blob: 59f5eefaec85340413f279d598d31902825399da [file] [log] [blame]
================================================================================
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================================================
$Id$
=================================
Apache Tomcat 5.5 Patch Proposals
=================================
PATCHES ACCEPTED TO BACKPORT FROM TRUNK/OTHER:
[ start all new proposals below, under PATCHES PROPOSED. ]
* Make configuration issue for RemoteAddrValve, RemoteHostValve result
in the failure of the valve rather than just a warning message.
Ensure changes to the configuration of these valves via JMX are thread-safe.
Refactor value matching logic into separate method.
Expose the new method isAllowed and isAllowValid, isDenyValid properties through JMX.
It is based on r1189256 and r1187027, r1198622
(r1189258, r1187029, r1198623 in TC7)
http://people.apache.org/~kkolinko/patches/2011-11-08_tc55_RequestFilterValve_v4.patch
+1: kkolinko,funkman,jim
-1:
kkolinko: It does its work and prevents app from starting and working. Though
1. Autodeployment prints the same error every 10s. It is OK, though a
bit annoying.
2. Application that failed to start responds with 403. I do not
understand why. I would expect 404 or 503.
3. Application that failed to start is not listed by the manager app.
It is expected, but does not explain why error 403 and not 404 is observed.
* Improve performance of parameter processing
<add>
Improve performance of parameter processing for GET and POST requests.
Also add an option to limit the maximum number of parameters processed
per request. This defaults to 10000. Excessive parameters are ignored.
Note that <code>FailedRequestFilter</code> can be used to reject the
request if some parameters were ignored. (markt/kkolinko)
</add>
<add>
New filter <code>FailedRequestFilter</code> that will reject a request
if there were errors during HTTP parameter parsing. (kkolinko)
</add>
Before the patch:
Should be created by patch tool automatically, but just to be sure:
mkdir container/catalina/src/share/org/apache/catalina/filters
svn add container/catalina/src/share/org/apache/catalina/filters
Apply patch:
http://people.apache.org/~kkolinko/patches/2011-11-17_tc55_parameters-v5.patch
After the patch:
svn propset svn:eol-style native connectors/util/java/org/apache/tomcat/util/http/LocalStrings.properties
svn propset svn:eol-style native container/catalina/src/share/org/apache/catalina/filters/FailedRequestFilter.java
svn propset svn:eol-style native container/webapps/docs/config/filter.xml
+1: kkolinko, markt, funkman, jim
-1:
* Align %2f handling between implementations of UDecoder.convert()
http://svn.apache.org/viewvc?rev=1203091&view=rev
+1: kkolinko, markt, funkman, jim
-1:
* Remove obsolete build.xml file that was used to download source tree.
References to it were removed from build instructions in r1202235
1. svn del build/resources/build.xml
2. apply patch:
http://people.apache.org/~kkolinko/patches/2011-11-15_tc55_build.patch
+1: kkolinko, rjung, markt, jim
-1:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52225
Fix ClassCastException in Alias added for existing host via JMX
http://svn.apache.org/viewvc?rev=1204856&view=rev
(without tests; it is r1204860 in TC7)
+1: kkolinko, markt, funkman, jim
-1:
* Do not throw IllegalArgumentException from parseParameters() call when
chunked POST request is too large, but treat it like an IO error.
http://svn.apache.org/viewvc?rev=1206200&view=rev
(without tests; it is r1206205 in TC7)
+1: kkolinko, markt,funkman, jim
-1:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52335
Only handle <\% and not \% as escaped in template text.
http://svn.apache.org/viewvc?rev=1215121&view=rev
+1: markt, funkman, jim
-1:
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]