Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=21&rev2=22 Comment: Add link to Security page. When the above flag is set, Tomcat recycles facades to its internal objects when request processing completes. This makes it easier to spot illegal access when it happens, instead of waiting until side effects of such access become visible.<<BR>><<BR>> This flag is also mentioned on the [[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security Considerations]] page.<<BR>><<BR>> - The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]]. + The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]].<<BR>><<BR>> + You can also search the archives of the Tomcat users' [[http://tomcat.apache.org/lists.html|mailing lists]] for previous discussions mentioning the `RECYCLE_FACADES` flag. 2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue. + Accessing response objects after their lifetime can lead to security issues in your application, such as sending responses to wrong clients, mixing up responses. If you can reproduce the issue and the above diagnostic does not show your own bug, but a bug in Apache Tomcat, + * if the problem manifests as a security issue, see [[http://tomcat.apache.org/security.html|how to report it]]. ---- [[CategoryFAQ]] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org