• last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
BZ1489846: Part 2: remove char restrictions.
BZ1489846: Port Coty's patch to allow again {|} chars in the URL. For compatibility, this is enabled by default (set the system property to empty to disable it).
Web 7.5.24.
BZ1433123: Avoid calling prepareRequest if an error occurred earlier.
BZ1460573: Handle error processing as a GET, fix for CVE-2017-5664.
Web 7.5.23
BZ1393221: Port Tomcat fix for CVE-2016-6796.
BZ1393226: Patch CVE-2016-5018, just in case.
BZ1419145: Hack to force restore of the content type header even when there's no body. Submitted by Aaron Ogburn.
BZ1439225: set encoding for multipart/form-data. Submitted by Aaron Ogburn.
Web 7.5.22.
BZ1426471: Remove possible deadlock situation. The non blocking code is only really used by websockets, which has write syncs already, so it is possible to remove it.
BZ1426264: Fix weird error handling in blockingWrite, also remove the immediate close for other errors, and always return a negative value.
BZ1423453: Port code cleanup from Tomcat.
BZ1410869: Fix sync of AysncContext.complete, and change all syncs from the processor object to the request object (since it is available everywhere).
Web 7.5.21.
BZ1410869: Make the async context a separate object from the request, so that it can be recycled to avoid bad side effects.
    • -0
    • +253
BZ1399005: Add debug to max swallow input.
Web 7.5.20.
BZ1399014: Fix CVE-2016-6816 request smuggling
  1. ./src/main/java/org/apache/tomcat/util/http/parser
    • -0
    • +551
    • -0
    • +125
BZ1391834: Avoid logging NPE.
BZ1376379: Port Tomcat change that sets 500 status when an unexpected exception is caught as best effort to report an error.
Web 7.5.19.
BZ1275403: Loop over unwrap loop to make sure some bytes are produced in blocking mode. Patch by Masafumi Miura.
Web 7.5.18.
BZ1370182: Add syncing for Servlet 3.0 async to allow non container threads interaction. The extra sync shouldn't be too expensive.
BZ1341410: Port Tomcat parsing code fixes.
BZ1203510: Apply workaround patch to display statistics if possible with the NIO connector. Patch by Enrique Gonzalez Martinez.
BZ1302434: Remove code block that seems useless (query string parameters will be parsed again, and is not used with a request body).
BZ1350444: CVE-2016-3092 DoS issue, port from Tomcat.