• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Port fixes for CVE-2014-0119 (low) and CVE-2014-0096: Issue using global XSLT in the default servlet (not used in EAP), and leak issue using XML parsing in Jasper.
  1. ./src/main/java/org/apache/tomcat/util/security
Port patch for CVE-2014-0099: Fix possible overflow when parsing long values from a byte array.
New web build.
Flip the default (no change besides that).
Port Tomcat patch: catch possible ISE on write for clean handling.
- Rather than just reverting again, add a system property. The default is what it was before reverting it.

- Either way passes the TCK for me.

Revert r2418 (useless extra sync).
Revert again. Besides cosmetics when using a closed session during the event processing, it doesn't cause any actual issues, but it could have side effects.
Sync process with event as some random behavior is still reported.
BZ1086399: Tentative plumbing for CDI support, submitted by Stuart Douglas.
    • -0
    • +35
    ./src/main/java/org/apache/tomcat/websocket/InstanceFactory.java
    • -0
    • +40
    ./src/main/java/org/apache/tomcat/websocket/InstanceHandle.java
BZ1100486: Try again, make sure there's no keepalive after an upgraded connection processing.
BZ1100486: Try to resolve a discrepancy with Tomcat's behavior, since in the websocket implementation nothing will actually close the connection, only the streams will be closed (where they just close the socket). So try the usual close.
Sync with Tomcat's websockets update: improve executor handling.
BZ1078204: Support OpenSSL syntax for ciphers, and change the default cipher suite. Submitted by Emmanuel Hugonnet.
BZ1097763: Identify apparently missing code in non blocking mode to make sure the data can fit in the buffer, so possible fix.
New web build.
Add null check (for a support case).
BZ1091849: Switch back the default connector to java.io.
BZ1090103: NIO2 needs a sync to avoid event concurrency as there's no guarantee they will go through the poller.
New web build.
BZ1075695: Try some cleaner thread group shutdown, if possible.
GTNPORTAL-3435: Clear the buffer since its state should be the same as the other buffer, but no need to clear it on recycle.
New build.
Unrevert, although the spec says something about this being wrong, nothing can be done with a closed session, which only leads to problems.
Add submitted org.apache.jasper.compiler.Parser.OPTIMIZE_SCRIPTLETS system property.
fix for BZ 1075695.

Avoid shutdown of an external executor.
Fix for 1073396.

fix for BZ 1065932.

Basically the one possible error is that we have

closed the acceptor socket because we are stopping.

Avoid pointless NPEs after recycle.