• last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
BZ1393221: Port Tomcat fix for CVE-2016-6796.
BZ1393226: Patch CVE-2016-5018, just in case.
BZ1419145: Hack to force restore of the content type header even when there's no body. Submitted by Aaron Ogburn.
BZ1439225: set encoding for multipart/form-data. Submitted by Aaron Ogburn.
Web 7.5.22.
BZ1426471: Remove possible deadlock situation. The non blocking code is only really used by websockets, which has write syncs already, so it is possible to remove it.
BZ1426264: Fix weird error handling in blockingWrite, also remove the immediate close for other errors, and always return a negative value.
BZ1423453: Port code cleanup from Tomcat.
BZ1410869: Fix sync of AysncContext.complete, and change all syncs from the processor object to the request object (since it is available everywhere).
Web 7.5.21.
BZ1410869: Make the async context a separate object from the request, so that it can be recycled to avoid bad side effects.
    • -0
    • +253
BZ1399005: Add debug to max swallow input.
Web 7.5.20.
BZ1399014: Fix CVE-2016-6816 request smuggling
  1. ./src/main/java/org/apache/tomcat/util/http/parser
    • -0
    • +551
    • -0
    • +125
BZ1391834: Avoid logging NPE.
BZ1376379: Port Tomcat change that sets 500 status when an unexpected exception is caught as best effort to report an error.
Web 7.5.19.
BZ1275403: Loop over unwrap loop to make sure some bytes are produced in blocking mode. Patch by Masafumi Miura.
Web 7.5.18.
BZ1370182: Add syncing for Servlet 3.0 async to allow non container threads interaction. The extra sync shouldn't be too expensive.
BZ1341410: Port Tomcat parsing code fixes.
BZ1203510: Apply workaround patch to display statistics if possible with the NIO connector. Patch by Enrique Gonzalez Martinez.
BZ1302434: Remove code block that seems useless (query string parameters will be parsed again, and is not used with a request body).
BZ1350444: CVE-2016-3092 DoS issue, port from Tomcat.
Web 7.5.17.
BZ1315982: Port fix for minor flaw in URL normalization.
Web 7.5.16
BZ1318006: Port fix for file conditions.
BZ1315598: Add session id length configuration, submitted by Enrique Gonzalez Martinez.
BZ1313202: Fix ordering problem parsing N* flags.