• last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
New 7.4.9 web build.

BZ-1108307] Improve the ability to use MS Windows keystore for the web servers ssl connector

[BZ-1126490] create session prior to Digest 401 so loadbalancers can maintain stickiness
BZ1117821: Add sync to deal with parallel initialization of more than one SSL connector. Patch by Emmanuel Hugonnet.
  1. … 1 more file in changeset.
Typo submitted by Radim Hatlapatka.

More for BZ1078204: Use of + would empty the ciphers list. Submitted by Kabir Khan.
  1. … 1 more file in changeset.
More for 1078204: Fix issues with '+', submitted by Emmanuel Hugonnet.
New 7.4.8 web build.
More for 1078204: Add missing aliases and some debug, submitted by Emmanuel Hugonnet.
New 7.4.7 web build.
Add missing patch for CVE-2014-0119, although it is hard to tell if it can be used in AS.
  1. … 1 more file in changeset.
New web build.
Port code cleanup from Tomcat for exception handling.
BZ1106492: -1 is set for timeout, but the endpoint then uses the main connection timeout. Use instead max int like for NIO2 after an upgrade.
Related to BZ1100491: Switch to the Tomcat websockets code for IO. With an added sync for text buffers.
Related to BZ1100491: Switch to the Tomcat style for IO writes with the NIO2 connector for better reliability and results. Avoid some deadlocks caused by excessive locking.
Add a flag to return the full URI.
Port Tomcat patch: fix again executor configuration.
BZ1100491: Cleanup (better looking sync).
Port patch from Tomcat: better URI handling.
Web 7.4.5
BZ1104139: Tomcat sets an infinite timeout for IO on upgraded connections, so do the same.
Follow up on r2435: should do an initial notification when data is available.
BZ1100491: Add a little extra sync to avoid corruption, possibly caused by extra onWritePossible notifications.
- BZ1103596: Does not fix the real cause, but avoid loop.

- Improve on notifications and input.

[JBWEB-300] synchronize JSSESupport keySizeCache access
New 7.4.4 web build.
Port CVE-2014-0075: Avoid overflow and use bit shift instead.
Port fixes for CVE-2014-0119 (low) and CVE-2014-0096: Issue using global XSLT in the default servlet (not used in EAP), and leak issue using XML parsing in Jasper.
  1. ./src/main/java/org/apache/tomcat/util/security
Port patch for CVE-2014-0099: Fix possible overflow when parsing long values from a byte array.