DO NOT REPLY [Bug 42460] - java.lang.NoClassDefFoundError: org/dom4j/Branch

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: [ANN] Apache Tomcat JK 1.2.23 Web Server Connector released

Guenter Knauf wrote: > this makes me ask a couple of questions: Remember we only *have* to make the source available. Anything we do on the binary front is just being helpful and the release manager is unlikely to have access to build binaries for all platforms. > 1) why do some folders list older

Possible bug with ETag in 304 responses - dev input requested

An issue came up on the Tomcat Users list about ETag headers and 304 responses. It seems (to me at least) there's a bug in Tomcat. Can someone tell me if my analysis is correct? I would appreciate input from developers who really know how this stuff is supposed to work. The issue was originally r

Re: [ANN] Apache Tomcat JK 1.2.23 Web Server Connector released

Hi all, > The Apache Tomcat team is pleased to announce the immediate availability > of version 1.2.23 of the Apache Tomcat Connectors. somehow I've a problem with our distribution directories.. currently I see: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/aix/ empty folde

DO NOT REPLY [Bug 42460] New: - java.lang.NoClassDefFoundError: org/dom4j/Branch

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: Problem with org.apache.coyote.Request ?

"Ted Kirby" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I sent this to user list a few days ago, and got no response. The dev > list is probably a better place for it. If the notes array isn't initialized to null, then that means that you have a problem with your JVM. The not

DO NOT REPLY [Bug 42459] - Tomcat Web Application Manager table error

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 42459] New: - Tomcat Web Application Manager table error

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Fwd: Problem with org.apache.coyote.Request ?

I sent this to user list a few days ago, and got no response. The dev list is probably a better place for it. I also see I forgot to attach my patch, which I will do now. Ted Kirby -- Forwarded message -- From: Ted Kirby <[EMAIL PROTECTED]> Date: May 16, 2007 11:02 AM Subject:

Re: Improving mod_jk URI forwarding

Maybe that helps: mod_proxy_ajp (httpd 2.2.4) does something very similar. In mod_proxy_ajp.c function proxy_ajp_canon() calls ap_proxy_canonenc(). This function for a reverse proxy request does encode a couple of chars in the already decoded URI before forwarding it. It encodes all chars exce

DO NOT REPLY [Bug 42444] - Potential NullPointerException in org.apache.catalina.valves.AccessLogValve

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

svn commit: r539787 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/valves/AccessLogValve.java webapps/docs/changelog.xml

Author: funkman Date: Sat May 19 11:31:09 2007 New Revision: 539787 URL: http://svn.apache.org/viewvc?view=rev&rev=539787 Log: bug 42444: prevent NPE Patch provided by Nils Hammar (funkman) Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/AccessLogValve.java tomcat/tc6.0.x

Re: Improving mod_jk URI forwarding

Mladen Turk wrote: Rainer Jung wrote: OK Mladen, I understand that, but I think it's not correct. Might be. But: none of the existing options does the right thing. That's why I suggested another way of handling the forward. I think my sugeggested variant "forward r->uri with encoded '%'"

Re: Improving mod_jk URI forwarding

Rainer Jung wrote: OK Mladen, I understand that, but I think it's not correct. Might be. But: none of the existing options does the right thing. That's why I suggested another way of handling the forward. I think my sugeggested variant "forward r->uri with encoded '%'" is the right way of

DO NOT REPLY [Bug 42424] - Missing Hint about Adblock in the docs/FAQs

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 42434] - JSP wraps RuntimeException in ServletException

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: Improving mod_jk URI forwarding

Look, what I'm saying is that we should simplify all the JkOptions ForwardURI* . IMHO they all originate from the fact that uri in the Apache can come from multiple pre-processing stages that modify the original URI. The solution is very simple but it would require that we write the URI decoder. W

Re: Improving mod_jk URI forwarding

Rainer Jung wrote: Mladen Turk wrote: You got me wrong. I suggest we decode the encoded uri, do mapping, remove ;jsessionid=xxx and send that to the Tomcat. This way tomcat won't have double encoding issue. And it's completely legitimate if we comply to the RFC. This would also solve malicious

DO NOT REPLY [Bug 42438] - Duplicate JSP temp variable declaration when jsp:attribute used in conjunction with custom tags

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: Improving mod_jk URI forwarding

Mladen Turk wrote: Jean-Frederic wrote: What about url like /context-a/../context-b/? There could be a problem if the goal is not to map /context-b. Should we normalise /context-a/../context-b/ to /context-b and then do the mapping. Yes. It would require some programming of course, but it'll

Re: Improving mod_jk URI forwarding

Jean-Frederic wrote: What about url like /context-a/../context-b/? There could be a problem if the goal is not to map /context-b. Should we normalise /context-a/../context-b/ to /context-b and then do the mapping. If the *original* URI is "/context-a/../context-b/" then apache httpd normalizes

Re: Improving mod_jk URI forwarding

Mladen Turk wrote: You got me wrong. I suggest we decode the encoded uri, do mapping, remove ;jsessionid=xxx and send that to the Tomcat. This way tomcat won't have double encoding issue. And it's completely legitimate if we comply to the RFC. This would also solve malicious mapping attempts lik

Re: Improving mod_jk URI forwarding

Jean-Frederic wrote: What about url like /context-a/../context-b/? There could be a problem if the goal is not to map /context-b. Should we normalise /context-a/../context-b/ to /context-b and then do the mapping. Yes. It would require some programming of course, but it'll solve the issues wi

Re: Improving mod_jk URI forwarding

On Sat, 2007-05-19 at 18:57 +0200, Rainer Jung wrote: > Jean-Frederic wrote: > > On Sat, 2007-05-19 at 14:27 +0200, Rainer Jung wrote: > >> Hi, > >> > >> now that we changed the default way how to forward URIs from mod_jk to > >> Tomcat (mod_jk 1.2.23) because of a directory traversal issue, I wan

Re: Improving mod_jk URI forwarding

Rainer Jung wrote: Mladen Turk wrote: My proposal is that we make our own decoder if the URI is encoded and then do a match and forward that. As far as I understand you suggestion, this would not help. There's nothing wrong with "our" decoder (the httpd decoder), what's wrong is, that the de

Re: Improving mod_jk URI forwarding

Jean-Frederic wrote: On Sat, 2007-05-19 at 14:27 +0200, Rainer Jung wrote: Hi, now that we changed the default way how to forward URIs from mod_jk to Tomcat (mod_jk 1.2.23) because of a directory traversal issue, I want to propose a better long term solution. What's the problem? ===

Re: Improving mod_jk URI forwarding

On Sat, 2007-05-19 at 14:27 +0200, Rainer Jung wrote: > Hi, > > now that we changed the default way how to forward URIs from mod_jk to > Tomcat (mod_jk 1.2.23) because of a directory traversal issue, I want to > propose a better long term solution. > > What's the problem? > ===

Re: Improving mod_jk URI forwarding

Mladen Turk wrote: My proposal is that we make our own decoder if the URI is encoded and then do a match and forward that. As far as I understand you suggestion, this would not help. There's nothing wrong with "our" decoder (the httpd decoder), what's wrong is, that the decoded URI gets decod

DO NOT REPLY [Bug 42104] - Tomcat crash unespected

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: Improving mod_jk URI forwarding

Rainer Jung wrote: Hi, now that we changed the default way how to forward URIs from mod_jk to Tomcat (mod_jk 1.2.23) because of a directory traversal issue, I want to propose a better long term solution. My proposal is that we make our own decoder if the URI is encoded and then do a match

svn commit: r539768 - /tomcat/connectors/trunk/jk/tools/jkrelease.sh

Author: rjung Date: Sat May 19 08:20:08 2007 New Revision: 539768 URL: http://svn.apache.org/viewvc?view=rev&rev=539768 Log: Fix commandline options for links (at least for Links2). Checked results for NEWS: files generated by elinks and links are the same except for trailing space and indentation

[CVE-2007-1355] Tomcat documentation XSS vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate (Cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 To

svn commit: r539764 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

Author: markt Date: Sat May 19 07:49:57 2007 New Revision: 539764 URL: http://svn.apache.org/viewvc?view=rev&rev=539764 Log: Add information on CVE-2007-1355 Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html

svn commit: r539759 - in /tomcat/container/branches/tc4.1.x/webapps/tomcat-docs/appdev/sample: src/mypackage/Hello.java web/hello.jsp

Author: markt Date: Sat May 19 07:23:07 2007 New Revision: 539759 URL: http://svn.apache.org/viewvc?view=rev&rev=539759 Log: Simplify example. Prevent XSS. Modified: tomcat/container/branches/tc4.1.x/webapps/tomcat-docs/appdev/sample/src/mypackage/Hello.java tomcat/container/branches/tc

svn commit: r539758 - in /tomcat/container/branches/tc5.0.x/webapps/docs/appdev/sample: src/mypackage/Hello.java web/hello.jsp

Author: markt Date: Sat May 19 07:22:21 2007 New Revision: 539758 URL: http://svn.apache.org/viewvc?view=rev&rev=539758 Log: Simplify example. Prevent XSS. Modified: tomcat/container/branches/tc5.0.x/webapps/docs/appdev/sample/src/mypackage/Hello.java tomcat/container/branches/tc5.0.x/we

svn commit: r539757 - in /tomcat/container/tc5.5.x/webapps/docs/appdev/sample: src/mypackage/Hello.java web/hello.jsp

Author: markt Date: Sat May 19 07:18:01 2007 New Revision: 539757 URL: http://svn.apache.org/viewvc?view=rev&rev=539757 Log: Simplify example. Prevent XSS. Modified: tomcat/container/tc5.5.x/webapps/docs/appdev/sample/src/mypackage/Hello.java tomcat/container/tc5.5.x/webapps/docs/appdev/s

svn commit: r539753 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

Author: markt Date: Sat May 19 06:53:25 2007 New Revision: 539753 URL: http://svn.apache.org/viewvc?view=rev&rev=539753 Log: Correct versions affected. Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/xdocs/security-4.xml Modified: tomcat/site/trunk/docs/security-4.html

svn commit: r539752 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-jk.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-jk.xml

Author: markt Date: Sat May 19 06:39:27 2007 New Revision: 539752 URL: http://svn.apache.org/viewvc?view=rev&rev=539752 Log: Add cross-reference to CVE-2007-0450 Minor layout changes for consistency Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html

Improving mod_jk URI forwarding

Hi, now that we changed the default way how to forward URIs from mod_jk to Tomcat (mod_jk 1.2.23) because of a directory traversal issue, I want to propose a better long term solution. What's the problem? === - Access control is often defined in terms of URI prefixes, because

svn commit: r539722 - in /tomcat/connectors/trunk/jk/native: STATUS.txt common/jk_version.h common/portable.h.sample configure.in iis/installer/isapi-redirector-win32-msi.ism iis/isapi_redirect.rc

Author: rjung Date: Sat May 19 02:26:08 2007 New Revision: 539722 URL: http://svn.apache.org/viewvc?view=rev&rev=539722 Log: Version bump after JK release. Modified: tomcat/connectors/trunk/jk/native/STATUS.txt tomcat/connectors/trunk/jk/native/common/jk_version.h tomcat/connectors/tr

svn commit: r539721 - in /tomcat/connectors/trunk/jk/xdocs: index.xml news/20070301.xml

Author: rjung Date: Sat May 19 02:23:24 2007 New Revision: 539721 URL: http://svn.apache.org/viewvc?view=rev&rev=539721 Log: Backport JK 1.2.23 release documents to trunk. (r539263) Modified: tomcat/connectors/trunk/jk/xdocs/index.xml tomcat/connectors/trunk/jk/xdocs/news/20070301.xml Mo