I've updated the Geronimo Java EE 5.0 Report card on the wiki to reflect
the latest 2.0-M4 information including milestone contents and package
upgrades.
http://cwiki.apache.org/GMOxPMGT/geronimo-java-ee-50-report-card.html
Feel free to update any inaccuracies.
-Dave-
Looks great! A few minor nitpick comments on the website content:
1) Why are the guiding principles in blue text? At first glance, it
makes it appear as though the items are links.. I know links are
underlined.. though still seems odd.
2) Why are the news events in a table? Does the
?
Dave Colasurdo and myself have already created a new article
illustrating how to setup Geronimo (Tomcat version) clustering
at the
host/engine level:
http://cwiki.apache.org/GMOxDOC11/clustering-sample-application-tomcat-host-level.html
Jeff Genender wrote:
I'm trying to understand what advantage context attribute replication
provides.
Allows you to pick and choose which web apps are distributed and which
are not. Example: There may be a mission critical app that needs
clustering, but we most certainly wouldn't want to
Hernan Cunico wrote:
Dave Colasurdo wrote:
Looks great! A few minor nitpick comments on the website content:
1) Why are the guiding principles in blue text? At first glance, it
makes it appear as though the items are links.. I know links are
underlined.. though still seems odd.
We
Jeff Genender wrote:
Dave Colasurdo wrote:
IIUC the presence/absence of the distributable tag in web.xml also
provides the same behavior. I gave this a quick test recently and it
seemed to work that way.
To a degree yes, but my understanding is all contexts would have the
valves, manager
-application.html
invalid. Should we now remove it saying that Geronimo (Tomcat version)
supports clustering at the Host/Engine level only?
Dave Colasurdo and myself have already created a new article
illustrating how to setup Geronimo (Tomcat version) clustering at the
host/engine level:
http
I've added an article to the Geronimo wiki that describes how to cluster
Geronimo HTTP Session web application data using the Open Terracotta
project.
http://cwiki.apache.org/GMOxDEV/clustering-geronimo-with-open-terracotta.html
Feel free to get it a try..
Also, the clustering articles in
Ok, have clarified this in the release notes..
Thanks
-Dave-
Dain Sundstrom wrote:
On Jan 25, 2007, at 11:03 AM, Dave Colasurdo wrote:
- Deployment with no ejb-jar.xml or openejb-jar (just need a
geronimo-openejb.xml for all the geronimo-specific deployment stuff)
To be clear, the geronimo
Thanks... Have made the updates...
Is there anything that should be added to the limitations section? Do
we fully support EJB 3.0?
-Dave-
David Blevins wrote:
On Jan 25, 2007, at 11:03 AM, Dave Colasurdo wrote:
Limitations:
- Undeploying an ejb module will not remove it's beans
, 2007, at 8:46 AM, Dave Colasurdo wrote:
Thanks... Have made the updates...
Well, we need to be sure these changes are included in M2. I'm not
sure where Matt is in terms of building an RC.
--kevan
Is there anything that should be added to the limitations section?
Do we fully support EJB 3.0
future changes can then occur in the branch..
Thanks
-Dave-
David Blevins wrote:
On Jan 26, 2007, at 5:46 AM, Dave Colasurdo wrote:
Thanks... Have made the updates...
Is there anything that should be added to the limitations section?
One of the things I mentioned in another email is that MDBs
I'm helping Hernan update the Release Notes for 2.0-M2.
Can folks please provide feedback for the EJB Content that gets
documented in the Release Notes.
Here is the current content..
- EJB 3.0 (via OpenEJB project)
Supported:
- JPA (Custom Provider, App-managed, Container-managed)
Anita,
I noticed you updated the Java EE 5.0 Report card to mark Java EE Mgmt
1.1 as available in 2.0-M1. Is the geronimo work complete for this
specification?
Chris, Is there any other required work that you were tracking before
marking this as complete on the roadmap?
Thanks
-Dave-
[
http://issues.apache.org/jira/browse/GERONIMO-2577?page=comments#action_12459700
]
Dave Colasurdo commented on GERONIMO-2577:
--
1) Is node c (the failing node) always the same physical machine?
2) Are you 100% certain that all three
The Java EE 5.0 Report card has been updated on the project wiki. This
update incorporates all the recent 2.0-M1 activity and other recent
developments relating to Java EE 5.0.
Please take a second to review it for accuracy.
[
http://issues.apache.org/jira/browse/GERONIMO-2577?page=comments#action_12459757
]
Dave Colasurdo commented on GERONIMO-2577:
--
I have seen clustering fail in multicast mode when the physical machines were
not on the same subnet
Here is an initial stab at documenting how to use Gcache with Geronimo
for clustering.
http://cwiki.apache.org/confluence/display/GMOxDEV/Geronimo+Clustering+with+Gcache
The article still needs a bit of work and will be updated as the Gcache
development effort progresses in the sandbox.
That would be awesome.. Thanks!! I'm unaware of anyone else working on
this.
-Dave-
Lasantha Ranaweera wrote:
Hi All,
I saw there is an empty sample application under web services section in
Geronimo user guide. Does anybody working on that? I would like to
contribute on that.
Thanks,
Here is the wikipedia definition for Pre-Alpha, Alpha, Beta, etc..
http://en.wikipedia.org/wiki/Alpha_release
The definitions pretty much agree with my preconception of what an Alpha
would contain.
IMHO, trunk is not currently in an Alpha state and doesn't accurately
reflect the majority
I assume you made a conscious choice not to remove the zero length dtd
files in the binary distributions?
-Dave-
It appears there are a bunch of zero length dtd files in the /schema
directory
application-client_1_2.dtd
application-client_1_3.dtd
application_1_2.dtd
application_1_3.dtd
I've reorganized the JEE 5.0 report card a bit and updated it with the
latest info relating to the spec levels and available packages.
See: http://cwiki.apache.org/GMOxPMGT/geronimo-jee-50-report-card.html
Please take a few minutes to review and comment/update as appropriate.
Thanks
-Dave-
/jsr154\examples
IIRC, JDK5 was required to build the tree..
-Dave-
Matt Hogstrom wrote:
Dave Colasurdo did the workDave?
Jason Dillon wrote:
Where in tomcat? Got a SVN URL handy?
--jason
On Aug 16, 2006, at 12:47 PM, Dave Colasurdo wrote:
We grabbed the jars from Tomcat, unpacked them
We grabbed the jars from Tomcat, unpacked them and manually made a few
changes to them (outside of source control) and published the resulting
wars. Here is the description of the manual changes:
http://issues.apache.org/jira/browse/GERONIMO-1299
-Dave-
Matt Hogstrom wrote:
Aaron,
Its
IIRC, there were a few minor tweaks of the examples.. See GERONIMO-1299
and GERONIMO-1540 for details..
-Dave-
Jeff Genender wrote:
I believe we used the source from Tomcat verbatim as we did not want to
fork the code. In fact IIRC, it was a rename of the jars.
Jeff
Prasad Kashyap wrote:
Hernan,
It seems the 1.1 tomcat clustering example had recently ceased to work.
I've made the appropriate minor changes to the 1.1 deployment plan
(servlets-examples-tomcat-cluster-plan-5.5.15.xml) on the old confluence
wiki:
[
http://issues.apache.org/jira/browse/GERONIMO-2112?page=comments#action_12416199
]
Dave Colasurdo commented on GERONIMO-2112:
--
I believe the following changes are still required:
License.txt - add licenses for castor and possibly antlr
John Sisson wrote:
6. Third Party Licenses. This needs to be reviewed and the
appropriate licenses compiled. Volunteers? We did not have one in the
1.0 stream so I'd like clarification if this is a requirement or
something that can be deferred.
IMO this is a requirement. Just have a look
[ http://issues.apache.org/jira/browse/GERONIMO-2112?page=all ]
Dave Colasurdo updated GERONIMO-2112:
-
Attachment: NOTICE.txt
LICENSE.txt
Here is the initial pass at the LICENSE.TXT and NOTICE.TXT files for Geronimo
1.1..
Still
Dave Colasurdo wrote:
John Sisson wrote:
6. Third Party Licenses. This needs to be reviewed and the
appropriate licenses compiled. Volunteers? We did not have one in
the 1.0 stream so I'd like clarification if this is a requirement or
something that can be deferred.
IMO
[
http://issues.apache.org/jira/browse/GERONIMO-2112?page=comments#action_12416113
]
Dave Colasurdo commented on GERONIMO-2112:
--
That was the format I used in the original LICENSE.TXT and NOTICE.txt that I
attached (separating licenses from
2) In section Significant Changes
-Shared Library Support
-Statement Cache for JDBC drivers
-Dynamic Plugin support
-In-place deployment of exploded applications
-Dependent Package Upgrades (Tomcat, Jetty, etc.)
DONE.
Seems that 3 of the items above are missing from the release notes in
It seems the out of box use of plugins in the admin console is
erroneously creating url links to install the welcome app and admin
console plugins. They are already installed and started in the j2ee
distribution.
Thanks
-Dave-
Matt Hogstrom wrote:
Over the past few days the outstanding
BTW, I think additional fixes are required in 1.1.1 before claiming
support for multiple concurrent server instances from a single
installation..
Awhile back I was able to start the server using an external var
directory (via -Dorg.apache.geronimo.server.dir). After changing all
the ports
Hernan Cunico wrote:
Hi All,
I updated the release notes and it is ready for your review and
comments, here is the link
http://cwiki.apache.org/GMOxDOC11/release-notes-11txt.html
Cheers!
Hernan
Thanks Hernan! A few comments:
1) In section Installing and Starting Geronimo
Suspect the
Hernan Cunico wrote:
Dave Colasurdo wrote:
Hernan Cunico wrote:
Hi All,
I updated the release notes and it is ready for your review and
comments, here is the link
http://cwiki.apache.org/GMOxDOC11/release-notes-11txt.html
Cheers!
Hernan
Thanks Hernan! A few comments:
1) In section
Guillaume Nodet wrote:
and the plugins portlet does not display hyperlinks, so plugins can not
be installed...
Aaron,
It seems that the plugin problems (installing samples, installing
plugins from the admin console)that we saw last week have reappeared in
the RC build.
These problems
It seems that the default samples won't install from the welcome page
for this build. Do the plugins for the samples need to be updated and
regenerated? Looks like a missing dependency..
BTW, where does the plugin regeneration take place? Is it part of the
geronimo build or is it done
have external
dependencies, but the Servlets examples don't -- so if the Servlets
example works but the others don't, that suggests a problem with
ibiblio.
Thanks,
Aaron
On 6/1/06, Dave Colasurdo [EMAIL PROTECTED] wrote:
It seems that the default samples won't install from the welcome page
.
:)
Thanks,
Aaron
On 6/1/06, Dave Colasurdo [EMAIL PROTECTED] wrote:
All three sample installations fail with the same exception shown
below...
Aaron Mulder wrote:
The sample plugins are built as part of the build, but there's a
separate process to build the repository metadata and update
of xml.
Perhaps the Upgrade tool should account for this case..
Thanks
-Dave-
David Jencks wrote:
Thanks for trying it out. I changed how it starts quite a bit today --
I hope it hasn't become too slow.
I also think I fixed the schema issue Dave Colasurdo found.
thanks
david jencks
On May
[
http://issues.apache.org/jira/browse/GERONIMO-2006?page=comments#action_12402408
]
Dave Colasurdo commented on GERONIMO-2006:
--
Thanks for looking at this issue..
I originally created the pblm on a build that was done just prior to the
cut
I think Joe has raised a valid point here... Providing ongoing unstable
builds is quite useful. However, if there is no simple link to them
from the Geronimo website then how will users find them?
Why not add a simple link to the unstable builds (or at least the
location of the most recent
Thanks David! It seems to run fine on the simple plans that I have
tried though I do have a few quick comments and observations..
1) Should the version in the schema name be updated (from 1.0 - 1.1)
for both jetty and tomcat plans? For example, the following line is
unchanged when the tool
Filip Hanik - Dev Lists wrote:
Dave Colasurdo wrote:
*Problem1*
When testing Sticky session, my browser locks unto a particular
cluster member (e.g. node1) due to the nodeid in the cookie. If I kill
node1, the session fails over into node2 and all my session data is
still present
The Geronimo 1.1 web tier clustering documentation (using Tomcat 5.5.15)
and updated deployment plans are available at:
http://opensource.atlassian.com/confluence/oss/display/GERONIMO/Geronimo+Clustering+Example
-Dave-
Now that we have officially upgraded to TC 5.5.15, I've gone back and
retried the clustering tests and it looks like G1.1 clustering is now
working with TC5.5.15!!
The Unable to send message through cluster sender exception that was
being thrown was caused by a problem in the application
/GERONIMO-2006
Project: Geronimo
Type: Bug
Security: public (Regular issues)
Components: console
Versions: 1.1
Reporter: Dave Colasurdo
Deploying myApp.war using badPlan.xml (both attached) results in a
non-functioning Show Web App Wars panel.
The console Deploy
[ http://issues.apache.org/jira/browse/GERONIMO-2006?page=all ]
Dave Colasurdo updated GERONIMO-2006:
-
Attachment: stackTrace.log
badPlan.xml
Myapp.war
Deploying an application with an incorrect depolyment plan
[ http://issues.apache.org/jira/browse/GERONIMO-2006?page=all ]
Dave Colasurdo updated GERONIMO-2006:
-
Attachment: badPlan2.xml
Here is another bad plan (badPlan2) that results in a slightly different error
(i.e the deploy panel doesn't refresh
[ http://issues.apache.org/jira/browse/GERONIMO-2006?page=all ]
Dave Colasurdo updated GERONIMO-2006:
-
Summary: Deploying an application with an incorrect deployment plan results
in non-functional admin console panel (was: Deploying an application
Reporter: Dave Colasurdo
Update the G1.1 welcome app..
- Unclutter the initial welcome screen
- Moved replace url information to backup page
- Moved slimmer geronimo info to backup page
- Updated replace url user deployment xml to G1.1 format
- Geronimo-1900 adds a graphic that can
[ http://issues.apache.org/jira/browse/GERONIMO-1976?page=all ]
Dave Colasurdo updated GERONIMO-1976:
-
Attachment: welcome-app.patch
Change Welcome Application for G1.1
---
Key: GERONIMO-1976
[
http://issues.apache.org/jira/browse/GERONIMO-1976?page=comments#action_12377630
]
Dave Colasurdo commented on GERONIMO-1976:
--
BTW, the patch should get applied to /applications/welcome/src/webapp/
Thanks
Change Welcome Application for G1.1
[
http://issues.apache.org/jira/browse/GERONIMO-1900?page=comments#action_12377441
]
Dave Colasurdo commented on GERONIMO-1900:
--
I still have a general uneasy feeling about this overall approach for the
default examples.
Prasad has done a good
Versions: 1.1
Reporter: Dave Colasurdo
User applications should be moved out of the Geronimo repository (i.e.
/Geronimo-1.1/repository/geronimo )..
This may be as simple as changing the sample/default deployment plans to
contain a common groupid name.
I'd recommend a short simple
Aaron Mulder wrote:
On 4/28/06, Dain Sundstrom [EMAIL PROTECTED] wrote:
Can we simplify the welcome application for the server? I find the
shear amount of text on the page overwhelming. I'm hoping we can
push the fine detail of to secondary pages.
Do you have a proposal for what should go
) will result in the user applications being
separated from the geronimo plumbing by naming convention without any
code impact..
-Dave-
Dave Colasurdo wrote:
This reminds me of a topic from a few weeks ago.. Is there a JIRA open
to address separating the end user applications from the geronimo
Users that deploy DayTrader or use CORBA EJBS will still encounter
problems when using JDK 1.5.
Is it possible to spit out some sort of conditional warning such as JDK
1.5 not supported for CORBA and DayTrader application not supported on
JDK 1.5 for these cases?
Or at least tone down the
This reminds me of a topic from a few weeks ago.. Is there a JIRA open
to address separating the end user applications from the geronimo
internal plumbing?
Specifically, /Geronimo-1.1/repository/geronimo/ seems like a strange
spot for end user applications. Searching for deployed
[
http://issues.apache.org/jira/browse/GERONIMO-1884?page=comments#action_12376249
]
Dave Colasurdo commented on GERONIMO-1884:
--
Reopened ...so that most recent comments won't get lost.. -Dave-
Samples not installed properly in G1.1 - several
[
http://issues.apache.org/jira/browse/GERONIMO-1884?page=comments#action_12376064
]
Dave Colasurdo commented on GERONIMO-1884:
--
Thanks Aaron!!
The servlet and jsp examples seem to install and start fine with the latest
build..
A few comments
: sample apps
Versions: 1.1
Reporter: Dave Colasurdo
Priority: Critical
IT appears that the Geronimo samples have recently been removed from the
default distributions and replaced with the ability to download them through
the admin console. There are several issues that need
continuum wrote:
[snip]
BUILD FAILED
File.. /home/continuum/continuum-1.0.2/apps/continuum/work/68/maven.xml
Element... maven:reactor
Line.. 63
Column -1
Unable to obtain goal [multiproject:install-callback] --
at : Thursday, April 20, 2006 10:35:52 AM EDT
On Apr 20, 2006, at 9:01 AM, Dave Colasurdo wrote:
continuum wrote:
[snip]
BUILD FAILED
File..
/home/continuum/continuum-1.0.2/apps/continuum/work/68/maven.xml
Element... maven:reactor
Line.. 63
Column -1
Unable to obtain goal
CARs). Are you sure you're getting the
SerializedConfigurationMarshaler error in j2ee-installer? (That part
is buried a bit further down the stack trace.)
Thanks,
Aaron
On 4/20/06, Dave Colasurdo [EMAIL PROTECTED] wrote:
Manually building the j2ee-server-tomcat and j2ee-server-jetty
a coordination error, ie, node1 requested state from
node2, but node2 didn't know about node1, and that caused the stack
trace from below.
Filip
Dave Colasurdo wrote:
Thanks Filip!!
http://mail-archives.apache.org/mod_mbox/tomcat-users/200512.mbox/[EMAIL PROTECTED]
seems to indicate
and testing for the clustering piece.
Filip
Dave Colasurdo wrote:
Jeff Genender wrote:
I would vote for not moving to 5.5.16 for 1.1. IMHO, its too close. We
did some preliminary testing for 5.5.15 and it seems ok...and we will
know in the next several days if its good to bake in to 1.1
remember right, the 5.5.9 clustering GBeans will work on forward
versions. So I don't think there is a problem there. HEAD has been set
to 5.5.15 for quite some time.
Nevertheless, it doesn't hurt to try em out ;-)
Jeff
Dave Colasurdo wrote:
Jeff (et al.),
Will G1.1 definitely be upgraded
-
Jeff Genender wrote:
Dave,
Thanks for doing this.
Jeff
Dave Colasurdo wrote:
I've validated that the Geronimo clustering example
(http://opensource.atlassian.com/confluence/oss/display/GERONIMO/Geronimo+Clustering+Example)
still works for Geronimo 1.1 (with Tomcat 5.5.9). The application
change,
this was corrected in 5.5.16.
I would run the tests again that version, and then I can help you out
with any problems you run into.
Filip
Dave Colasurdo wrote:
Jeff,
Upgraded tomcat, tomcat_ajp and jasper to 5.5.15 and ran the
clustering tests.
The *good* news...
Load balancing
windows.
5.5.17 is expected to be cut on friday and voted stable eventually 1-2
weeks later.
Jeff Genender wrote:
Yep...need to update the plan. Its updated in trunk.
Dave Colasurdo wrote:
It appears that G1.1 is still using Tomcat 5.5.9
http://svn.apache.org/repos/asf/geronimo/branches/1.1
to update the plan. Its updated in trunk.
Dave Colasurdo wrote:
It appears that G1.1 is still using Tomcat 5.5.9
http://svn.apache.org/repos/asf/geronimo/branches/1.1/etc/project.properties
Wasn't a tomcat upgrade to 5.5.15 in plan for G1.1?? Perhaps I am
confused with the plans for trunk
It appears that G1.1 is still using Tomcat 5.5.9
http://svn.apache.org/repos/asf/geronimo/branches/1.1/etc/project.properties
Wasn't a tomcat upgrade to 5.5.15 in plan for G1.1?? Perhaps I am
confused with the plans for trunk.. ??
Thanks
-Dave-
I believe it's important to keep the CARs expanded as I suspect users
(in development mode) would want the ability to easily update JSPs and
classes without redeploying. I also think Dain's suggestion to shrink
the path length is the right approach.. Other comments below..
-Dave-
Dain
The welcome app, servlets-examples, jsp-examples and ldap-demo work fine
(unchanged) for both tomcat and jetty with the latest G1.1 build.. Will
now try the clustering example and others..
-Dave-
The long file path problem on the windows platform isn't limited to
building G1.1 on this platform. The current images are incompatible
with windows even when the images are generated on a different platform..
Specifically, I built G1.1 on linux and then FTP'd the generated windows
image
)
The problem isn't with the unzip program.. The problem is that the
images have files with path lengths that exceed the current limit of 256
for the windows platform..
-Dave-
Dain Sundstrom wrote:
What if you unpack with jar -xf?
-dain
On Apr 6, 2006, at 1:07 PM, Dave Colasurdo wrote
I took a quick swag at identifying the current package levels in
Geronimo 1.0 and 1.1 as well as identifying the most recent stable build
for each package. It may be useful to reference the table when
determining which packages we should upgrade for G1.1, 1.2 , etc..
Here's the link:
Can you please elaborate a bit more on what exactly this provides?
Can I now have two separate instances each with their own unique
applications/configurations/logs (i.e. config-store, deploy and var
directories) sharing the same geronimo installation binaries (i.e. bin,
lib and repository
Anyone have any insight on the following error when issuing
m:fresh-checkout on the 1.0 branch? I'm seeing it on two different
machines..
Thanks
-Dave-
AUM:/home/davecola/geronimo_1.0_branch_try2 # maven m:fresh-checkout
__ __
| \/ |__ _Apache__ ___
| |\/| / _` \ V / -_) ' \ ~
Ah.. just found Jacek's post on this subject from yesterday..
Dave Colasurdo wrote:
Anyone have any insight on the following error when issuing
m:fresh-checkout on the 1.0 branch? I'm seeing it on two different
machines..
Thanks
-Dave-
AUM:/home/davecola/geronimo_1.0_branch_try2 # maven
[
http://issues.apache.org/jira/browse/GERONIMO-1577?page=comments#action_12365077
]
Dave Colasurdo commented on GERONIMO-1577:
--
The Izpack guy(s) are looking into item 1 (dependencies and indentation) and
will get back to us on Monday
Installer - User Interface changes
--
Key: GERONIMO-1577
URL: http://issues.apache.org/jira/browse/GERONIMO-1577
Project: Geronimo
Type: Improvement
Components: installer
Versions: 1.0.1, 1.1
Reporter: Dave Colasurdo
Erik Daughtrey wrote:
On Wednesday 01 February 2006 03:09, David Jencks wrote:
On Jan 31, 2006, at 9:08 PM, John Sisson wrote:
1) In the 1.0 branch I noticed that an installer installation has
geronimo/repository/geronimo/cars directory (containing approx 42
MB of car files) but the tomcat
We also need to decide whether Geronimo will provide any of the following:
-Incremental Update - Provide a mechanism that allows users to apply
fixes from a dot release to an existing *binary* installation (e.g.
apply 2.0.1 fixes (jars) to an existing 2.0 installation)
-Migration - Provide a
As far as directory structure, it seems that WebSphere separates the
binaries (e.g. jars, scripts) from the instance data. Each instance has
it's own copy of configuration data, installed applications, logs and
properties. The scripts (e.g. startup/shutdown) are also available in
each
the difference. One can refer to them as options
available for later configuration (disk bloat) and options for runtime
configuration (memory bloat). I'd leave it simple for now.
david jencks
Joe
Dave Colasurdo wrote:
Erik Daughtrey wrote:
Dave, Thanks for the comments...
I made comments below
[
http://issues.apache.org/jira/browse/GERONIMO-1540?page=comments#action_12364086
]
Dave Colasurdo commented on GERONIMO-1540:
--
It appears the corruption of the war file was a temporary JIRA problem. The
same war file looks fine today. Please
Fix security vulnerability in jsp-examples
--
Key: GERONIMO-1540
URL: http://issues.apache.org/jira/browse/GERONIMO-1540
Project: Geronimo
Type: Bug
Reporter: Dave Colasurdo
Oliver Karow has reported a cross-site
[ http://issues.apache.org/jira/browse/GERONIMO-1540?page=all ]
Dave Colasurdo updated GERONIMO-1540:
-
Component: sample apps
Version: 1.0.1
1.1
Fix security vulnerability in jsp-examples
[
http://issues.apache.org/jira/browse/GERONIMO-1540?page=comments#action_12364003
]
Dave Colasurdo commented on GERONIMO-1540:
--
The Tomcat team has fixed this in their open builds (but *not* in Tomcat
5.5.15). I've extracted the latest Tomcat
[ http://issues.apache.org/jira/browse/GERONIMO-1540?page=all ]
Dave Colasurdo updated GERONIMO-1540:
-
Attachment: jsp-examples.patch
geronimo-jsp-examples-tomcat-5.5.15-plus.war
Fix security vulnerability in jsp-examples
[ http://issues.apache.org/jira/browse/GERONIMO-1540?page=all ]
Dave Colasurdo updated GERONIMO-1540:
-
Geronimo Info: [Patch Available]
Fix security vulnerability in jsp-examples
--
Key: GERONIMO
[
http://issues.apache.org/jira/browse/GERONIMO-1540?page=comments#action_12364012
]
Dave Colasurdo commented on GERONIMO-1540:
--
The original warfile that I've attached seems to work fine on my machine (and
another) though appears to be corrupted
Looks like the Installer has made quite a bit of progress. Thanks Erik!!
I'd like to suggest a few Usabality changes to the current installer..
I'm sure you are already aware of many of these and have plans to update
them. Just wanted to provide some input based on my first impression.
BTW,
Concerning the CSS vulnerability, attached is my correspondence with the
Tomcat team..
My original email**
Original Message
Subject: Possible Security exposure with Tomcat 5.5.15-beta
Date: Tue, 17 Jan 2006 14:46:06 -0500
From: Dave Colasurdo [EMAIL PROTECTED
Snippets from another offline conversation with the Tomact folks..
Has Tomcat (the container) considered checking input URIs for scripting
tags and rendering them innocuous by substitution (e.g. script --
lt;scriptgt;) therefore never writing back scripting tags to the
browser? Are there
I've confirmed that the cross-site scripting problem also occurs in
jsp-examples in pure Tomcat 5.5.12 without Geronimo.
-Dave-
Jacek Laskowski wrote:
2006/1/17, oliver karow [EMAIL PROTECTED]:
Hi Oliver,
I think it belongs to dev now.
The first one is a classical cross-site scripting in
Jeff Genender wrote:
Since Tomcat claims to fix this in v5.5.7, we may have to implement the
tactical solution in our apps till we move to Tomcat 5.5.7.
We currently use 5.5.9, so I would assume this has been tended too. Has
anybody examined this to be the case (or not)?
Ran a quick
1 - 100 of 221 matches
Mail list logo