cvs commit: jakarta-tomcat README

jon 00/12/12 23:33:41 Modified:.Tag: tomcat_32 README Log: added trailing slash Revision ChangesPath No revision No revision 1.9.2.3 +1 -1 jakarta-tomcat/README Index: README ==

RE: Compiling JSP's with debugging info in Tomcat 3.3

Hi Craig, I've known this JSR has been going on for quite a while, but is it more than pie in the sky? I thought it was one of those zombie JSRs, like the standard tag library (JSR-052) and the JSP/Servlet benchmark (JSR-039)... Is this an active one that you know of? A big problem with several

Takes Twice to Shutdown Tomcat 3.2.x

Hi fellas, Am I the only one who is having trouble shutting down Tomcat without calling either shutdown or tomcat stop twice or more? Thanks! Regards, Boon

Re: JSSE redistribution

Ain't crypto laws a bitch?  I see your point.  I withdraw my suggestion. Cheers --- Aaron Knauf Implementation Consultant Genie Systems Ltd Auckland, New Zealand Ph. +64-9-573 3310 x812, email: [EMAIL PRO

unsubscribe tomcat-dev

unsubscribe tomcat-dev

Re: cvs commit: jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper Constants.java

"Craig R. McClanahan" wrote: > > Danno Ferrin wrote: > > > > > I think that keeping the import list to what is required by the spec and > > refrencing all of the other object we need to compile by the fully > > qualified name will result in less un-intended colissions. > > > > +1 for importing

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

"Craig R. McClanahan" wrote: > > Glenn Nielsen wrote: > > > Very shortly I will have some updated documents for configuring Tomcat to use > > the Java SecurityManager under various flavors of MS Windows. I would like > > to get this into the 3.2.1 release. > > > > +1 If you can hold off a day s

Re: JSSE redistribution

Aaron Knauf wrote: > > Is there any reason why we can't compile tomcat against JSSE and include the > jars in the tomcat lib directory as part of the standard binary distribution? > This would make it much easier for people to get HTTPS support from tomcat. I > believe that the Sun licence allow

JSSE redistribution

Is there any reason why we can't compile tomcat against JSSE and include the jars in the tomcat lib directory as part of the standard binary distribution?  This would make it much easier for people to get HTTPS support from tomcat.  I believe that the Sun licence allows for redistribution, and US

edit bug #62 by person #0 (logged in as: Nick Bauman)

Bug description modified: Description changed from: > I have a jsp page that submits to itself (for sorting various columns of records) via a relative url with parameters appended to it, as in: When I click on it, tomcat says that it cannot find the jsp file, which doesn't make sense si

BugRat Report #577 was linked to Bug #62(apparently by:Nick Bauman)

BugRat Report #577 was linked to Bug #62 (logged in as:Nick Bauman)

BugRat Report #582 was closed (apparently by: Nick Bauman)

Report #582 was closed by Person #0 Synopsis: cannot send more than 8K to the servlet (logged in as: Nick Bauman)

Re: [ANNOUNCEMENT] Security Related Updates - Tomcat 3.1.1 and Tomcat 3.2.1

Aron Kramlik wrote: > Has there been a definitive list of these security problems with > TC 3.1 or TC 3.2? > The definitive lists of what vulnerabilities were fixed are in the release notes document for each version (file "doc/readme" in the download). Subscribers to TOMCAT-DEV also saw the CVS

BugRat Report #579 was closed (apparently by: Nick Bauman)

Report #579 was closed by Person #0 Synopsis: Tomcat does not launch with given Unix script files (logged in as: Nick Bauman)

BugRat Report #580 was closed (apparently by: Nick Bauman)

Report #580 was closed by Person #0 Synopsis: Tomcat does not launch with given Unix script files (logged in as: Nick Bauman)

RE: [ANNOUNCEMENT] Security Related Updates - Tomcat 3.1.1 and Tomcat 3.2.1

Has there been a definitive list of these security problems with TC 3.1 or TC 3.2? What are the "appropriate contents" of the $TOMCAT_HOME directory that I need to replace for both TC 3.1 and TC 3.2? Aron Kramlik. -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]

BugRat Report #583 has been filed.

Bug report #583 has just been filed. You can view the report at the following URL: REPORT #583 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: feature State: received Priority: high Severity: critical

BugRat Report #582 has been filed.

Bug report #582 has just been filed. You can view the report at the following URL: REPORT #582 Details. Project: Jasper Category: Bug Report SubCategory: New Bug Report Class: feature State: received Priority: high Severity: critical

BugRat Report #581 has been filed.

Bug report #581 has just been filed. You can view the report at the following URL: REPORT #581 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: critical

BugRat Report #580 has been filed.

Bug report #580 has just been filed. You can view the report at the following URL: REPORT #580 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: critical

BugRat Report #579 has been filed.

Bug report #579 has just been filed. You can view the report at the following URL: REPORT #579 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: critical

[ANNOUNCEMENT] Security Related Updates - Tomcat 3.1.1 and Tomcat 3.2.1

Recent investigations and reports have revealed security vulnerabilities in both Tomcat 3.1 and Tomcat 3.2 final releases. To deal with these problems, the Tomcat team has developed maintenance releases, and recommended actions, for each major version. (Tomcat 4.0 milestone 4 shares one of these

nsapi redirector for solaris

Hello All, I am having problems with the netscape redirector shared object, nsapi_redirector.so I have Netscape Enterprise Server 3.6 and Tomcat 3.1 on Solaris 2.7 I was able to compile the redirector, nsapi_redirector.so However, after modifying netscape's obj.conf for tomcat redirection, am not

Monitoring tomcat

What is the best method to monitor the thread number (busy, ready etc.) in ThreadPool? I've changed the class /org/apache/tomcat/util/ThreadPool (just add two methods getCurrent... and one threads that writes out result). Now, has anyone similar need? Is there any possibility to add that feature i

[PATCH] src/org/apache/tomcat/service/LocalStrings.properties

Added some missing HTTP response lines which weren't in my 3.2 tree. At least 423 is needed for Webdav. --- LocalStrings.properties.old Wed Nov 29 20:47:44 2000 +++ LocalStrings.properties Wed Dec 13 05:57:52 2000 @@ -66,9 +66,15 @@ sc.415=Unsupported Media Type sc.416=Requested Range Not S

BugRat Report #578 has been filed.

Bug report #578 has just been filed. You can view the report at the following URL: REPORT #578 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: serious

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Handler.java

costin 00/12/12 14:33:04 Modified:src/facade22/org/apache/tomcat/facade Servlet22Interceptor.java ServletHandler.java src/facade22/org/apache/tomcat/modules/facade22 LoadOnStartupInterceptor.java src/share/or

unsubscribe tomcat-dev

unsubscribe tomcat-dev = Cengiz Kayay WebObjects/JAVA Consultant __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

> > > Tomcat 3.2 final has the following security vulnerabilities that have > > > subsequently been fixed in the CVS repository: > > > * A URL like "http://localhost:8080/examples//WEB-INF/web.xml" can > > > expose sensitive information (note the double slash after "examples"). > > > * The "Show

cvs commit: jakarta-tomcat/src/doc readme

craigmcc00/12/12 13:01:42 Modified:src/doc Tag: tomcat_32 readme Log: Update release notes for Tomcat 3.2.1. Revision ChangesPath No revision No revision 1.8.2.11 +43 -1 jakarta-tomcat/src/doc/readme Index: r

cvs commit: jakarta-tomcat/src/doc readme

craigmcc00/12/12 12:48:38 Modified:src/doc Tag: TOMCAT_31_BRANCH readme Log: Update the release notes document for Tomcat 3.1.1 to clarify what steps are required -- and not required -- to apply the update. Revision ChangesPath No revision No

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request SimpleMapper1.java StaticInterceptor.java

craigmcc00/12/12 12:33:48 Modified:src/share/org/apache/tomcat/request Tag: tomcat_32 SimpleMapper1.java StaticInterceptor.java Log: Fix typos in the corrections for the security vulnerabilities for Tomcat 3.2.1. Submitted by: Arieh Markel <[EMAIL PROTECT

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/startup EmbededTomcat.java

costin 00/12/12 12:21:45 Modified:src/etc server.xml src/facade22/org/apache/tomcat/facade Servlet22Interceptor.java ServletConfigImpl.java WebXmlReader.java src/facade22/org/apache/tomcat/modules/facade22

BugRat Report #577 has been filed.

Bug report #577 has just been filed. You can view the report at the following URL: REPORT #577 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical C

BugRat Report #576 has been filed.

Bug report #576 has just been filed. You can view the report at the following URL: REPORT #576 Details. Project: Jasper Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical C

RE: BugRat Report #528 has been filed.

Before Tomcat 3.2.1 gets released, can someone apply this patch to fix the documentation in the FAQ? -Dave > -Original Message- > From: BugRat Mail System [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 05, 2000 12:52 PM > To: [EMAIL PROTECTED] > Subject: BugRat Report #528 has been

A GUI tool for starting / stopping Tomcat

Hi, I wrote a GUI tool for starting and stopping Tomcat. When developing Web Applications with Tomcat usually you end up restarting Tomcat 10-20 times a day. In order to make this process as quick as possible I wrote Tomcat Panel which is a JFrame that contains three buttons: Start, Stop and Rest

BugRat Report #575 has been filed.

Bug report #575 has just been filed. You can view the report at the following URL: REPORT #575 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical C

cvs commit: jakarta-tomcat-4.0/catalina/docs JDBCRealm-howto.html

nacho 00/12/12 10:41:38 Modified:catalina/docs JDBCRealm-howto.html Log: this is the 4.X branch!!! Revision ChangesPath 1.2 +3 -3 jakarta-tomcat-4.0/catalina/docs/JDBCRealm-howto.html Index: JDBCRealm-howto.html ===

Re: BugRat Report #574 has been filed.

>Synopsis: >Browser issues a "document contains no data" when a secure page is accessed by an >valid, unauthorized user (wrong role). I tested with my HTTP client, and got that : [Slide]$ get /webdav/ Request: GET /webdav/ HTTP/1.1 GET /webdav/ HTTP/1.1 Content-Length: 0 Authorization: Basic

Re: cvs commit: jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper Constants.java

Danno Ferrin wrote: > > I think that keeping the import list to what is required by the spec and > refrencing all of the other object we need to compile by the fully > qualified name will result in less un-intended colissions. > +1 for importing exactly, and only, the "default import list" defin

Re: [TC 4 m4] How can I build ?

Kief Morris wrote: > Pilho Kim typed the following on 23:23 12/12/2000 +0900 > >I cannot download JMX (Java Management Extensions), > >because I reside outside USA. > > I was able to download it from here (UK) without any problem. > I had to register, but it worked. > The "README.txt" file in To

Re: HELP ! building mod_jk with fdatasync...

On Tue, 12 Dec 2000, jackie wrote: > Hello, > I am trying to run tomcat 3.2 with apache 1.3 on Solaris 2.6. I can > make the mod_jk.so by > > apxs -o mod_jk.so -DSOLARIS -I../jk -I/usr/java/include > -I/usr/java/include/solaris -c *.c ../jk/*.c > and then run > gcc -shared -o mod_jk.so *.o >

Re: Compiling JSP's with debugging info in Tomcat 3.3

Larry Isaacs wrote: > > In addition to specifying these JSP options, I'm looking for a way to > alter the defaults that get used when these options aren't specified in > server.xml. My target is to be able run Tomcat in debugging and > non-debugging situations using the same server.xml and witho

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

Glenn Nielsen wrote: > Very shortly I will have some updated documents for configuring Tomcat to use > the Java SecurityManager under various flavors of MS Windows. I would like > to get this into the 3.2.1 release. > > +1 If you can hold off a day so I can get these documents updated > I would

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

Nick Bauman wrote: > On Mon, 11 Dec 2000, Craig R. McClanahan wrote: > > > > > Tomcat 3.2 final has the following security vulnerabilities that have > > subsequently been fixed in the CVS repository: > > * A URL like "http://localhost:8080/examples//WEB-INF/web.xml" can > > expose sensitive inf

BugRat Report #574 has been filed.

Bug report #574 has just been filed. You can view the report at the following URL: REPORT #574 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: serious Co

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

>>> [EMAIL PROTECTED] 12/11/00 06:19PM Over the last three days, a review of published and soon-to-be-published reports>of security vulnerabilities in Tomcat has uncovered a series of problems in the>3.1 final release, and a couple of less serious (but still significant) problems>in 3.2.

cvs commit: jakarta-tomcat-4.0/catalina/docs JDBCRealm-howto.html JDBCRealm.howto

nacho 00/12/12 08:59:29 Added: catalina/docs JDBCRealm-howto.html Removed: catalina/docs JDBCRealm.howto Log: BugReport# 567 Missing JDBCRealm classes from Tomcat Implementation? Submitted by Anonymous Revision ChangesPath 1.1 jakarta

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

I have to agree with Arieh on this one. Coming from an organization that has a very rigerous change management process I know that it can take upwards of 4 months to release a piece of software, let alone a server upgrade that is not just a security fix. If it adds features above and beyond the

BugRat Report #567 was closed (apparently by: Ignacio Ortega)

Report #567 was closed by Person #0 Synopsis: Missing JDBCRealm classes from Tomcat Implementation? (logged in as: Ignacio Ortega)

cvs commit: jakarta-tomcat/src/doc JDBCRealm.howto

nacho 00/12/12 08:49:38 Modified:src/doc Tag: tomcat_32 JDBCRealm.howto Log: BugReport# 567 Missing JDBCRealm classes from Tomcat Implementation? Submitted by Anonymous Revision ChangesPath No revision No revision

How to check if Load Balancing is working ?

I am using Tomcat 3.2 with Apache 1.3.14 on Solarin 8 Intel  / JSK 1.3 and am using ajp13 with Load Balancing.   I am running a single Tomcat instance with Multiple directives for each worker.   Is there any way that I can monitor the Load balancing using either O/s specfic tools (activity

Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request SimpleMapper1.java StaticInterceptor.java

The fix is incorrect. indexOf returns -1 when the substring is not found, not 0. The way the current code is set forces wrong behavior. It should be: (relativePath.indexOf("/META-INF/") != -1) || (relativePath.indexOf("/WEB-INF/") != -1)) Arieh > Mailing-List: contact [EMAIL

Re: cvs commit: jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper Constants.java

Ok, it's taken me a few days to see this one. Why does the list saying that an object is used mean it must be imported? Similarly why shoudlwe import the jasper class when they could potantially conflict with user imported classes? Why can't we jsut use the fully qualified name to refrence t

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > list-help: > list-unsubscribe: > list-post: > Delivered-To: mailing list [EMAIL PROTECTED] > User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

RE: Missing Content-Length-Header using AJP13

I take a look at ajp13 code and Status/Servlet-Engine headers are removed before response to apache server.

Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

"Craig R. McClanahan" wrote: > > Over the last three days, a review of published and soon-to-be-published reports > of security vulnerabilities in Tomcat has uncovered a series of problems in the > 3.1 final release, and a couple of less serious (but still significant) problems > in 3.2. Please

BugRat Report #573 has been filed.

Bug report #573 has just been filed. You can view the report at the following URL: REPORT #573 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: serious

Re: [TC 4 m4] How can I build ?

Pilho Kim typed the following on 23:23 12/12/2000 +0900 >I cannot download JMX (Java Management Extensions), >because I reside outside USA. I was able to download it from here (UK) without any problem. I had to register, but it worked. Kief --- bitBull makes the Internet bite: htt

[TC 4 m4] How can I build ?

Hi, I cannot download JMX (Java Management Extensions), because I reside outside USA. But TC4 needs JMX. How can I build TC4 ? Thanks, Kim

RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

I think that a 3.1.1 should also be updated and release. There are those of us out hear using 3.1 that cannot immediately upgrade to 3.2. In particular, I cannot upgrade right now because of my applications use the old xml parser for my applications (xml.jar) and 3.2 includes the new jax parser.

RE: used bugrat but not all fields filled

Thnaks to indicate your apache version (mod_ssl/ssl) and the export flags. The ajp13 is under heavy fire and many fixes are underway. "Pour la plupart des hommes, se corriger consiste à changer de défauts." -- Voltaire >-Original Message- >From: Heinz Richter [mailto:[EMAIL PROTECTED]]

used bugrat but not all fields filled

report 571 not complete == -- http/ https detection failes when exporting JkEnvVar xxx yyy using the parameter JkEnvVar xxx yyy to submit environment variables from Apache to Tomcat causes tomcat to set scheme a

BugRat Report #571 has been filed.

Bug report #571 has just been filed. You can view the report at the following URL: REPORT #571 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical C

BugRat Report #570 has been filed.

Bug report #570 has just been filed. You can view the report at the following URL: REPORT #570 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical C

BugRat Report #569 has been filed.

Bug report #569 has just been filed. You can view the report at the following URL: REPORT #569 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: low Severity: non-critica

BugRat Report #568 has been filed.

Bug report #568 has just been filed. You can view the report at the following URL: REPORT #568 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: serious

RE: Missing Content-Length-Header using AJP13

Thanks to give more informations (eventually sample code). I've patched ajp13 for bug with multiples cookies. I'm not sure it could fix your problem... "Pour la plupart des hommes, se corriger consiste à changer de défauts." -- Voltaire

RE: What's the Attic

> Did I broke something ? No, the attic is where CVS left files present in previous versions but deleted in the head branch, Saludos , Ignacio J. Ortega

Missing Content-Length-Header using AJP13

Hello, I'm using Tomcat 3.2 (final version) in combination with Apache 1.3.14 and mod_jk. Switching to Ajpv13 protocol two problems concerning the HTTP-Header occur: 1) Content-Length-Field header is missing 2) After status-code 200 the "OK" is missing Using Ajpv12 protocol the HTTP-Header looks

HELP ! building mod_jk with fdatasync...

Hello,     I am trying to run tomcat 3.2 with apache 1.3 on Solaris 2.6. I can make the mod_jk.so by apxs -o mod_jk.so -DSOLARIS -I../jk -I/usr/java/include -I/usr/java/include/solaris -c *.c ../jk/*.c and then run gcc -shared -o mod_jk.so *.o   I receive the error "symbol fdata

Re: Problem to limit the number of connections

Actually, the version of tomcat I use is 3.1. Could this explain that it does not work? Arieh Markel a écrit : > > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > > list-help: > > list-unsubscribe: > > list-post:

RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

>> Proposal #1: Release a Tomcat 3.1.1 that fixes *only* the security >> problems > +1 I'll still be for security updates but release a 3.1.1 could make some users thinking the 3.1 tree is still alive. Could be disturbing some days after 3.2 release. > > >> Proposal #2: Release a Tomcat 3.2.1

[PATCH] Jakarta site release page (was: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2)

Hans Bergsten typed the following on 17:39 11/12/2000 -0800 >+0. Is removing TC 3.1 from the download pages an alternative? There shouldn't >be any reason for anyone to use TC 3.1 now when 3.2 is released. Upgrading to >3.2.1 could be the recommended action for all TC 3.1 users that need to plug >

What's the Attic

Hi, Just commited src/share/org/apache/tomcat/service/connector/Ajp13ConnectorResponse and I saw => Did I broke something ? - hgomez 00/12/12 01:41:45 Modified:src/share/org/apache/tomcat/service/connector Tag: tomcat_32 Ajp13ConnectionHandler.j

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector Ajp13ConnectionHandler.java Ajp13ConnectorRequest.java Ajp13ConnectorResponse.java JNIConnectionHandler.java MsgBuffer.java MsgConnector.java TcpConnector.java

hgomez 00/12/12 01:41:45 Modified:src/share/org/apache/tomcat/service/connector Tag: tomcat_32 Ajp13ConnectionHandler.java Ajp13ConnectorRequest.java Ajp13ConnectorResponse.java JNIConnectio