directory listings
8e725713e8 is described below
commit 8e725713e836caa7fc26a3a3a36134cd4c564c63
Author: Mark Thomas
AuthorDate: Wed May 24 14:11:32 2023 +0100
Fix BZ 66609. Correctly escape XML directory listings
Based on #621 by Alex Kachanov
---
build.xml
directory listings
ae809134ca is described below
commit ae809134ca050ef258b87f25717fe8dcc993af5f
Author: Mark Thomas
AuthorDate: Wed May 24 14:11:32 2023 +0100
Fix BZ 66609. Correctly escape XML directory listings
Based on #621 by Alex Kachanov
---
build.xml
directory listings
46a319e216 is described below
commit 46a319e216c1c7af4af2125c796bc751851619ae
Author: Mark Thomas
AuthorDate: Wed May 24 14:11:32 2023 +0100
Fix BZ 66609. Correctly escape XML directory listings
Based on #621 by Alex Kachanov
---
build.xml
. Correctly escape XML directory listings
Based on #621 by Alex Kachanov
---
build.xml | 4 +-
.../apache/catalina/servlets/DefaultServlet.java | 2 +-
.../catalina/servlets/TestDefaultServlet.java | 34
test/webapp/bug66609
https://issues.apache.org/bugzilla/show_bug.cgi?id=56463
Violeta Georgieva violet...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=56463
Bug ID: 56463
Summary: Allow to disable ServerInfo in directory listings in
DefaultServlet
Product: Tomcat 7
Version: 7.0.53
Hardware: PC
Status: NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=56463
Michael Osipov 1983-01...@gmx.net changed:
What|Removed |Added
OS||All
---
https://issues.apache.org/bugzilla/show_bug.cgi?id=56463
--- Comment #2 from Konstantin Kolinko knst.koli...@gmail.com ---
It is not meant to be security. It is that some people like to hide that
information.
I am just saying that new feature have to be documented.
--
You are receiving this
https://issues.apache.org/bugzilla/show_bug.cgi?id=56405
Bug ID: 56405
Summary: Directory listings are broken in 8.0.x
Product: Tomcat 8
Version: trunk
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
https://issues.apache.org/bugzilla/show_bug.cgi?id=56405
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=54320
--- Comment #4 from Cédrik LIME cedrik.l...@gmail.com ---
Thanks for the heads up, Violeta!
Strangely enough, specifying resourceOnlyServlets=jsp is enough, even though
it is the DefaultServlet that is serving the listing.
As this is a
https://issues.apache.org/bugzilla/show_bug.cgi?id=54320
--- Comment #1 from Violeta Georgieva violet...@apache.org ---
Hi,
I'm going to work on this.
Regards
Violeta
--
You are receiving this mail because:
You are the assignee for the bug.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54320
--- Comment #2 from Violeta Georgieva violet...@apache.org ---
Hi,
You still can achieve directory listing and strict servlet compliance together.
You need to add in the context.xml additional configuration -
https://issues.apache.org/bugzilla/show_bug.cgi?id=54320
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=54320
Bug ID: 54320
Summary: Regression: can not activate activate directory
listings parameter for DefaultServlet
STRICT_SERVLET_COMPLIANCE
Product: Tomcat 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=53854
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=53854
Daniel Mikusa dmik...@vmware.com changed:
What|Removed |Added
Attachment #29357|0 |1
is
https://issues.apache.org/bugzilla/show_bug.cgi?id=53854
--- Comment #4 from Mark Thomas ma...@apache.org ---
The patch is not functionally correct for FileDirContext and still does not
address the root cause.
Issue include:
- ignores WARDirContext
- ignores 3rd party sub-classes
- does not use
https://issues.apache.org/bugzilla/show_bug.cgi?id=53854
--- Comment #2 from Mark Thomas ma...@apache.org ---
The proposed patch fixes the symptom rather than the cause. The fix needs to be
in BaseDirContext and other classes in the same package.
--
You are receiving this mail because:
You are
https://issues.apache.org/bugzilla/show_bug.cgi?id=53854
Priority: P2
Bug ID: 53854
Assignee: dev@tomcat.apache.org
Summary: DefaultServlet directory listings for aliased
directories do not seem to work
Severity: minor
https://issues.apache.org/bugzilla/show_bug.cgi?id=53854
--- Comment #1 from Daniel Mikusa dmik...@vmware.com ---
Created attachment 29357
-- https://issues.apache.org/bugzilla/attachment.cgi?id=29357action=edit
Patch to DefaultServlet to workaround the error.
I was able to work around this
-servlet.html#dir
Finally, as you probably know directory listings are easy to disable: see
http://marc.theaimsgroup.com/?l=tomcat-userm=105525007220640w=2 for example
of
the one setting change required. For others concerned about this DoS (and I
don't think there are any, seeing as how no one else
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=38128.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
background processing. One approach that comes to
mind is a no-op XSLT for customizations, as documented in
http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html#dir
Finally, as you probably know directory listings are easy to disable: see
http://marc.theaimsgroup.com/?l=tomcat-userm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=38128.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=38128.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=38128.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
Is no interest in merging this patch? I'd like to see it accepted, so if
there is anything I can do, please let me know.
On Fri, 2005-12-02 at 11:23 -0500, Rafael H. Schloming wrote:
Attached is an updated patch for the directory listings cache. I've made
the following changes:
* the cache
me know.
On Fri, 2005-12-02 at 11:23 -0500, Rafael H. Schloming wrote:
Attached is an updated patch for the directory listings cache. I've made
the following changes:
* the cache is now implemented in a separate class
(org.apache.catalina.util.ExpiringCache)
* added the following
/show_bug.cgi?id=38128
Summary: directory listings DoS
Product: Tomcat 5
Version: 5.5.14
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev
/show_bug.cgi?id=38128
--- Additional Comments From [EMAIL PROTECTED] 2006-01-04 22:22 ---
Created an attachment (id=17328)
-- (http://issues.apache.org/bugzilla/attachment.cgi?id=17328action=view)
patch for caching directory listings
This patch addresses the DoS problem and significantly
Attached is an updated patch for the directory listings cache. I've made
the following changes:
* the cache is now implemented in a separate class
(org.apache.catalina.util.ExpiringCache)
* added the following servlet parameters:
- listings-cache [true]
- listings-cache-size
seen
anyone recently complaining about many concurrent directory listings
requests.
I have a couple of requests for the patch, if you don't mind some
feedback. I'd prefer a separate class for the DirectoryListingCache
or whatever you want to call it, with its CacheEntry and rendering
a size limited Map with a 5
second timeout for caching rendered directory listings. My tests show a
significant performance improvement and the server no longer keels over
from OutOfMemory exceptions at higher concurrency levels
34 matches
Mail list logo