• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
New 7.4.7 web build.
Add missing patch for CVE-2014-0119, although it is hard to tell if it can be used in AS.
  1. … 1 more file in changeset.
New web build.
Port code cleanup from Tomcat for exception handling.
BZ1106492: -1 is set for timeout, but the endpoint then uses the main connection timeout. Use instead max int like for NIO2 after an upgrade.
Related to BZ1100491: Switch to the Tomcat websockets code for IO. With an added sync for text buffers.
Related to BZ1100491: Switch to the Tomcat style for IO writes with the NIO2 connector for better reliability and results. Avoid some deadlocks caused by excessive locking.
Add a flag to return the full URI.
Port Tomcat patch: fix again executor configuration.
BZ1100491: Cleanup (better looking sync).
Port patch from Tomcat: better URI handling.
Web 7.4.5
BZ1104139: Tomcat sets an infinite timeout for IO on upgraded connections, so do the same.
Follow up on r2435: should do an initial notification when data is available.
BZ1100491: Add a little extra sync to avoid corruption, possibly caused by extra onWritePossible notifications.
- BZ1103596: Does not fix the real cause, but avoid loop.

- Improve on notifications and input.

[JBWEB-300] synchronize JSSESupport keySizeCache access
New 7.4.4 web build.
Port CVE-2014-0075: Avoid overflow and use bit shift instead.
Port fixes for CVE-2014-0119 (low) and CVE-2014-0096: Issue using global XSLT in the default servlet (not used in EAP), and leak issue using XML parsing in Jasper.
  1. ./src/main/java/org/apache/tomcat/util/security
Port patch for CVE-2014-0099: Fix possible overflow when parsing long values from a byte array.
New web build.
Flip the default (no change besides that).
Port Tomcat patch: catch possible ISE on write for clean handling.
- Rather than just reverting again, add a system property. The default is what it was before reverting it.

- Either way passes the TCK for me.

Revert r2418 (useless extra sync).
Revert again. Besides cosmetics when using a closed session during the event processing, it doesn't cause any actual issues, but it could have side effects.
Sync process with event as some random behavior is still reported.
BZ1086399: Tentative plumbing for CDI support, submitted by Stuart Douglas.
    • -0
    • +35
    ./src/main/java/org/apache/tomcat/websocket/InstanceFactory.java
    • -0
    • +40
    ./src/main/java/org/apache/tomcat/websocket/InstanceHandle.java
BZ1100486: Try again, make sure there's no keepalive after an upgraded connection processing.