[ANN] Apache Tomcat 8.5.65 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.65. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.45 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.45. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.45 is a bugfix and

[ANN] Apache Tomcat 10.0.5 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.5. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat Native 1.2.28 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.28 stable. The key features of this release are: - Windows binaries built using 1.1.1k - Correct a regression in the fix for 65181 that prevented an error message from being displayed if an invalid key file

Re: Tomcat seems to accept all characters in a URL

On 23/03/2021 16:09, Boris Petrov wrote: Hi all, I'm trying to figure out why Tomcat 9.0.44 seems to accept this URL: https://some-domain.com/[foo: "bar@asd/qwe%25rty'zzzqqq{rrr|ttt] Even when I haven't specified any "relaxedPathChars" (or when I explicitly set it to an empty string). Note

Re: Realm issue with Tomcat 9

On 23/03/2021 10:05, Ravi Kumar wrote: Hello, I am migrating my application which is using tomcat 7 currently to tomcat 9. As there are a lot of changes in the API, with tomcat 7 we were setting the Realm for this engine by // set the Realm for this engine //tomcatServer.setDefaultRealm(new

Re: AJAX value %27 results in 403 forbidden

On 20/03/2021 15:59, Michael Duffy wrote: I need help from the very capable and experienced IT professionals on this list. Can you help solve this problem: https://stackoverflow.com/questions/66715576/ajax-value-27-results-in-403-forbidden This is nothing to do with Tomcat. Tomcat will

Re: small error in log documentation

On 16/03/2021 02:48, Rob Sargent wrote: Last sentence of Introduction on https://tomcat.apache.org/tomcat-9.0-doc/logging.html    If it used directly or indirectly by your logging library then    elements of it will be shared across web applications because it is    loaded by the system

Re: module muddle

in responding to Mark's questions.  Been on a  short walk-about. On 3/11/21 12:17 PM, Mark Thomas wrote: On 11/03/2021 19:08, Rob Sargent wrote: I've started getting this error, though I've been running fine since days of "localhost" issue help.     class org.apache.tomcat.

Re: Embedded Tomcat 9.0.43 : WINDOW_UPDATE not sent when receiving http2 requests over unknown url

On 11/03/2021 20:01, Doug Whitfield wrote: I am working on a fix which I expect to be in the releases due out in ~1 month's time. Thanks Mark! Is there any chance of a patch being available before then that we might be able to backport locally? It is fixed in 10.0.x, 9.0.x and 8.5.x now.

Re: Does Tomcat JDBC Connection Pool reset autocommit on closed connections?

On 12/03/2021 03:57, My Subs wrote: Hello, I'm using Tomcat 10.0.0. Suppose I call setAutoCommit(false) on a connection obtained from a Tomcat JDBC Connection Pool. Then I do some stuff with the connection, call commit() or rollback() and finally call close() on it without ever calling

Re: Unable to read the orginal url when host header is specified.

On 12/03/2021 01:50, Anurag Sharma wrote: My code is running on local host and i am hitting one of my urls as below curl -k -vv --http1.1 "https://localhost:8443/versa/login; -H 'Host: google.com' Now i m a trying to read the url in my code using following StringBuffer url =

Re: Embedded Tomcat 9.0.43 : WINDOW_UPDATE not sent when receiving http2 requests over unknown url

On 11/03/2021 19:09, Doug Whitfield wrote: Just FYI: I was able to reproduce this issue on 8.5.64 and 9.0.44. I’m going to start doing some testing in earlier versions of 8.5 to see if the issue exist there as well as far as regressions. It exists in all 8.5.x, 9.0.x and 10.0.x versions.

Re: module muddle

On 11/03/2021 19:08, Rob Sargent wrote: I've started getting this error, though I've been running fine since days of "localhost" issue help.    class org.apache.tomcat.dbcp.dbcp2.BasicDataSource cannot be cast to    class org.apache.tomcat.jdbc.pool.DataSource   

[ANN] Apache Tomcat 8.5.64 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.64. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.44 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.44. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.44 is a bugfix and

[ANN] Apache Tomcat 10.0.4 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.4. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

Re: Possible to refer to the contextPath in a Resource database url ?

On 10/03/2021 19:44, Rony G. Flatscher (Apache) wrote: For a little nutshell example I would like to use SQLite as the JDBC driver includes the native code for all the major operating systems already (this way a user does not really need to install SQLite just place its JDBC driver in the lib

Re: Is there a way to know/infer that a JSP got freshly compiled from a taglib library ?

On 10/03/2021 15:14, Rony G. Flatscher (Apache) wrote: Is there a way to know/infer that a JSP got freshly compiled from e.g. a taglib library? For caching purposes it would be necessary to learn whether a JSP got recompiled as the cache should be purged in that case. Is there a way to find

Re: JSP: question: how to make tld-files part of the taglib library like STL is able to do?

On 10/03/2021 13:19, Rony G. Flatscher (Apache) wrote: The STL (standard tag library) jstl-1.2_1.jar is able to have its tags processed without requiring the user to place its tld-files into the webapps WEB-INF directory. Rather jstl-1.2_1.jar stores the tld files in its META-INF directory and

Re: Embedded Tomcat 9.0.43 : WINDOW_UPDATE not sent when receiving http2 requests over unknown url

On 10/03/2021 05:26, Arshiya Shariff wrote: Hi All, We are using embedded tomcat version 9.0.43 in our application to transport http/2 packets between 2 systems (h2c connection). All parameters used are the tomcat defaults. We are facing the below issue : 1. Tomcat is not sending

Re: CloseNowException: This stream is not writable

On 09/03/2021 20:57, DevNull wrote: Apache Tomcat Version 9.0.43 Hello In an application showing hundreds of thumbnail images at the same time, about a hundred thumbnails are loaded but the rest are not. Some posts claim it may be due to the http2 connection closing due to too much

Re: application deploy error

On 07/03/2021 02:30, Rajendra Popuri wrote: The complete error is as follows. No, that is not the complete error message. The stack trace that follows that message, including all the "caused by..." elements, is part of the error message and contains the information required to diagnose the

Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

Regards, Teemu Kursu -Original Message- From: Mark Thomas Sent: maanantai 1. maaliskuuta 2021 13.05 To: Tomcat Users List Cc: annou...@tomcat.apache.org; annou...@apache.org; Tomcat Developers List Subject: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up CVE-2021-25122 h2c

Re: Reg: caching allowed setting in tomcat

share some insight on the OS level caching ? Primarily where would OS be caching it ? I'd expect there to be some form of read cache for disk access. The split between OS and hardware will be system dependent. Mark Regards Jalaj -Original Message- From: Mark Thomas Sent: Tuesday

Re: AWS health check problems

On 01/03/2021 22:35, Jake Orel wrote: Hi All, I'm working on deploying tomcat through aws with the use of an elastic load balancer connected to an auto scaling group. I'm running into an issue where the health checks associated with the target group are being sent to my server via IP address and

Re: Reg: caching allowed setting in tomcat

On 01/03/2021 16:03, Jalaj Asher wrote: I see that the cachingallowed setting is primarily for static content caching. But considering my application we have a lot of static content data resulting in almost 100 to 150 MB of heap memory being used because of this caching. 1. Is there any

Re: Tomcat Security Office Hours

On 01/03/2021 11:16, Rony G. Flatscher (Apache) wrote: On 24.02.2021 12:59, Mark Thomas wrote: All, Inspired by this post [1] I am going to try an experiment with running weekly office hours every Thursday. I'm going to start off by focussing on security. If there is anything you'd like

[SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence) Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Apache Tomcat 7.0.0 to 7.0.107 Description:

[SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

CVE-2021-25122 h2c request mix-up Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Description: When responding to new h2c connection requests, Apache Tomcat could

Re: embedded: one-liner

On 26/02/2021 18:36, Rob Sargent wrote: In the absence of anything Catalina, but with etc/>, is an embedded tomcat able to detect updates to web.xml (or context.xml) and reload the app or the resource definitions? Hasn't worked for me so far, but still hoping I doing it wrong (as usual).

Re: Tomcat Manager

On 24/02/2021 20:18, Robert Hicks wrote: > Is there a way (my google-fu is failing) to use the command line version of > the manager but not have the front end UI available at all? Remove the HTMLManager servlet entries from WEB-INF/web.xml You may also wish to remove the Status servlet and the

Re: Replacement / alternatives of Tomcat-juli.jar and Tomcat-juli-adapters.jar in Tomcat 9

On 24/02/2021 15:57, Ravi Kumar wrote: > Hi Tomcat Team, > > We used to have *Tomcat-juli.jar and Tomcat-juli-adapters.jar* available on > Tomcat7 download pages under the EXTRAS directory. > > But with Tomcat 9, we don't have these 2 jars or in fact extras folder > available. We use these jars

Tomcat Security Office Hours

All, Inspired by this post [1] I am going to try an experiment with running weekly office hours every Thursday. I'm going to start off by focussing on security. If there is anything you'd like to discuss and/or provide feedback on and/or ask questions about around Tomcat security then feel free

Re: Tomcat 9 jar containing @webservlet annotation not loaded if inside tomcat/lib

2021 12:45:06.178 BUONO >>> [http-nio-8082-exec-1] >>> org.apache.tomcat.util.scan.StandardJarScanner.processURLs Scanning >>> JAR [file:/home/agharta/apache-tomcat-9.0.41/lib/testannotation.jar] >>> from classpath >>> >>> ...no other messages in

[ANN] Apache Tomcat Migration tool for Jakarta EE 0.2.0

The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 0.2.0 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE 9.

Re: Tomcat 9 jar containing @webservlet annotation not loaded if inside tomcat/lib

On 18/02/2021 10:46, aghart...@gmail.com wrote: > Hi all, > > A question, I can't solve that > > Tested with Tomcat 9.0.41, java 8 x64, linux (Fedora 32). > > > I have a standard tomcat web.xml (3.0 or 3.1, no matter). > > I have created an external simple servlet with @WebServlet

Re: Standards, specs for URL parameter ordering

On 17/02/2021 14:03, Christopher Schultz wrote: > Mark, > > On 2/17/21 04:08, Mark Thomas wrote: >> On 16/02/2021 14:58, Christopher Schultz wrote: >>> All, >>> >>> I'm sorry for using users@ as my own personal Google but I'm sure >>> someone k

Re: Standards, specs for URL parameter ordering

On 16/02/2021 14:58, Christopher Schultz wrote: > All, > > I'm sorry for using users@ as my own personal Google but I'm sure > someone knows this off the top of their head and can save me a lot of > reading. > > I'm wondering about which specs mention how to handle URL parameters > (and POST

Re: embedded, not local

On February 16, 2021 10:00:01 PM UTC, Noelette Stout wrote: >I'm kinda new to this, but it looks like you're trying to start http >and >https on the same port. > >Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init >INFO: Initializing ProtocolHandler ["http-nio-16004"] >Feb

Re: java.lang.ClassNotFoundException: javax.servlet.Filter

On 15/02/2021 08:26, Jason Wee wrote: > Using Apache Tomcat 10.0.2, build owb and cxf and placed into lib directory > > tomcat-cxf-3.4.1.jar > tomcat-owb-2.0.20.jar > > reading reference, https://tomcat.apache.org/tomcat-10.0-doc/cdi.html > > and when i start tomcat, I get the following

Re: Upgraded to 8.5.63, ssl stopped working...?

ter in opaque >part >> at >> > index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key >> > at java.net.URI$Parser.fail(Unknown Source) >> > at java.net.URI$Parser.checkChars(Unknown Source) >> > at java.net.URI$Parser.parse(Unknown Source) >> > at java.net.URI.(Unknown Source)

Re: PerMessageDeflate - Native Memory Pressure

On 11/02/2021 02:50, Sridhar Rao wrote: > So we are exploring disabling "permessage-deflate" extension. Although it > could increase network overhead, it should help with native memory and CPU > cycles. Most of our messages are small anyway. Just wanted to check, if > there are any potential

Re: Upgraded to 8.5.63, ssl stopped working...?

On 11/02/2021 02:06, Jim Weill wrote: > I had 8.5.41 working and decided to do the upgrade to 8.5.63 today on > Windows Server 2012r2. I've had success with stopping the service, > renaming the tomcat directory, putting the unzipped files of the new > version in its place, and dropping in the

Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

Server? Yes. Mark > > On Wed, 10 Feb 2021 at 18:53, Mark Thomas wrote: > >> On 10/02/2021 12:09, George Thomas wrote: >>> As per the below link >>> >>> https://github.com/spring-projects/spring-boot/issues/6164, the >> followi

Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

On 10/02/2021 12:09, George Thomas wrote: > As per the below link > > https://github.com/spring-projects/spring-boot/issues/6164, the following > features are removed from tomcat 8.5 > > a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists > > b) Class

Re: 10. migration doc flaw

On 08/02/2021 23:40, Rob Sargent wrote: > Well, it the 9->10 page, but that form generator is all about > 10.x->10.y  (Not sure it's doing anything useful either?) Copy/paste error. Fixed now. Thanks for reporting this. The configuration difference generator is working but the files haven't

Re: Tomcat end-point Client certificate issue

On 05/02/2021 22:47, jonmcalexan...@wellsfargo.com.INVALID wrote: > Hey everybody, > > Anyone run into an error or warning like this before? App team is using > Tomcat 9.0.37. > > > > [05/02/2021 14:34:14:702 ] [] WARN > com...xxx.SearchCriteriaEnhancedController >

Re: Are we able to deploy the same WAR to Tomcat 9 and 10?

On 05/02/2021 15:40, Johan Compagner wrote: >> >> >> >>> And then I don't care too much about if it goes from javax.servlet to >>> jakarta.servlet or the other way around.. I just want to support both >>> deployments. That our customers can dump in the generated war by our >>> tooling in any

[ANN] Apache Tomcat 8.5.63 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.63. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

Re: Are we able to deploy the same WAR to Tomcat 9 and 10?

On 05/02/2021 14:45, Johan Compagner wrote: > Hi, > > I already now get the first support request that our application doesn't > run under Tomcat 10. > > So just want to get straight how this is going to work in the future. > > i see there is a migration tool, but that is for now quite useless

Re: Not able to connect to Tomcat 9.0.39 instance using jconsole/jvisualvm

On 04/02/2021 08:08, Luis Rodríguez Fernández wrote: > Hello Suvendu, > > I've never used the > "org.apache.catalina.mbeans.JmxRemoteLifecycleListener", I would advise you > to continue using the JVM startup options for JMX [1] +1. Ignore the JmxRemoteLifecycleListener and use the settings

[ANN] Apache Tomcat 9.0.43 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.43. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.43 is a bugfix and

[ANN] Apache Tomcat 10.0.2 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.2. This release is the first stable release in the 10.0.x series and is targeted at Jakarta EE 9. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta

Re: Memory leak with Jersey 2.33

On 01/02/2021 06:37, Mark Eggers wrote: > On 1/31/2021 9:39 PM, Mark Eggers wrote: >> GC roots for cplanapi are: >> >> class com.sun.naming.internal.ResourceManager >> '- propertiesCache java.util.WeakHashMap >>     '- table java.util.WeakHashMap$Entry[16] >>    '-

Re: How to define UserDatabase for webapp in context?

On 29/01/2021 08:49, Karim Kanso wrote: > I have been trying to create a context xml file for a webapp so that > it encapsulates all needed server side configuration for > authentication to work. That is, it contains both the and > elements. > > I dont understand why the following definition of

Re: Case Sensitivity with SSLHostConfig.hostName and SNI

On 27/01/2021 23:01, Daniel Skiles wrote: >> Curious: what is "keytool -ssl server"? > > https://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html > > keytool -printcert has an additional -sslserver object, which will let you > connect to external servers and dump cert

Re: Case Sensitivity with SSLHostConfig.hostName and SNI

ound one either. I have found several references to comparing DNS names in a case insensitive manner. I'll work on updating Tomcat. The fix won't make the February releases as they have already been tagged (unless the vote fails and we have to re-tag). It should be in the March releases. Mark >

Re: Case Sensitivity with SSLHostConfig.hostName and SNI

On January 27, 2021 10:43:48 PM UTC, Christopher Schultz wrote: >All, > >The Mapper seems to understand that case should be ignored while >looking >for hosts. That's expected, since it would have made Tomcat fail for >all >kinds of reasons in the past. > >However, the Mapper doesn't normalize.

Re: Case Sensitivity with SSLHostConfig.hostName and SNI

On 27/01/2021 19:42, Christopher Schultz wrote: > On 1/27/21 14:37, Daniel Skiles wrote: >> Are SSLHostConfig.hostName attribute values case sensitive in Tomcat?  I >> have looked through the documentation and it does not seem to specify >> either way. > > Hostnames are, by RFC[1] definition,

Re: Tomcat 9 cluster with FarmWarDeployer but without session replication

Kamal, This is off the top of my head without testing it or even looking at the code but you could try configuring a cluster with the FarmWarDeployer and then deploying a web application via the FarmWarDeployer that has the distributable flag set to false in web.xml Mark On 27/01/2021 05:44,

Re: AccessLog implementation via logging subsystem?

On 20/01/2021 10:59, Thomas Meyer wrote: > Hi, > > as far as I can see there seems to be no AccessLog interface implementation > that is using the standard tomcat logging subsystem. > Is there a reason for this? > I have a use case were I want to forward access log to splunk via http event >

Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Please note the updated affected version information below. Mark On 03/12/2020 18:01, Mark Thomas wrote: > CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up > > Severity: Moderate > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomca

Re: SSL trouble in embeddedLand

On 19/01/2021 04:02, Rob Sargent wrote: > > Stuck in my basement with no real domain I'm having trouble setting up > SSL/TLS on an embedded tomcat instance. And I'm very lost, having tried > more dead ends than I can remember. > > I used this to generate cert and key > openssl req -out

Re: Reg: Jars under web-inf lib being accessed by tomcat even when the application is not running.

On 18/01/2021 16:13, Jalaj Asher wrote: > We have a situation where in we are seeing with tomcat 8.5 and higher that > even when the application is not in use , tomcat is accessing different jars > in that web-inf/ lib folder every few seconds or few minutes. > > These jars are not getting

Re: TomCat 9 service failed to start on Windows after TomCat 9 update

On 18/01/2021 04:40, Igor Sluge wrote: > > Hello, > Thanks for your answer. Do you know is anyway to specify «Local System» user > for «tomcat9.exe" //IS//» command  > via cmd? --ServiceUser "LocalSystem" should do it. Mark >> Пятница, 15 января 2021, 16:34 +03:00 от Robert Turner >> : >>

Re: what is the exact order of filters?

On 15/01/2021 16:00, Johan Compagner wrote: > Hi > here we have a case: 51754 – Tomcat7 filters from conf/web.xml are applied > after filters defined in WEB-INF/web.xml (apache.org) > > > that already says that the conf/web.xml are later then

Re: Signature broken link.

On 14/01/2021 18:32, My Subs wrote: > Hello, > > The pgp signature link for v10.0.0 seems to be broken: > > https://downloads.apache.org/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.tar.gz.asc > > I keep getting a 404 on that address. Fixed. Mark > > Best, > > Alex > > >

Re: SingleSignOn does not log debug info?

On 14/01/2021 15:52, Luis Rodríguez Fernández wrote: > Hello there, > > I am trying to enable debug for > the org.apache.catalina.authenticator.SingleSignOn valve. In my > ${CATALINA_BASE}/conf/logging.properties I have set > > java.util.logging.ConsoleHandler.level = ALL > .../... >

[SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure

CVE-2021-24122 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M9 Apache Tomcat 9.0.0.M1 to 9.0.39 Apache Tomcat 8.5.0 to 8.5.59 Apache Tomcat 7.0.0 to 7.0.106 Description: When serving

Re: Can we get Digest Authentication with TOMCAT 7

On 13/01/2021 09:36, Ravi Kumar wrote: > Hi Tomcat Team, > > I am using a Tomcat based webserver container for our web application. All > the deplyoment and other task taken care using TOMCAT 7.10.105. Tomcat 7.0.x will reach end of life on 31 March 2021. > Currently we are using the BASIC

Re: Tomcat Displaying Login Page before redirecting to https

On 12/01/2021 00:45, Jerry Malcolm wrote: > On 1/11/2021 6:11 PM, Mark Thomas wrote: >> On 12/01/2021 00:00, Jerry Malcolm wrote: >>> I have a standalone tomcat. TC is configured to redirect any port 80 >>> requests to https/443.  It works fine on pages that aren

Re: Tomcat Displaying Login Page before redirecting to https

On 12/01/2021 00:00, Jerry Malcolm wrote: > I have a standalone tomcat. TC is configured to redirect any port 80 > requests to https/443.  It works fine on pages that aren't protected by > web.xml security constraints.  However, if a page is protected, the > login page appears while still in

Re: javadoc 404

On 11/01/2021 04:51, Rob Sargent wrote: > While trying to understand why PerUserPoolDataSource doesn't implement > javax.sql.ConnectionPoolDataSource on > >    > https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/tomcat/dbcp/dbcp2/datasources/package-summary.html > > > I get a 404 from

Re: tomcat 9 fails when requesting a new URL

On 10/01/2021 15:10, Jim Anderson wrote: > > I'm working on developing a web page using Tomcat 9 as the local server. > My web page comes up and when I submit my page for processing, the > tomcat server crashes. Interestingly, when I run the same sequence in > Eclipse, everything works fine. > >

Re: troubled by "SEVERE: Cannot register null bean"

On 08/01/2021 16:11, Rob Sargent wrote: > classname="org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource" > factory="org.apache.commons.dbcp2.datasources.PerUserPoolDataSourceFactory" You are mixing Commons DBCP 2 and Apache Tomcat's internal fork of DBCP 2. They use different

Re: info: illegal access: this web application instance has been stopped already w/Parallel deployment

It looks like the in-flight requests are taking longer to complete than the unloadDelay configured for the Context. Mark On 07/01/2021 23:00, Усманов Азат Анварович wrote: > > Hi everyone! About a year ago I asked the following question on the > users-list about getting a illegal state

Re: Parallel deploy with /manager/text servlet

On 06/01/2021 21:48, Manuel Dominguez Sarmiento wrote: > Hi, our system consists on about 80+ webapps on different servers. > Multiple webapps are deployed per Tomcat server remotely using the > manager and host-manager webapps. > > This has been working fine for years, however some servers now

Re: Tomcat vs simple hand rolled standalone server ..

On 05/01/2021 18:47, John Dale wrote: > Greetings Everyone; > > I'm writing for small devices with limited power. > > Last year I wrote a simple web server to receive GET requests to do a > handful of commands over the network that included some sound card > interfacing among other things. > >

Re: tcnative windows binaries link needs to be corrected

On 05/01/2021 16:27, George Stanchev wrote: > The links and mirrors for the windows binaries at > "https://tomcat.apache.org/download-native.cgi; are all messed up. Some are > point to binaries compiled with openssl-1.1.1g where the holding sites have > 1.1.1i and vice versa. For example >

[ANN] Apache Tomcat Native 1.2.26 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.26 stable. The key features of this release are: - Windows binaries built using 1.1.1i - Expose support for Unix domain sockets (bug 64942) Please refer to the change log for the complete list of changes:

Re: Sometimes HttpServletRequest#asyncStart throws IllegalStateException

On 04/01/2021 13:27, Nicolò Boschi wrote: > Hi all, > > I faced a problem while using asynchronous computing of the HTTP requests > My code is really simple > > AsyncContext asyncContext = request.startAsync(request, response); > > If I interrupt the request from the client, I got > > >

Re: Not able to make JSESSIONID cookie secure

On 04/01/2021 06:02, Amit Khosla wrote: > Hi, > > We are still facing this issue. Can someone please help us? In a clean 8.5.x install, session cookies are only marked as secure if the request that triggered the session creation is made over a secure channel (typically HTTPS). If you amend the

Re: Tomcat 9 - failed to set property [packetSize]

n packetSize="65536" added: > >> ERROR [ErrorPageFilter] Cannot forward to error page for request >> [/app/list] as the response has already been committed. As a result, the >> response may have the wrong status code. If your application is running on >> WebSph

Re: Tomcat 9 - failed to set property [packetSize]

e appreciated. You'll need to provide your full proxy configuration from httpd and the full element(s) from Tomcat for us to be able to help you. Kind regards, Mark > > Thank you very much! > > > On Thu, 31 Dec 2020, 9:05 pm Mark Thomas, wrote: > >> On 31/12/2020 11:0

Re: Tomcat 9 - failed to set property [packetSize]

On 31/12/2020 11:06, valsaraj pv wrote: > Hi, > > WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin >> Match [Server/Service/Connector] failed to set property [packetSize] to >> [65536] > > I see this warning when migrating from Tomcat 8 to 9 on JDK 8. The warning > went

Re: The main resource set specified is not valid

On 21/12/2020 00:50, Marc Chamberlin wrote: > Hello - I am encountering a problem, on OpenSuSE15.0 and on > OpenSuSE15.2, which suddenly appeared, possibly via an update or > possibly from me working on Tomcat and doing something that I can't find > a way to resolve. I am now getting a rather

Re: Tolerating significant system time adjustment

On 16/12/2020 14:04, Christopher Schultz wrote: > All, > > I'm working with a partner to troubleshoot a SAML-based service where > their SAML responses are reaching us after timing-out. I tracked that > down to an incorrect system time on many of their servers. > > Once fixing the clocks --

[ANN] Apache Tomcat 8.5.61 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.61. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.41 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.41. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.41 is a bugfix and

[ANN] Apache Tomcat 10.0.0 (beta) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0 (beta). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: tomcat v 9.0 crashing in Eclipse IDE Version: 2020-09 (4.17.0)

On 08/12/2020 19:51, Jim Anderson wrote: > > I am trying to run Tomcat v 9.0 in Eclipse on a linux PC and the server > is crashing before if fully starts up. At this point, I do not consider > this a user error, It is clearly user error. > but possibly my configuration of Eclipse is a bad >

Updates to POEditor.com

All, As you are probably aware, the Apache Tomcat project uses POEditor.com to manage the i18n translations used by the project. The POEditor team have implemented a change that means it is no longer necessary for us to escape single quotes when using them in translated strings. The appropriate

Re: Weirdest Tomcat Behavior Ever?

On 04/12/2020 20:36, Eric Robinson wrote: > We'll begin the packet captures and straces again on Monday. Mark, besides > network and fd tracing, is there anything else you want from strace to make > the analysis more certain? I think the following should be sufficient: - Wireshark trace for

[SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M9 Apache Tomcat 9.0.0.M5 to 9.0.39 Apache Tomcat 8.5.1 to 8.5.59 Description: While investigating Bug 64830 it was

Re: Problems configuring a JNDI JDBC pool to Postgres

better JMX monitoring - issues tend to get fixed sooner in DBCP2 I tend to value spec compliance so that gives DBCP2 the edge for me. Mark > > Hrafn > > > On Fri, Nov 27, 2020 at 8:24 AM Mark Thomas wrote: > >> On 26/11/2020 22:52, Hrafn Malmquist wrote:

Re: Problems configuring a JNDI JDBC pool to Postgres

On 26/11/2020 22:52, Hrafn Malmquist wrote: > A > > How silly of me. It's right there staring me in the face nested inside the > host in server.xml, right? Right. The changes to GlobalResources look good. You'll probably want to revert the change you made to appBase. > So, best practice

Re: Problems configuring a JNDI JDBC pool to Postgres

On 26/11/2020 19:57, Hrafn Malmquist wrote: > I am running: > > CentOS Linux release 7.8.2003 > Tomcat 9.0.12 > PostgreSQL 9.5.23 > openjdk version "1.8.0_262" > OpenJDK Runtime Environment (build 1.8.0_262-b10) There are good reasons to update to a more recent Tomcat 9 release but I'm not

Re: Problems configuring a JNDI JDBC pool to Postgres

On 26/11/2020 21:01, Rob Sargent wrote: > Looks like you named your resource jdbc/dspaceWeb and dropped the Web in your > lookup Nope. You are confusing the global and local name. The config looks right on first glance. Mark > >> On Nov 26, 2020, at 12:58 PM, Hrafn Malmquist >> wrote: >> >>

Re: Weirdest Tomcat Behavior Ever?

On 26/11/2020 04:57, Christopher Schultz wrote: >> After a normal clean-up the parent then calls close on the two file >> descriptors associated with the pipe for a second time." > > So the child cleans them up AND the parent cleans them up? Or the parent > cleans when up twice? The child

<    6   7   8   9   10   11   12   13   14   15   >