Re: Want to confirm fix of a security vulnerability

On 09/03/2012 23:55, Au, Leon wrote: On 3/9/12 2:19 PM, Jayant Sane jayant_s...@hotmail.com wrote: Pardon the re-post but I just wanted some kind of ack from the Tomcat dev team on the following. Has the Tomcat WAR deployment directory traversal... issue as detailed in

Re: Question about a known security vulnerability

On 08/03/2012 21:49, Jayant Sane wrote: Hello, This is in regard to the security vulnerability Tomcat WAR Deployment Directory Traversal Flaw May Cause Files to Be Deleted as detailed in http://securitytracker.com/id/1023504 Per the above, versions 5.5.0-5.5.28, 6.0.0-6.0.20 and

Re: Tomcat 7 Cluster Issue

On 09/03/2012 18:33, Bruce Pease wrote: I can try the rollback the jdk, and try that. However, the issue doesn't appear to be jdk related. Plenty of changes to NIO in Java 7 AFAIK. Let us know if Java 6 + Tomcat 7 presents the same problem. p The migration was performed by completely

Re: Want to confirm fix of a security vulnerability

On 09.03.2012 23:19, Jayant Sane wrote: Pardon the re-post but I just wanted some kind of ack from the Tomcat dev team on the following. Has the Tomcat WAR deployment directory traversal... issue as detailed in http://securitytracker.com/id/1023504 been fixed in version 7.0.023? As I

@HandlesTypes not resolving classes when added as repository directory

I am running an embedded container 7.0.26 that loads the web application classes and external JARS using the method http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/loader/WebappLoader.html#addRepository%28java.lang.String%29 WebappLoader#addRepository(java.lang.String) . One of

Re: [Tomcat JDBC Pool] Close pooled connections via JMX

On 3/3/2012 10:50 AM, Brooke Hedrick wrote: On Mar 3, 2012 11:48 AM, Brooke Hedrickbrooke.t.hedr...@gmail.com wrote: On Mar 3, 2012 11:35 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Brooke Hedrick [mailto:brooke.t.hedr...@gmail.com] Subject: Re: [Tomcat JDBC Pool] Close

Re: Dynamic Security Constraints?

André Warnier wrote: Leo Donahue - PLANDEVX wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: Dynamic Security Constraints? Leo Donahue - PLANDEVX wrote: I'm not sure this is the right subject line, but if I wanted to use Tomcat to publish large

Re: What is the best way to view Tomcat JDBC pool properties in Tomcat 6?

cast it to java.sql.Connection On 3/8/2012 4:29 AM, hodgesz wrote: Yes you are correct we are creating the pool in Spring configuration as it is more natural for our application, but the only problem we see now is once we upgraded to 7.0.26 we see the following exception in the logs when

Re: What is the best way to view Tomcat JDBC pool properties in Tomcat 6?

We can't cast it since it isn't our code. The MBeanDumper class is part of Tomcat JMXProxy. On Sat, Mar 10, 2012 at 1:43 PM, Filip Hanik - Dev Lists devli...@hanik.com wrote: cast it to java.sql.Connection On 3/8/2012 4:29 AM, hodgesz wrote: Yes you are correct we are creating the pool

Re: Dynamic Security Constraints?

2012/3/10 André Warnier a...@ice-sa.com: 3) Before you even start this, it may be wise to do a quick back-of-hand calculation about the time it takes to download such a file over the average communications link. Tens of GB is hundreds of Gigabits. You may be surprised at the number of hours

Some questions about Tomcat ISAPI Connector and its documentation

Hi all, I have some questions about the documentation of the ISAPI Connector 1.2.32 (and about the connector itself). 1. In the Reference Guide for IIS (http://tomcat.apache.org/connectors-doc/reference/iis.html), the registry options are listed. For the option enable_chunked_encoding which

Re: Some questions about Tomcat ISAPI Connector and its documentation

Konstantin Preißer wrote: ... 2. I observed that when a request is made to IIS which is mapped to Tomcat, and the request path contains the string WEB-INF, like http://www.example.com/test/asdf/blahblah/blah/WEB-INF/blahbla/asdf then the ISAPI connector logs a statement like this: [Sat Mar 10

Re: Some questions about Tomcat ISAPI Connector and its documentation

2012/3/11 Konstantin Preißer verlag.preis...@t-online.de: Hi all, I have some questions about the documentation of the ISAPI Connector 1.2.32 (and about the connector itself). 1. In the Reference Guide for IIS (http://tomcat.apache.org/connectors-doc/reference/iis.html), the registry

${pageContext.request.contextPath} not resolving

Hi, I have a very simple jsp page like this: %@ page language=java contentType=text/html; charset=UTF-8 pageEncoding=UTF-8% html body${pageContext.request.contextPath}/body /html ${pageContext.request.contextPath} is not resolving. I have the

Source jar for tomcat-dbcp?

I have a problem I need to debug by stepping into tomcat-dbcp (6.0.35). I tried downloading the Apache commons-dbcp source but it seems the version in Tomcat has the classes in different packages, so I can't get Eclipse to recognize the source. I've searched the following areas: * the tomcat

RE: Source jar for tomcat-dbcp?

-Original Message- From: Jim Garrison [mailto:jim.garri...@troux.com] Sent: Saturday, March 10, 2012 7:07 PM To: users@tomcat.apache.org Subject: Source jar for tomcat-dbcp? I have a problem I need to debug by stepping into tomcat-dbcp (6.0.35). I tried downloading the Apache

Java 7 + Tomcat 6.0.35 + Win2k3 Problem

Hi I recently upgrade JDK from 1.6 to 1.7u3. And tomcat no longer work on Windows 2003, ie not sending response to any request either with https or plain http. But the same code/setting works on Windows 7 and my ubuntu machine. Are there known issues with Java 7 and Win2k3 with Tomcat 6.0.35?