +0100

Fix Gump issue - Gump tests with OpenSSL master which is now 3.4.x
---
 test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 6f51c27f8a..28a2582d70 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
 } catch (IOException e) {
 versionString = "";
 }
-if (versionString.startsWith("OpenSSL 3.3.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+if (versionString.startsWith("OpenSSL 3.4.")) {
+// Note: Gump currently tests 11.x with OpenSSL HEAD which is 
current 3.4.x
+VERSION = 30400;
+} else if (versionString.startsWith("OpenSSL 3.3.")) {
 VERSION = 30300;
 } else if (versionString.startsWith("OpenSSL 3.2.")) {
 VERSION = 30200;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Fix Gump issue - Gump tests with OpenSSL master which is now 3.4.x

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new ea37a83dd4 Fix Gump issue - Gump tests with OpenSSL master which is 
now 3.4.x
ea37a83dd4 is described below

commit ea37a83dd41e6e4b136e9314ff2bef455c829c93
Author: Mark Thomas 
AuthorDate: Tue Apr 16 14:46:41 2024 +0100

Fix Gump issue - Gump tests with OpenSSL master which is now 3.4.x
---
 test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 6f51c27f8a..28a2582d70 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
 } catch (IOException e) {
 versionString = "";
 }
-if (versionString.startsWith("OpenSSL 3.3.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+if (versionString.startsWith("OpenSSL 3.4.")) {
+// Note: Gump currently tests 11.x with OpenSSL HEAD which is 
current 3.4.x
+VERSION = 30400;
+} else if (versionString.startsWith("OpenSSL 3.3.")) {
 VERSION = 30300;
 } else if (versionString.startsWith("OpenSSL 3.2.")) {
 VERSION = 30200;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Update the @SuppressWarnings for Eclipse 4.32M1 and Java 22

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new dab2b10275 Update the @SuppressWarnings for Eclipse 4.32M1 and Java 22
dab2b10275 is described below

commit dab2b1027521ccad85685a7c2b868fc4abab82c8
Author: Mark Thomas 
AuthorDate: Tue Apr 16 19:27:30 2024 +0100

Update the @SuppressWarnings for Eclipse 4.32M1 and Java 22
---
 java/org/apache/catalina/authenticator/SpnegoAuthenticator.java  | 1 +
 java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java | 2 ++
 java/org/apache/catalina/valves/StuckThreadDetectionValve.java   | 5 +
 java/org/apache/catalina/webresources/CachedResource.java| 1 +
 java/org/apache/coyote/Request.java  | 2 ++
 java/org/apache/tomcat/dbcp/dbcp2/DelegatingStatement.java   | 2 +-
 java/org/apache/tomcat/util/Diagnostics.java | 1 +
 test/org/apache/juli/TestThreadNameCache.java| 1 +
 8 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index ab4a8c3287..dab5cdfed3 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -134,6 +134,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
 }
 
 
+@SuppressWarnings("removal")
 @Override
 protected boolean doAuthenticate(Request request, HttpServletResponse 
response) throws IOException {
 
diff --git 
a/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java 
b/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java
index c413317186..8c70ac3401 100644
--- a/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java
+++ b/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java
@@ -119,9 +119,11 @@ public class ThreadLocalLeakPreventionListener extends 
FrameworkListener {
 }
 
 if (executor instanceof ThreadPoolExecutor) {
+@SuppressWarnings("resource")
 ThreadPoolExecutor threadPoolExecutor = 
(ThreadPoolExecutor) executor;
 threadPoolExecutor.contextStopping();
 } else if (executor instanceof StandardThreadExecutor) {
+@SuppressWarnings("resource")
 StandardThreadExecutor stdThreadExecutor = 
(StandardThreadExecutor) executor;
 stdThreadExecutor.contextStopping();
 }
diff --git a/java/org/apache/catalina/valves/StuckThreadDetectionValve.java 
b/java/org/apache/catalina/valves/StuckThreadDetectionValve.java
index a523029d75..0e451d5a0c 100644
--- a/java/org/apache/catalina/valves/StuckThreadDetectionValve.java
+++ b/java/org/apache/catalina/valves/StuckThreadDetectionValve.java
@@ -135,6 +135,7 @@ public class StuckThreadDetectionValve extends ValveBase {
 
 private void notifyStuckThreadDetected(MonitoredThread monitoredThread, 
long activeTime, int numStuckThreads) {
 if (log.isWarnEnabled()) {
+@SuppressWarnings("deprecation")
 String msg = 
sm.getString("stuckThreadDetectionValve.notifyStuckThreadDetected",
 monitoredThread.getThread().getName(), 
Long.valueOf(activeTime), monitoredThread.getStartTime(),
 Integer.valueOf(numStuckThreads), 
monitoredThread.getRequestUri(), Integer.valueOf(threshold),
@@ -171,6 +172,7 @@ public class StuckThreadDetectionValve extends ValveBase {
 // GC'ing, as the reference is removed from the Map in the finally 
clause
 
 Thread currentThread = Thread.currentThread();
+@SuppressWarnings("deprecation")
 Long key = Long.valueOf(currentThread.getId());
 StringBuffer requestUrl = request.getRequestURL();
 if (request.getQueryString() != null) {
@@ -227,6 +229,7 @@ public class StuckThreadDetectionValve extends ValveBase {
 return stuckCount.get();
 }
 
+@SuppressWarnings("deprecation")
 public long[] getStuckThreadIds() {
 List idList = new ArrayList<>();
 for (MonitoredThread monitoredThread : activeThreads.values()) {
@@ -342,6 +345,7 @@ public class StuckThreadDetectionValve extends ValveBase {
 }
 try {
 if (log.isWarnEnabled()) {
+@SuppressWarnings("deprecation")
 String msg = 
sm.getString("stuckThreadDetectionValve.notifyStuckThreadInterrupted",
 this.getThread().getName(), 
Long.valueOf(getActiveTimeInMillis()), this.getStartTime(),
 this.getRequestUri(), 
Long.valueOf(interruptThreadThreshold),
@@

Re: [VOTE] Release Apache Tomcat 10.1.23

2024-04-16 Thread Rémy Maucherat 
On Tue, Apr 16, 2024 at 3:11 PM Christopher Schultz
 wrote:
>
> The proposed Apache Tomcat 10.1.23 release is now available for
> voting. Apache Tomcat 10.1.21 was canceled due to a release-build
> mistake and Apache Tomcat 10.1.22 was cancelled due to an option in
> startup scripts which would have caused Java 11 environments to fail to
> start.
>
> The notable changes compared to 10.1.20 are:
>
> - Improve locking strategies in Catalina core
>
> - Update Basic authentication to implement the requirements of RFC 7617
>
> - Updates to Apache Commons dependencies
>
> - Add OpenSSL support when FFM is available
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1492
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.23
> https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49
>
> Please reply with a +1 for release or -0/-1 with an explanation.
>
> The proposed 10.1.23 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 10.1.23

+1
Sorry again for the trouble ...

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: This appears to be unnecessary with Eclipse 4.31+

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 143484b769 This appears to be unnecessary with Eclipse 4.31+
143484b769 is described below

commit 143484b769af938c828cbf12f8ac54ca114267bb
Author: Mark Thomas 
AuthorDate: Tue Apr 16 19:42:50 2024 +0100

This appears to be unnecessary with Eclipse 4.31+
---
 java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java 
b/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
index 7b7a919a91..c2e1c3a582 100644
--- a/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
+++ b/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
@@ -1165,7 +1165,6 @@ public class ThreadPoolExecutor extends 
AbstractExecutorService {
  *
  * @param w the worker
  */
-@SuppressWarnings("null")  // task cannot be null
 final void runWorker(Worker w) {
 Thread wt = Thread.currentThread();
 Runnable task = w.firstTask;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Silence remaining IDE wanrings for 10.1.x with Eclipse 4.31+

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new bbb3821e56 Silence remaining IDE wanrings for 10.1.x with Eclipse 4.31+
bbb3821e56 is described below

commit bbb3821e56e4b9928b09d0ce6057f5f1500c960f
Author: Mark Thomas 
AuthorDate: Tue Apr 16 19:43:59 2024 +0100

Silence remaining IDE wanrings for 10.1.x with Eclipse 4.31+
---
 java/org/apache/catalina/connector/InputBuffer.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/org/apache/catalina/connector/InputBuffer.java 
b/java/org/apache/catalina/connector/InputBuffer.java
index e22ef9694c..b708466f3d 100644
--- a/java/org/apache/catalina/connector/InputBuffer.java
+++ b/java/org/apache/catalina/connector/InputBuffer.java
@@ -324,6 +324,7 @@ public class InputBuffer extends Reader implements 
ByteChunk.ByteInputChannel, A
 }
 
 
+@SuppressWarnings("deprecation")
 private void handleReadException(Exception e) throws IOException {
 // Set flag used by asynchronous processing to detect errors on 
non-container threads
 coyoteRequest.setErrorException(e);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated (6b850a416a -> 2d5b58fbe9)

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 6b850a416a Fix order and typo
 new 592d75ca52 This appears to be unnecessary with Eclipse 4.31+
 new 2d5b58fbe9 Silence remaining IDE wanrings for 9.0.x with Eclipse 4.31+

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/catalina/connector/InputBuffer.java | 1 +
 java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/02: Silence remaining IDE wanrings for 9.0.x with Eclipse 4.31+

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2d5b58fbe9becc36da7e165c1ef3ecdf5d691878
Author: Mark Thomas 
AuthorDate: Tue Apr 16 19:43:59 2024 +0100

Silence remaining IDE wanrings for 9.0.x with Eclipse 4.31+
---
 java/org/apache/catalina/connector/InputBuffer.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/org/apache/catalina/connector/InputBuffer.java 
b/java/org/apache/catalina/connector/InputBuffer.java
index 162c6fd314..347f7b6291 100644
--- a/java/org/apache/catalina/connector/InputBuffer.java
+++ b/java/org/apache/catalina/connector/InputBuffer.java
@@ -324,6 +324,7 @@ public class InputBuffer extends Reader implements 
ByteChunk.ByteInputChannel, A
 }
 
 
+@SuppressWarnings("deprecation")
 private void handleReadException(Exception e) throws IOException {
 // Set flag used by asynchronous processing to detect errors on 
non-container threads
 coyoteRequest.setErrorException(e);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: This appears to be unnecessary with Eclipse 4.31+

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 592d75ca528fb9dd22eb32675a3acf9a35202782
Author: Mark Thomas 
AuthorDate: Tue Apr 16 19:42:50 2024 +0100

This appears to be unnecessary with Eclipse 4.31+
---
 java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java 
b/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
index 6f6f381578..20ed59a3f9 100644
--- a/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
+++ b/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
@@ -1165,7 +1165,6 @@ public class ThreadPoolExecutor extends 
AbstractExecutorService {
  *
  * @param w the worker
  */
-@SuppressWarnings("null")  // task cannot be null
 final void runWorker(Worker w) {
 Thread wt = Thread.currentThread();
 Runnable task = w.firstTask;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: This appears to be unnecessary with Java 17+ and the Eclipse 4.31

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 5495a4a2da This appears to be unnecessary with Java 17+ and the 
Eclipse 4.31
5495a4a2da is described below

commit 5495a4a2dac7189322f8f8bbe5c00e64997d4797
Author: Mark Thomas 
AuthorDate: Tue Apr 16 18:48:30 2024 +0100

This appears to be unnecessary with Java 17+ and the Eclipse 4.31
---
 java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java 
b/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
index 2cde45c15d..cc9fc70cf6 100644
--- a/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
+++ b/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
@@ -1123,7 +1123,6 @@ public class ThreadPoolExecutor extends 
AbstractExecutorService {
  *
  * @param w the worker
  */
-@SuppressWarnings("null")  // task cannot be null
 final void runWorker(Worker w) {
 Thread wt = Thread.currentThread();
 Runnable task = w.firstTask;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23

2024-04-16 Thread Dimitris Soumis 
+1 All tests pass on Fedora 38 with Java 21, tcnative-2.0.7, openssl-3.0.13.

On Tue, Apr 16, 2024 at 4:19 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> The proposed Apache Tomcat 10.1.23 release is now available for
> voting. Apache Tomcat 10.1.21 was canceled due to a release-build
> mistake and Apache Tomcat 10.1.22 was cancelled due to an option in
> startup scripts which would have caused Java 11 environments to fail to
> start.
>
> The notable changes compared to 10.1.20 are:
>
> - Improve locking strategies in Catalina core
>
> - Update Basic authentication to implement the requirements of RFC 7617
>
> - Updates to Apache Commons dependencies
>
> - Add OpenSSL support when FFM is available
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1492
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.23
>
> https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49
>
> Please reply with a +1 for release or -0/-1 with an explanation.
>
> The proposed 10.1.23 release is:
> [ ] Broken - do not release
> [ X] Stable - go ahead and release as 10.1.23
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

(tomcat) branch 10.1.x updated: Fix order and typo

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 0073ca2b1a Fix order and typo
0073ca2b1a is described below

commit 0073ca2b1ad3fff4e5d3c3941dc7bdf508378508
Author: Mark Thomas 
AuthorDate: Tue Apr 16 17:27:37 2024 +0100

Fix order and typo
---
 res/ide-support/eclipse/java-compiler-errors-warnings.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/res/ide-support/eclipse/java-compiler-errors-warnings.txt 
b/res/ide-support/eclipse/java-compiler-errors-warnings.txt
index 3c1ce23c03..8078c129d7 100644
--- a/res/ide-support/eclipse/java-compiler-errors-warnings.txt
+++ b/res/ide-support/eclipse/java-compiler-errors-warnings.txt
@@ -18,7 +18,7 @@
 # Java -> Compiler -> Errors/Warnings
 ===
 
-The following settings are for Eclipse 4.15
+The following settings are for Eclipse 4.15 onwards
 W = Warning
 I = Ignore
 E = Error
@@ -40,10 +40,10 @@ Potential programming problems
  - All  - W
except the following:
 
+   - Unlikely argument type for...- W
+ [ ] Perform strict...
- Incomplete 'switch' cases on enum- W
  [ ] Signal even if 'default' case exists
-   - Unlikely argument type for...- W
- [ ] Perfprm strict...
- 'switch' is missing 'default' case   - I
- Potential resource leak  - I
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Fix order and typo

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 6b850a416a Fix order and typo
6b850a416a is described below

commit 6b850a416a0a85c42d4d78796d0aa2798b94a16d
Author: Mark Thomas 
AuthorDate: Tue Apr 16 17:27:37 2024 +0100

Fix order and typo
---
 res/ide-support/eclipse/java-compiler-errors-warnings.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/res/ide-support/eclipse/java-compiler-errors-warnings.txt 
b/res/ide-support/eclipse/java-compiler-errors-warnings.txt
index 3c1ce23c03..8078c129d7 100644
--- a/res/ide-support/eclipse/java-compiler-errors-warnings.txt
+++ b/res/ide-support/eclipse/java-compiler-errors-warnings.txt
@@ -18,7 +18,7 @@
 # Java -> Compiler -> Errors/Warnings
 ===
 
-The following settings are for Eclipse 4.15
+The following settings are for Eclipse 4.15 onwards
 W = Warning
 I = Ignore
 E = Error
@@ -40,10 +40,10 @@ Potential programming problems
  - All  - W
except the following:
 
+   - Unlikely argument type for...- W
+ [ ] Perform strict...
- Incomplete 'switch' cases on enum- W
  [ ] Signal even if 'default' case exists
-   - Unlikely argument type for...- W
- [ ] Perfprm strict...
- 'switch' is missing 'default' case   - I
- Potential resource leak  - I
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Fix order and typo

2024-04-16 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new a91f8d0fbf Fix order and typo
a91f8d0fbf is described below

commit a91f8d0fbf091904cd6baaab5027e766c8da2e91
Author: Mark Thomas 
AuthorDate: Tue Apr 16 17:27:37 2024 +0100

Fix order and typo
---
 res/ide-support/eclipse/java-compiler-errors-warnings.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/res/ide-support/eclipse/java-compiler-errors-warnings.txt 
b/res/ide-support/eclipse/java-compiler-errors-warnings.txt
index 3c1ce23c03..8078c129d7 100644
--- a/res/ide-support/eclipse/java-compiler-errors-warnings.txt
+++ b/res/ide-support/eclipse/java-compiler-errors-warnings.txt
@@ -18,7 +18,7 @@
 # Java -> Compiler -> Errors/Warnings
 ===
 
-The following settings are for Eclipse 4.15
+The following settings are for Eclipse 4.15 onwards
 W = Warning
 I = Ignore
 E = Error
@@ -40,10 +40,10 @@ Potential programming problems
  - All  - W
except the following:
 
+   - Unlikely argument type for...- W
+ [ ] Perform strict...
- Incomplete 'switch' cases on enum- W
  [ ] Signal even if 'default' case exists
-   - Unlikely argument type for...- W
- [ ] Perfprm strict...
- 'switch' is missing 'default' case   - I
- Potential resource leak  - I
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org