• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
[JBWEB-258] Ensure concurrent requests that require DIGEST auth receive unique nonces
  1. … 2 more files in changeset.
Port BZ1167203: Add another missing infinite timeout for NIO2.
BZ1175380: Add hack to filter out some events, submitted by Aaron Ogburn.
BZ1158381: Port cookie flag.
    • -3
    • +3
    ./java/org/jboss/web/rewrite/RewriteValve.java
BZ1119147: Patch submitted by Dominik Pospisil.
[JBWEB-305] Add file name information in detail error when compiling the java file
    • -2
    • +2
    ./java/org/jboss/web/JasperMessages.java
  1. … 1 more file in changeset.
BZ-1108307] Improve the ability to use MS Windows keystore for the web servers ssl connector

[BZ-1126490] create session prior to Digest 401 so loadbalancers can maintain stickiness
BZ1117821: Add sync to deal with parallel initialization of more than one SSL connector. Patch by Emmanuel Hugonnet.
  1. … 1 more file in changeset.
Typo submitted by Radim Hatlapatka.

More for BZ1078204: Use of + would empty the ciphers list. Submitted by Kabir Khan.
  1. … 1 more file in changeset.
More for 1078204: Fix issues with '+', submitted by Emmanuel Hugonnet.
More for 1078204: Add missing aliases and some debug, submitted by Emmanuel Hugonnet.
    • -0
    • +55
    ./java/org/apache/tomcat/util/net/jsse/JSSELogger.java
Add missing patch for CVE-2014-0119, although it is hard to tell if it can be used in AS.
  1. … 1 more file in changeset.
Port code cleanup from Tomcat for exception handling.
    • -0
    • +3
    ./java/org/jboss/web/CoyoteMessages.java
BZ1106492: -1 is set for timeout, but the endpoint then uses the main connection timeout. Use instead max int like for NIO2 after an upgrade.
Related to BZ1100491: Switch to the Tomcat websockets code for IO. With an added sync for text buffers.
    • -7
    • +0
    ./java/org/apache/tomcat/websocket/WsSession.java
Related to BZ1100491: Switch to the Tomcat style for IO writes with the NIO2 connector for better reliability and results. Avoid some deadlocks caused by excessive locking.
    • -0
    • +9
    ./java/org/apache/tomcat/util/net/NioChannel.java
Add a flag to return the full URI.
Port Tomcat patch: fix again executor configuration.
    • -0
    • +3
    ./java/org/jboss/web/WebsocketsMessages.java
BZ1100491: Cleanup (better looking sync).
Port patch from Tomcat: better URI handling.
BZ1104139: Tomcat sets an infinite timeout for IO on upgraded connections, so do the same.
Follow up on r2435: should do an initial notification when data is available.
BZ1100491: Add a little extra sync to avoid corruption, possibly caused by extra onWritePossible notifications.
- BZ1103596: Does not fix the real cause, but avoid loop.

- Improve on notifications and input.

[JBWEB-300] synchronize JSSESupport keySizeCache access
Port CVE-2014-0075: Avoid overflow and use bit shift instead.
Port fixes for CVE-2014-0119 (low) and CVE-2014-0096: Issue using global XSLT in the default servlet (not used in EAP), and leak issue using XML parsing in Jasper.
    • -0
    • +6
    ./java/org/jboss/web/CatalinaMessages.java
Port patch for CVE-2014-0099: Fix possible overflow when parsing long values from a byte array.
    • -13
    • +7
    ./java/org/apache/tomcat/util/buf/Ascii.java