You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/06/11 16:58:55 UTC
svn commit: r1798384 - in /tomcat/trunk/webapps: docs/changelog.xml
host-manager/META-INF/context.xml manager/META-INF/context.xml
Author: markt
Date: Sun Jun 11 16:58:55 2017
New Revision: 1798384
URL: http://svn.apache.org/viewvc?rev=1798384&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61150
Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/host-manager/META-INF/context.xml
tomcat/trunk/webapps/manager/META-INF/context.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1798384&r1=1798383&r2=1798384&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Jun 11 16:58:55 2017
@@ -154,6 +154,13 @@
<fix>
Better document the meaning of the trimSpaces option for Jasper. (markt)
</fix>
+ <fix>
+ <bug>61150</bug>: Configure the Manager and Host-Manager web
+ applications to permit serialization and deserialization of
+ CRSFPreventionFilter related session objects to avoid warning messages
+ and/or stack traces on web application stop and/or start when running
+ under a security manager. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/trunk/webapps/host-manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/host-manager/META-INF/context.xml?rev=1798384&r1=1798383&r2=1798384&view=diff
==============================================================================
--- tomcat/trunk/webapps/host-manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/host-manager/META-INF/context.xml Sun Jun 11 16:58:55 2017
@@ -18,4 +18,5 @@
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+ <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
\ No newline at end of file
Modified: tomcat/trunk/webapps/manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/META-INF/context.xml?rev=1798384&r1=1798383&r2=1798384&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/manager/META-INF/context.xml Sun Jun 11 16:58:55 2017
@@ -18,4 +18,5 @@
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+ <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org