• last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
BZ1608654: Add host name verfication for WebSocket client
    • -3
    • +12
BZ1625416: Add a fix for mixed parameters, similar to Tomcat 58545. Patch by Aaron Ogburn.
    • -7
    • +0
    • -1
    • +5
BZ1608656 - CVE-2018-1336: Fix overflow loop with UTF-8.
BZ1513302: Set DESx as MEDIUM. Patch submitted by Michal Babacek.
    • -18
    • +18
BZ1492870: Endpoint close has to be taken out of the sync to avoid a deadlock.
BZ1491857: Switch the default to the HTTP spec.
BZ1489846: Part 2: remove char restrictions.
BZ1489846: Port Coty's patch to allow again {|} chars in the URL. For compatibility, this is enabled by default (set the system property to empty to disable it).
BZ1399014: Fix CVE-2016-6816 request smuggling
    • -0
    • +551
    • -0
    • +125
  1. … 5 more files in changeset.
BZ1275403: Loop over unwrap loop to make sure some bytes are produced in blocking mode. Patch by Masafumi Miura.
BZ1203510: Apply workaround patch to display statistics if possible with the NIO connector. Patch by Enrique Gonzalez Martinez.
BZ1350444: CVE-2016-3092 DoS issue, port from Tomcat.
Disable BZ1256325 fix: org.apache.tomcat.util.http.mapper.STRICT_WELCOME_FILES system property would need to be set to true.
BZ1256325: Implement strict welcome file processing for extension mappings. Submitted by Dmitrii Tikhomirov.
BZ1307039: Add a simple timeout to handshake.
BZ1299058: Simplify syncing for output (also sync binary write, which is probably much less likely to cause issues since the processing is non existent, but it probably doesn't hurt).
    • -9
    • +6
    • -48
    • +50
BZ1266247: fix buffer sizes when using SSL (SSL engine has a size limit with no workaround), recurse unwrap if no bytes are decoded, simplify handshake.
    • -19
    • +16
  1. … 2 more files in changeset.
BZ1210388: Remove bad debug logging for parameters.
  1. … 1 more file in changeset.
BZ1242359: Allow custom codes.
BZ1223708: Remove use of direct buffers, that can cause memory problems and are probably not very useful here.
    • -10
    • +10
[JBWEB-312] Check if the output buffer can grow before flushing it when using a writer.
  1. … 1 more file in changeset.
BZ1200276: for now, disable "sendfile" (the only performance benefit with NIO2 is saving a thread), as fixing the code is a large change (in addition to being incorrect, the current code is also bad for SSL since without keepalive capabilities there is a large performance impact due to the reconnection).
BZ1200276 (to be confirmed): port Tomcat code to handle incomplete writes and special cases.
    • -8
    • +14
BZ1155189: As found out by Radim Hatlapatka, entropy can cause a delay in the middle of an IO operation. Move the entropy problem to the initial connection (unless the client sends messages concurrently).
BZ1182241: Improve compatibility with buffered streams (as used in web)
    • -5
    • +7
Fix the regression BZ 1174169 introduced by 1158847 on pre 1.0.1 openssl.

BZ1174184: Unlike the other connectors, the APR connector binds the socket first, then processes the SSL configuration. Reverse that.
BZ1172737: Always add SSLv2Hello, following review by JF.
    • -3
    • +1
Allow SSLv2Hello if Java 6. But this is a very short term strategy probably.
    • -4
    • +5
Comment out the protocol filtering code (JDK 6 incompatibility that has been ruled as more important).
    • -1
    • +4