tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: Serious regression in JK 1.2.24
Date Thu, 02 Aug 2007 08:19:22 GMT

OK with me. I've one outstanding patch related to fail on status. I 
think Ben short is testing today. I wrote mails about it to the user 
list and the patch is not committed yet. It's

(in short: fail on status has to be moved to a place a little earlier, 
because at the moment headers are set before fail on status. So if we do 
a retry and get different headers back, we produce an answer with an 
undefined mix of headers. In the users case we set Content-Length from 
the failure response, and the retry on another node succeeded with a 
chunked encoding ...)

Also there is one outstanding fix concerning nsapi on netware (which now 
has an unneeded dependency on shm).

We could review all changes since 1.2.24 (that's not much) and then skip 
the quality check phase, instead directly roll an oficial test/vote 
tarball. Would tomorrow be OK for that?



Mladen Turk wrote:
> Hi,
> We have a problem with 1.2.24 that luckily is not security leak,
> but it is security related.
> The problem is that 401 from Tomcat without body
> (a standard HTTP_UNAUTHORIZED) is treated as 401, meaning
> that Apache is returning 401 page instead passing 401
> to the client.
> I already patched the SVN.
> Can we roll 1.2.25?
> Regards,
> Mladen.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message