Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Rainer Jung 

Am 08.05.2017 um 10:08 schrieb Mark Thomas:

On behalf of the Tomcat committers I am pleased to announce that
Michael Osipov (michaelo) has been voted in as a new Tomcat committer.

Please join me in welcoming him.


Congrats and welcome!

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat management interface gives 403 forbidden error

2017-05-08 Thread Coty Sutherland 
On Fri, May 5, 2017 at 12:13 PM, Tim Dunphy  wrote:
> I've had to configure two tomcat servers recently. I've setup one tomcat
> server using using version 8.5.13 and that works fine. I can access Server
> Status, Manager App and Host Manager web interfaces with no problem.
>
> But when I tried setting up a new tomcat server running tomcat version
> 8.5.14 by copying the same configs from the from the 8.5.13 server I'd
> built I get access denied 403 on the Server Status and Manager app. But
> oddly only the Host Manager web interface works correctly. I can access
> that.
>
> I need to figure out why the same configs that work on the first server,
> give me 403 denied on the second server.
>
> This is what I have on each:
>
> Working server Java:
>
> java version "1.8.0_121"
> Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
>
> Non working server have a newer java:
>
> java version "1.8.0_131"
> Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
> Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
>
> Everything else is identical in terms of configuration.
>
> Both have java and tomcat variables setup in /etc/profile:
>
> JAVA_HOME='/usr/lib/jvm'
> CATALINA_HOME='/usr/local/tomcat'
>
> export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL JAVA_HOME
> CATALINA_HOME
>
> Both servers have the same config files, copied from the 1st working server
> to the 2nd non working server.
>
> Tomcat users config:
>
> cat /usr/local/tomcat/conf/tomcat-users.xml
> 
>  roles="manager-gui,admin-gui"/>
> 
>
> The context configuration file has this:
>
>  cat /usr/local/tomcat/conf/context.xml
> 
> 
> 
> 
> 
> 
>
>
> And the webapps context.xml config for both tomcats has this:
>
> cat /usr/local/tomcat/webapps/host-manager/META-INF/context.xml
> 
> 
> 
> 
> 
>
> Why is tomcat server 1 (version 8.5.13) working and the newer tomcat
> version (8.5.14) on server 2 not working?
>
> Thanks in advance!

I responded to your post on SO,
http://stackoverflow.com/questions/43765049/tomcat-management-interface-gives-403-forbidden-error,
a couple days ago. You can answer the questions here or there :)

> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Zala Pierre GOUPIL 
On Mon, May 8, 2017 at 3:52 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Michael,
>
> On 5/8/17 4:08 AM, Mark Thomas wrote:
> > On behalf of the Tomcat committers I am pleased to announce that
> > Michael Osipov (michaelo) has been voted in as a new Tomcat
> > committer.
> >
> > Please join me in welcoming him.



Congratulations!

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Michael,

On 5/8/17 4:08 AM, Mark Thomas wrote:
> On behalf of the Tomcat committers I am pleased to announce that 
> Michael Osipov (michaelo) has been voted in as a new Tomcat
> committer.
> 
> Please join me in welcoming him.

Cheers!

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZEHgrAAoJEBzwKT+lPKRYmOsP/1HL9k29rjD+aRjvoAAfnmM0
aAu9nLvZ1CErjZbQ8wf3hWFZZZoGmAoO3FpSbTAsW1ow0h66yhX4RCBPvOGp7q0d
eMl2CFpXyEvAXmFoty97lnrFSHvKsJEtY7VlUyRgJ4jSrEOuKmA3zZHwbwWGGnOb
FM2asnm43lOjnNbdDehY7lkt0uB6vo0W9fKOcvURMKZwlmIPQ2fBMBf/pW8iEZZw
PSXFV1X5JETN6ozG+cl5E/bn5QbnXxvxb0HtvDisW4csr0VXQ3QXbFT7I70FG6HU
8l2hJUU0iDeNfaxMf/R96z6hEpBYoJaghyVsA4NFyGfYJNy1Ah9Tl9QM3aeGCP0V
+SyJGi8nomOnrTSmdbLZ7lRA6uIzHJLaabrm41ttFEHU8I6lOQSE0hiZyLNasP1g
8VxRhHIPkNjgVLsAqrDfPtaVVV9mdfCCEfRsoCi6sHrfaIhRq4j6fdJ4qxwKjSHz
X6WYTAqMHNoSU57NzLs3AcpmttGTu8iSXfXbDdycHGlUFG1jRpmUHGLz5NQ56oNn
0DcbF2mpEAx/y2kdfJE2NmyYmPLtoGBhcIhV5MKmgBdRzbGtIFV2puVG/AKgIFms
kUL3CuHr4ISkt2Ay+PYaFxkqg/ye/dgRRRDrsQVjNSRhXcXzNBmxiwy0Nsji77lC
XYM9mZeJrLLr8fEStYlg
=aIg3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat 8.5.14, gives 400 error when using a | in the request parameters

2017-05-08 Thread Mark Thomas 
On 08/05/17 13:53, John Zanoni wrote:
> Dear,
> 
> After upgrading tomcat to version 8.5.14 the webserver returns a 400
> error when accessing any web page using a | (pipe) in one of the
> request parameters.
> 
> The | (pipe) is added when the URL is re-written using google
> analytics _getLinkerUrl(), see javascript function below.
> 
>  var pageTracker = _gat._getTrackerByName(); var
> uri=pageTracker._getLinkerUrl(“http://shop.bakkerijhaasnoot.nl”); 
> alert(uri); 
> 
> http://shop.bakkerijhaasnoot.nl?__utma=68893267.349269500.1493841017.1493841017.1493913856.2&__utmb=68893267.38.9.1493914656569&__utmc=68893267&__utmx=-&__utmz=68893267.1493841017.1.1.utmcsr=(direct)
> | utmccn=(direct) | utmcmd=(none)&_utmv=-&_utmk=59369258
> 
> Previous to tomcat 8.5.14 this was never an issue. It is possible to
> replace the | (pipe) for a %7C this prevents tomcat from returning a
> 400 error but how can we tell tomcat not to response with a 400 when
> a | (pipe) is used in the value of one of the parameters. We rolled
> back to an older version (tomcat 8.5.4) to solve the issue but this
> is actually a temporary solution.

The various specifications (RFC 7230, RFC 3986) do not permit the use of
an un-encoded '|' character anywhere in the request target.

Due to CVE-2016-6816 all versions of Tomcat are now much stricter about
enforcing the specifications in this area.

The right solution is fixing the broken client that is sending an
invalid request.

In 8.5.x, 8.0.x and 7.0.x (you'll need a recent release) there is a
system property you can use to bypass this validation in a strictly
limited set of cases - currently '{', '|' and '}'. However, this should
be viewed as a short-term hack around the broken client code. There are
no plans to make this feature available in 9.0.x.

You for tomcat.util.http.parser.HttpParser.requestTargetAllow in
http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat 8.5.14, gives 400 error when using a | in the request parameters

2017-05-08 Thread John Zanoni 
Dear, 

After upgrading tomcat to version 8.5.14 the webserver returns a 400 error when 
accessing any web page using a | (pipe) in one of the request parameters.

The | (pipe) is added when the URL is re-written using google analytics 
_getLinkerUrl(), see javascript function below.


var pageTracker = _gat._getTrackerByName();
var uri=pageTracker._getLinkerUrl(“http://shop.bakkerijhaasnoot.nl”);
alert(uri);


http://shop.bakkerijhaasnoot.nl?__utma=68893267.349269500.1493841017.1493841017.1493913856.2&__utmb=68893267.38.9.1493914656569&__utmc=68893267&__utmx=-&__utmz=68893267.1493841017.1.1.utmcsr=(direct)
 | utmccn=(direct) | utmcmd=(none)&_utmv=-&_utmk=59369258

Previous to tomcat 8.5.14 this was never an issue. It is possible to replace 
the | (pipe) for a %7C this prevents tomcat from returning a 400 error but how 
can we tell tomcat not to response with a 400 when a | (pipe) is used in the 
value of one of the parameters. We rolled back to an older version (tomcat 
8.5.4) to solve the issue but this is actually a temporary solution.

Thanks in advance!

John Zanoni




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Mohammed Manna 
Good to hear this! We look forward to your excellent work here

On 8 May 2017 at 11:58, Martin Grigorov  wrote:

> Welcome, Michael!
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Mon, May 8, 2017 at 10:08 AM, Mark Thomas  wrote:
>
> > On behalf of the Tomcat committers I am pleased to announce that
> > Michael Osipov (michaelo) has been voted in as a new Tomcat committer.
> >
> > Please join me in welcoming him.
> >
> > Regards,
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> >
>

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Martin Grigorov 
Welcome, Michael!

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Mon, May 8, 2017 at 10:08 AM, Mark Thomas  wrote:

> On behalf of the Tomcat committers I am pleased to announce that
> Michael Osipov (michaelo) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Violeta Georgieva 
2017-05-08 11:08 GMT+03:00 Mark Thomas :
>
> On behalf of the Tomcat committers I am pleased to announce that
> Michael Osipov (michaelo) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.

Welcome!

Regards,
Violeta

> Regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Huxing Zhang 
Congratulations!

--
From:Mark Thomas 
Time:2017 May 8 (Mon) 16:08
To:Tomcat Users List 
Cc:Tomcat Developers List 
Subject:[ANN] New committer: Michael Osipov


On behalf of the Tomcat committers I am pleased to announce that
Michael Osipov (michaelo) has been voted in as a new Tomcat committer.

Please join me in welcoming him.

Regards,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] New committer: Michael Osipov

2017-05-08 Thread Mark Thomas 
On behalf of the Tomcat committers I am pleased to announce that
Michael Osipov (michaelo) has been voted in as a new Tomcat committer.

Please join me in welcoming him.

Regards,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org