I am pleased to announce that the Tomcat 3.2.2 beta 3 release is now
available for download at
http://jakarta.apache.org/builds/tomcat/release/v3.2.2-beta-3
Beta 3 contains a fix for a security hole that has been identified in the
Tomcat 3.2.2 beta 1 and beta 2 releases. The security hole had t
I am pleased to announce that the Tomcat 3.2.2 beta 3 release is now
available for download at
http://jakarta.apache.org/builds/tomcat/release/v3.2.2-beta-3
Beta 3 contains a fix for a security hole that has been identified in the
Tomcat 3.2.2 beta 1 and beta 2 releases. The security hole had t
craigmcc01/04/07 19:33:52
Modified:catalina/src/share/org/apache/catalina Globals.java
webapps/ROOT index.html
Log:
Update version numbers to reflect that we are currently developing towards
a beta 4 release.
Revision ChangesPath
1.23 +5 -5
ja
craigmcc01/04/07 19:32:23
Modified:.RELEASE-NOTES-4.0-B4.txt
Log:
Bring up to date with respect to changes made since beta 3.
Revision ChangesPath
1.2 +45 -1 jakarta-tomcat-4.0/RELEASE-NOTES-4.0-B4.txt
Index: RELEASE-NOTES-4.0-B4.txt
Here's the JDBCStore implementation. To use it change your server.xml to something
like:
You also have to create a table that has the fields id, session. And where id is a
varchar field
and session is a binary field, i.e. Blob. Sort of like:
CREATE TABLE [dbo].[tomcat$sessions] (
marcsaeg01/04/07 18:55:10
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
src/webpages Tag: tomcat_32 index.html
Log:
Changed version numbers to Tomcat 3.2.2 beta 3.
Revision ChangesPath
No
marcsaeg01/04/07 18:51:05
Modified:.Tag: tomcat_32 RELEASE-NOTES
src/doc Tag: tomcat_32 readme
Log:
Updates prior to releasing 3.2.2 beta 3.
Revision ChangesPath
No revision
No revision
1.1.2.4
I took out the inline class CustomObjectInputStream from FileStore and put it in
org.apache.catalina.util since I need it for the JDBCStore too. There's also a
patch for StandardSession.java to return if the stream is null instead of giving
a NullPointerException, maybe it should throw an Exceptio
marcsaeg01/04/07 18:37:57
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 Context.java
src/share/org/apache/tomcat/facade Tag: tomcat_32
ServletContextFacade.java
src/share/org/apache/tomcat/util Tag: tomcat_32 URLUtil.java
craigmcc01/04/07 18:05:19
Modified:catalina/src/conf catalina.policy
Log:
On some JVMs, the "${java.home}" value actually points at "$JAVA_HOME/jre"
instead of "$JAVA_HOME", so the permissions for tools.jar were not getting
processed. Add entries to the SYSTEM CODE PERMISSIONS
Thanks Jay.
I am replying also to get your post contents in text format.
Have fun,
Paulo
-Original Message-
From: Burgess, Jay [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 06, 2001 21:13
I sent Paulo my thoughts offline, and he responded as below. You can find
what you need for "[EMA
remm01/04/07 17:04:00
Modified:catalina/src/share/org/apache/catalina/startup
Bootstrap.java
Log:
- Set the Catalina class loader as the thread context class loader. Make it
possible for classes from the bootstrap loader to load classes from our class
craigmcc01/04/07 16:48:35
Modified:catalina/src/share/org/apache/catalina/core
ApplicationFilterChain.java
Log:
If a filter or servlet throws a security exception when executed under a
security manager, make the ultimate exception report more explicit by in
craigmcc01/04/07 16:08:45
Modified:catalina/src/conf catalina.policy
catalina/src/share/org/apache/catalina/loader
StandardClassLoader.java StandardLoader.java
Log:
Tentative fix for Bugzilla #1219 so that execution under a security
manager w
It would help if you provided the version of Tomcat your using.
I'm pretty sure, however, that your running 3.2.1. This particular bug has
already been fixed in 3.2.2. However, don't rush out to download 3.2.2b2
because I'm just about to release 3.2.2b3 which fixes some additional
security prob
Based on the number of bug reports against FileURLConnection it would appear
that getting this implemented correclty probably isn't trivial.
The double decode problem is caused by calling Context.getResource() for a
name that came from the request URI (servlet path or path info) because
these str
remm01/04/07 15:33:01
Modified:catalina/src/share/org/apache/catalina/core
StandardWrapper.java
Log:
- Change layout.
Revision ChangesPath
1.18 +9 -8
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardWrapper.jav
remm01/04/07 15:11:45
Modified:catalina build.xml
Log:
- Slightly modify the packaging. The factory/Consants.class goes into naming.jar
and the resources now are in a separate JAR (resources.jar).
Revision ChangesPath
1.36 +6 -2 jakarta-tomcat-4.0/catal
Hi,
I posted this to tomcat-user and didn't hear a peep, so I'll try here.
It looks like a bug, so this is the right place for it too.
If I use Netcat to send a raw request to Tomcat (directly, not thru
apache) that looks like the following:
GET /my/directory/my.jsp
I get the JSP source code
Title: RE: 'Just say no to JSP' - Pointer to JSP list
I sent Paulo my thoughts offline, and he responded as below. You can find what you need for "[EMAIL PROTECTED]" at:
http://archives.java.sun.com/archives/jsp-interest.html
Jay
-Original Message-
From: Paulo Gaspar [mailto:[
> Remy Maucherat wrote:
> > [...]
> > >
> > > It's (c) wrong behavior of Tomcat. Remy is currently investigating a
fix
> > > for this.
> >
> > As I said privately, I have a fix. Should I commit it now ?
>
> I'v checked latest CVS (an hour ago) but the problem is still the same
> :/
The example g
On Sat, 7 Apr 2001, Marc Saegesser wrote:
> The problem really lies in the implementation of
> sun.net.www.protocol.file.FileURLConnection. Costin's idea of creating a
> Tomcat implementation that works the way we need it to work has some merit.
> I'll look at what it would take implement a URLC
On Fri, 6 Apr 2001, Craig R. McClanahan wrote:
>
>
> On Fri, 6 Apr 2001, Remy Maucherat wrote:
>
> > > On Fri, 6 Apr 2001, Szymon Stasik wrote:
> > >
> > > >
> > > > Hi
> > > >
> > > > I'm running Tomcat 4.0-b3 (standalone) and have some bit weired problem.
> > > > I know that it is possible
This is similar to what I already implemented. The difficulty arises from
the fact the problem is not apparent until you actually attempt to create
the input stream. I tried lots of variations of creating URLs objects and
then turning them into strings and there was no reliable way to detect the
Mark,
Re: the problem with the fact that some jdk1.2.2
implementations may have the bug and others may not.
Could you possibly put a preamble in a static
initializer that explicitely tests the URL decoding of
some static strings? If the bug occurs, set a (static
final) flag? That would give y
Remy Maucherat wrote:
> [...]
> >
> > It's (c) wrong behavior of Tomcat. Remy is currently investigating a fix
> > for this.
>
> As I said privately, I have a fix. Should I commit it now ?
I'v checked latest CVS (an hour ago) but the problem is still the same
:/
Szymon
Bip Thelin typed the following on 02:35 PM 4/5/2001 -0700
>This is a minor change so you can specify the store to use within server.xml.
Thanks Bip, I've applied these patches. I also added a check in PersistentManager's
start() method to check whether Store is null, since this is the default if
kief01/04/07 03:26:06
Modified:catalina/src/share/org/apache/catalina/startup Catalina.java
Log:
Applied Bip Thelin's <[EMAIL PROTECTED]> patch to allow the Store
used by Persistent Manager to be set in server.xml.
Revision ChangesPath
1.19 +11 -4
jakarta
kief01/04/07 03:25:03
Modified:catalina/src/share/org/apache/catalina/session
PersistentManager.java
Log:
Applied Bip Thelin's <[EMAIL PROTECTED]> patch to allow Store
to be set from server.xml. Also added a check for the (default)
case where Store is
kief01/04/07 03:22:40
Modified:catalina/src/conf server.xml
Log:
Added configuration and documentation for PersistentManager,
which is commented out by default.
Revision ChangesPath
1.19 +46 -0 jakarta-tomcat-4.0/catalina/src/conf/server.xml
Index: se
30 matches
Mail list logo
