blob: 346d1af39b1fb6aba8527f377fcf43f99d5d7577 [file] [log] [blame]
================================================================================
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================================================
$Id$
=================================
Apache Tomcat 5.5 Patch Proposals
=================================
PATCHES ACCEPTED TO BACKPORT FROM TRUNK/OTHER:
[ start all new proposals below, under PATCHES PROPOSED. ]
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
Fix XOR arithmetics and charset issue when calculating entropy to
initialize random numbers generator in session manager. Based on
proposal by Andras Rozsa.
https://issues.apache.org/bugzilla/attachment.cgi?id=28895
+1: kkolinko, schultz, jim
-1:
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52579
Propose new implementation of ByteChunk.toStringInternal().
This fix does not reintroduce issue BZ51400.
This fix avoids http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6196991.
https://issues.apache.org/bugzilla/attachment.cgi?id=28274 (remove generics )
+1: kfujino
-0: markt (see https://issues.apache.org/bugzilla/show_bug.cgi?id=52579#c8)
-1:
* Implement maxHeaderCount attribute on HTTP Connectors.
It is equivalent of LimitRequestFields directive of Apache HTTPD
See r1356239 in Tomcat 6.
Notes:
1. Implemented for HTTP protocol only. (MimeHeaders.setLimit() is called
by HTTP protocol processors only).
I suppose that users of AJP can leverage the LimitRequestFields directive
in Apache HTTPD server.
2. The feature is manageable through JMX on the ProtocolHandler MBean.
Unlike later Tomcat versions, I did not add setter/getter methods to
Connector class and did not expose the property on Connector MBean.
Note that Catalina MBeans are not visible in Tomcat 5.5 by default.
See r1356696 for instructions.
3. To test the feature one can use
http://localhost:8080/servlets-examples/servlet/RequestHeaderExample
Refreshing the page in Firefox changes the number of headers in incoming request
(+= 'cache-control' for F5, += 'pragma=no-cache' for Ctrl+F5 refresh).
Patch:
http://people.apache.org/~kkolinko/patches/2012-07-03_tc55_maxHeaderCount_v1.patch
+1: kkolinko
-1: