| ================================================================================ |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ================================================================================ |
| |
| $Id$ |
| |
| ================================= |
| Apache Tomcat 5.5 Patch Proposals |
| ================================= |
| |
| PATCHES ACCEPTED TO BACKPORT FROM TRUNK/OTHER: |
| [ start all new proposals below, under PATCHES PROPOSED. ] |
| |
| |
| PATCHES PROPOSED TO BACKPORT: |
| [ New proposals should be added at the end of the list ] |
| |
| * Implement maxHeaderCount attribute on HTTP Connectors. |
| It is equivalent of LimitRequestFields directive of Apache HTTPD |
| See r1356239 in Tomcat 6. |
| |
| Notes: |
| 1. Implemented for HTTP protocol only. (MimeHeaders.setLimit() is called |
| by HTTP protocol processors only). |
| |
| I suppose that users of AJP can leverage the LimitRequestFields directive |
| in Apache HTTPD server. |
| |
| 2. The feature is manageable through JMX on the ProtocolHandler MBean. |
| |
| Unlike later Tomcat versions, I did not add setter/getter methods to |
| Connector class and did not expose the property on Connector MBean. |
| |
| Note that Catalina MBeans are not visible in Tomcat 5.5 by default. |
| See r1356696 for instructions. |
| |
| 3. To test the feature one can use |
| http://localhost:8080/servlets-examples/servlet/RequestHeaderExample |
| |
| Refreshing the page in Firefox changes the number of headers in incoming request |
| (adds 'cache-control' for "F5" refresh, adds 'pragma=no-cache' for "Ctrl+F5" refresh). |
| |
| Patch: |
| http://people.apache.org/~kkolinko/patches/2012-07-03_tc55_maxHeaderCount_v1.patch |
| +1: kkolinko, markt |
| -1: |
| |
| * Various DIGEST improvements ported from Tomcat 7 |
| http://people.apache.org/~markt/patches/2012-08-28-digest-tc5.patch |
| +1: markt, kkolinko |
| -1: |
| |
| * Remove unneeded handling of FORM authentication in RealmBase |
| http://svn.apache.org/viewvc?rev=1377887&view=rev |
| (r1377892 in 7.0) |
| +1: kkolinko, markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181 |
| A. Better handling of edge conditions in chunk header processing (BZ 42181) |
| B. Improve chunk header parsing. Properly ignore chunk-extension suffix, |
| not trying to parse digits contained in it. Reject chunks whose header is |
| incorrect. (backport of r423453) |
| https://issues.apache.org/bugzilla/attachment.cgi?id=29295 |
| +1: kkolinko, markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53830 |
| Better handling of Manager.randomFile default value on Windows |
| https://issues.apache.org/bugzilla/attachment.cgi?id=29331 |
| +1: kkolinko, markt |
| -1: |