| ================================================================================ |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ================================================================================ |
| |
| $Id$ |
| |
| ================================= |
| Apache Tomcat 5.5 Patch Proposals |
| ================================= |
| |
| PATCHES ACCEPTED TO BACKPORT FROM TRUNK/OTHER: |
| [ start all new proposals below, under PATCHES PROPOSED. ] |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050 |
| Fix XOR arithmetics and charset issue when calculating entropy to |
| initialize random numbers generator in session manager. Based on |
| proposal by Andras Rozsa. |
| https://issues.apache.org/bugzilla/attachment.cgi?id=28895 |
| +1: kkolinko, schultz, jim |
| -1: |
| |
| PATCHES PROPOSED TO BACKPORT: |
| [ New proposals should be added at the end of the list ] |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52579 |
| Propose new implementation of ByteChunk.toStringInternal(). |
| This fix does not reintroduce issue BZ51400. |
| This fix avoids http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6196991. |
| https://issues.apache.org/bugzilla/attachment.cgi?id=28274 (remove generics ) |
| +1: kfujino |
| -0: markt (see https://issues.apache.org/bugzilla/show_bug.cgi?id=52579#c8) |
| -1: |
| |
| * Implement maxHeaderCount attribute on HTTP Connectors. |
| It is equivalent of LimitRequestFields directive of Apache HTTPD |
| See r1356239 in Tomcat 6. |
| |
| Notes: |
| 1. Implemented for HTTP protocol only. (MimeHeaders.setLimit() is called |
| by HTTP protocol processors only). |
| |
| I suppose that users of AJP can leverage the LimitRequestFields directive |
| in Apache HTTPD server. |
| |
| 2. The feature is manageable through JMX on the ProtocolHandler MBean. |
| |
| Unlike later Tomcat versions, I did not add setter/getter methods to |
| Connector class and did not expose the property on Connector MBean. |
| |
| Note that Catalina MBeans are not visible in Tomcat 5.5 by default. |
| See r1356696 for instructions. |
| |
| 3. To test the feature one can use |
| http://localhost:8080/servlets-examples/servlet/RequestHeaderExample |
| |
| Refreshing the page in Firefox changes the number of headers in incoming request |
| (+= 'cache-control' for F5, += 'pragma=no-cache' for Ctrl+F5 refresh). |
| |
| Patch: |
| http://people.apache.org/~kkolinko/patches/2012-07-03_tc55_maxHeaderCount_v1.patch |
| +1: kkolinko |
| -1: |