https://bz.apache.org/bugzilla/show_bug.cgi?id=66541
--- Comment #1 from Tom Whitmore ---
To clarify:
* The OSGi URLs are now having CachedResourceURLStreamHandler (which inherits
from java.net.URLStreamHandler) hash them; this attempts to resolve their
Hostnames, where the OSGi (Equinox)
https://bz.apache.org/bugzilla/show_bug.cgi?id=66541
Bug ID: 66541
Summary: CachedResource for OSGi URL resources changes URL
hashing behavior & exacerbates DNS issues
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch
dependabot/maven/modules/openssl-java17/org.apache.tomcat-tomcat-catalina-9.0.72
in repository https://gitbox.apache.org/repos/asf/tomcat.git
at 505b0aa65c Bump tomcat-catalina from
dependabot[bot] opened a new pull request, #602:
URL: https://github.com/apache/tomcat/pull/602
Bumps tomcat-catalina from 9.0.68 to 9.0.72.
[![Dependabot compatibility
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch
dependabot/maven/modules/openssl-foreign/org.apache.tomcat-tomcat-catalina-9.0.72
in repository https://gitbox.apache.org/repos/asf/tomcat.git
at af2eba2840 Bump tomcat-catalina from
dependabot[bot] opened a new pull request, #603:
URL: https://github.com/apache/tomcat/pull/603
Bumps tomcat-catalina from 9.0.68 to 9.0.72.
[![Dependabot compatibility
FYI, this was a failure to receive a response from
https://jakarta.ee/specifications/platform/10/apidocs/
Nothing to see here. Move along...
Mark
On 22/03/2023 18:42, build...@apache.org wrote:
Build status: BUILD FAILED: compile (failure)
Worker used: bb_worker2_ubuntu
URL:
Build status: BUILD FAILED: compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/44/builds/729
Blamelist: Mark Thomas
Build Text: compile (failure)
Status Detected: new failure
Build Source Stamp: [branch 10.1.x] afd98cc8f36be9cbe92d6960344676d947f6087c
Steps:
https://bz.apache.org/bugzilla/show_bug.cgi?id=66535
--- Comment #3 from Mark Thomas ---
This is the commit that introduced maxValidTime
https://github.com/apache/tomcat/commit/4364cbc8d1f5cc6dbe9be0132d92e593ef67346c
Having looked at the commit, I think the intention could be taken to be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 079aff3eab Code clean-up. Reformatting. No
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new aeed29e58a Code clean-up. Reformatting. No
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new afd98cc8f3 Code clean-up. Reformatting. No
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e7cd552c75 Code clean-up. Reformatting. No
https://bz.apache.org/bugzilla/show_bug.cgi?id=66536
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 1d29e7940b Fix BZ 66536 - tag directives could be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d7d4ea51af Fix BZ 66536 - tag directives could be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 46188bfd9c Fix BZ 66536 - tag directives could be
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 6029b5e9f7 Fix BZ 66536 - tag directives could
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 66a9a3d437 Remove spaces
66a9a3d437 is described
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8b52ae7a55 Remove spaces
8b52ae7a55 is described
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 5d1c1ac2c7 Remove spaces
5d1c1ac2c7 is described
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 10fb0de3a5 Update handling of sensitive methods
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from ac33fb7ba3 Fix formatting in XML source that results in an unwanted
space in the final documentation.
new
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d81dc233b5d7433576c5c1cca7712e16358b5c9c
Author: Mark Thomas
AuthorDate: Wed Mar 22 15:00:40 2023 +
Update
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3d6196c22ad24e28f3a5bdf7f312bdfd0d9ea8d4
Author: Mark Thomas
AuthorDate: Wed Mar 22 14:56:46 2023 +
Update
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4f10a86dee Update handling of sensitive methods for
https://bz.apache.org/bugzilla/show_bug.cgi?id=66536
Holger Klawitter changed:
What|Removed |Added
Summary|tagsfiles seem to be|tagsfiles seem to be
https://bz.apache.org/bugzilla/show_bug.cgi?id=66536
Holger Klawitter changed:
What|Removed |Added
Version|9.0.69 |9.0.73
--
You are receiving this
Any more thoughts on this?
There hasn't been much movement from the spec EG on this, so my current
thinking is to revert this change for 10.1.x and earlier to wait and see
what the Servlet EG decides.
Mark
On 15/03/2023 15:05, Mark Thomas wrote:
On 15/03/2023 11:22, Konstantin Kolinko
CVE-2023-28708 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M2
Apache Tomcat 10.1.0-M1 to 10.1.5
Apache Tomcat 9.0.0-M1 to 9.0.71
Apache Tomcat 8.5.0 to 8.5.85
Description:
When using the
Author: markt
Date: Wed Mar 22 10:06:58 2023
New Revision: 1908633
URL: http://svn.apache.org/viewvc?rev=1908633=rev
Log:
Publish CVE-2023-28708
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-11.html
tomcat/site/trunk/docs/security-8.html
On 21/03/2023 17:35, Christopher Schultz wrote:
I'm curious about this.
How is a "functional interface" (i.e. all methods are abstract, except
for those which were originally-defined in java.lang.Object and for some
reason overridden to be abstract in this functional-interface) different
32 matches
Mail list logo
