On Tue, 2007-06-12 at 19:50 +0200, Mladen Turk wrote:
Jean-Frederic wrote:
Add ForwardURIProxy to the URl handling option.
common/jk_url.c is just a porting of the routines
from proxy_util.c (Apache httpd).
After quite a few discussions, I think this should be the only mode
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=42648.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=42648.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=42648.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
On Wed, 2007-06-13 at 12:04 +0200, Remy Maucherat wrote:
Costin Manolache wrote:
setTimeout() is not optional (the javadoc is out of date, sorry), there
was an agreement on that earlier. Timeout sets the connection timeout,
which is most likely useful even if there are events. It's quite
Mladen Turk wrote:
Why?
Let's stop a bit and test things before.
Jean-Frédéric has of course done extended testing before proposing this
:) The original patch was meant to close the security problem as soon
as possible, but in the end has a bad behavior and should be reverted.
Jean-Frédéric
Remy Maucherat wrote:
Mladen Turk wrote:
Why?
Let's stop a bit and test things before.
Jean-Frédéric proposes implementing the same behavior as mod_proxy, so I
don't see how this can be a bad thing.
First of all I didn't said it's a bad thing or anything like that.
We need the same behavior
Bill Barker wrote:
Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Bill Barker wrote:
Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
so if we are not going to build the class, why would we include it in
SVN
Filip Hanik - Dev Lists wrote:
My changes to the AJP Connectors are pretty much harmless for anything
that currently works. Tomcat will do exactly the same thing it always
has unless the request body is over 2GB. Currently, mod_jk can't
handle this case anyway, and the reporter of BZ 42608
Author: fhanik
Date: Wed Jun 13 09:55:27 2007
New Revision: 546952
URL: http://svn.apache.org/viewvc?view=revrev=546952
Log:
Fix for BZ 42648
http://issues.apache.org/bugzilla/show_bug.cgi?id=42648
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/transport/nio/NioReplicationTask.java
Author: fhanik
Date: Wed Jun 13 10:00:21 2007
New Revision: 546955
URL: http://svn.apache.org/viewvc?view=revrev=546955
Log:
fix for BZ 42648
http://issues.apache.org/bugzilla/show_bug.cgi?id=42648
Modified:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=42648.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
Author: fhanik
Date: Wed Jun 13 10:05:14 2007
New Revision: 546958
URL: http://svn.apache.org/viewvc?view=revrev=546958
Log:
fix for BZ 42650
http://issues.apache.org/bugzilla/show_bug.cgi?id=42650
Modified:
Author: fhanik
Date: Wed Jun 13 10:07:06 2007
New Revision: 546959
URL: http://svn.apache.org/viewvc?view=revrev=546959
Log:
fix for BZ 42650
http://issues.apache.org/bugzilla/show_bug.cgi?id=42650
Modified:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=42650.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
On 6/13/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:
Costin Manolache wrote:
For a separate opinion:
In the trunk version:
- the '...' and array return seem strange and generate GC ( not a big
issue
those days, but still inconsistent with the
rest of tomcat )
yes, its a new
On 6/13/07, Remy Maucherat [EMAIL PROTECTED] wrote:
Costin Manolache wrote:
setTimeout() is not optional (the javadoc is out of date, sorry), there
was an agreement on that earlier. Timeout sets the connection timeout,
which is most likely useful even if there are events. It's quite
Author: fhanik
Date: Wed Jun 13 13:47:56 2007
New Revision: 547022
URL: http://svn.apache.org/viewvc?view=revrev=547022
Log:
Tagging Tomcat version TOMCAT_5_5_24.
Added:
tomcat/connectors/tags/tc5.5.x/TOMCAT_5_5_24/
- copied from r547021, tomcat/connectors/trunk/
Author: fhanik
Date: Wed Jun 13 13:48:06 2007
New Revision: 547023
URL: http://svn.apache.org/viewvc?view=revrev=547023
Log:
Tagging Tomcat version TOMCAT_5_5_24.
Added:
tomcat/container/tags/tc5.5.x/TOMCAT_5_5_24/
- copied from r547022, tomcat/container/tc5.5.x/
Author: fhanik
Date: Wed Jun 13 13:48:26 2007
New Revision: 547025
URL: http://svn.apache.org/viewvc?view=revrev=547025
Log:
Tagging Tomcat version TOMCAT_5_5_24.
Added:
tomcat/servletapi/tags/servlet2.4-jsp2.0-tc5.x/TOMCAT_5_5_24/
- copied from r547024,
Author: fhanik
Date: Wed Jun 13 13:48:36 2007
New Revision: 547026
URL: http://svn.apache.org/viewvc?view=revrev=547026
Log:
Tagging Tomcat version TOMCAT_5_5_24.
Added:
tomcat/site/tags/TOMCAT_5_5_24/
- copied from r547025, tomcat/site/trunk/
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.24/
will let these sit to mid next week, and then we can take a vote.
feedback between now and then is welcome at any time.
Filip
-
To unsubscribe, e-mail: [EMAIL
Author: fhanik
Date: Wed Jun 13 15:51:56 2007
New Revision: 547055
URL: http://svn.apache.org/viewvc?view=revrev=547055
Log:
added simple example code snippets to comet usage
Modified:
tomcat/trunk/webapps/docs/aio.xml
Modified: tomcat/trunk/webapps/docs/aio.xml
URL:
here we go, some examples
http://people.apache.org/~fhanik/tomcat/aio.html#Example%20code%20snippets
and the entire document has been updated to reflect most changes
http://people.apache.org/~fhanik/tomcat/aio.html
Filip
Filip Hanik - Dev Lists wrote:
I'll work on some examples to
Sounds better - but as Remy explained you would first need to explain
why blocking is needed in this context and how to deal with the
confusion
of mixing blocking and non-blocking for users, and the implementation
complexities it adds.
trunk doesn't mix them. a comet connection is either
Author: markt
Date: Wed Jun 13 18:55:09 2007
New Revision: 547077
URL: http://svn.apache.org/viewvc?view=revrev=547077
Log:
Fix XSS issue in Manager and Host Manager. This is CVE-2007-2450.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Author: billbarker
Date: Wed Jun 13 18:56:16 2007
New Revision: 547078
URL: http://svn.apache.org/viewvc?view=revrev=547078
Log:
Porting large-file support for the AJP Connectors from 5.5
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
Author: markt
Date: Wed Jun 13 18:57:01 2007
New Revision: 547079
URL: http://svn.apache.org/viewvc?view=revrev=547079
Log:
Ignore local build properties
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
Propchange: tomcat/tc6.0.x/trunk/
Author: markt
Date: Wed Jun 13 19:01:19 2007
New Revision: 547081
URL: http://svn.apache.org/viewvc?view=revrev=547081
Log:
Fix XSS issues in snoop.jsp. This is CVE-2007-2449. Some of these are harder
(impossible?) to exploit than others but doing all of them means there won't be
another XSS
Author: markt
Date: Wed Jun 13 19:12:38 2007
New Revision: 547083
URL: http://svn.apache.org/viewvc?view=revrev=547083
Log:
Port fix for XSS issues in snoop.jsp. This is CVE-2007-2449.
Modified:
tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp
Author: markt
Date: Wed Jun 13 19:13:59 2007
New Revision: 547085
URL: http://svn.apache.org/viewvc?view=revrev=547085
Log:
Port fix for XSS issue in Manager. This is CVE-2007-2450.
Modified:
Author: markt
Date: Wed Jun 13 19:14:55 2007
New Revision: 547087
URL: http://svn.apache.org/viewvc?view=revrev=547087
Log:
Port fix for XSS issues in snoop.jsp. This is CVE-2007-2449.
Modified:
tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp
Author: markt
Date: Wed Jun 13 19:17:22 2007
New Revision: 547088
URL: http://svn.apache.org/viewvc?view=revrev=547088
Log:
Port fix for XSS issue in Manager. This is CVE-2007-2450.
Modified:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples
Severity: low (cross-site scripting)
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to
Author: billbarker
Date: Wed Jun 13 19:55:26 2007
New Revision: 547096
URL: http://svn.apache.org/viewvc?view=revrev=547096
Log:
Porting large-file support for the AJP Connectors from 5.5
Modified:
tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
35 matches
Mail list logo
