Mark (Eggers) and Mark (Thomas)
BLUF: I might not have set up the necessary Log4J shutdown procedures. Please
(especially) see my responses flagged by ***.
-Original Message-
From: Mark Eggers [mailto:its_toas...@yahoo.com.INVALID]
Sent: Thursday, July 21, 2016 8:32 PM
To: Tomcat
Hi Folks
I got this error from the Tomcat Web Application Manager after having stopped
and started one of the applications multiple times. (This was after repeatedly
deploying the application manually to attempt to find a bug that I could not
reproduce in my IDE.) Once the error occurred,
Hi Guido
-Original Message-
From: Guido Jäkel [mailto:g.jae...@dnb.de]
Sent: Saturday, July 23, 2016 8:38 AM
To: Tomcat Users List
Subject: Re: OutOfMemoryError: PermGen space - SOLVED
On 22.07.2016 19:15, Berneburg, Cris wrote:
> > The OutOfMemoryError in Tomcat Manager was caused by
Mark (Eggers) and Mark (Thomas)
BLUF: Memory leak found and fixed. I did not set up the necessary Log4J
shutdown procedures. Please see below.
-Original Message-
From: Mark Eggers [mailto:its_toas...@yahoo.com.INVALID]
Sent: Thursday, July 21, 2016 8:32 PM
To: Tomcat Users List
Mark (Thomas), Román, Guido, and Mark (Eggers)
Thank you all for your suggestions, assistance, and patience.
With your help and encouragement I learned how to perform heap dumps using Java
VisualVM, analyze them using Eclipse Memory Analyzer, and follow instructions.
;-)
The OutOfMemoryError
Mark (Eggers)
-Original Message-
From: Mark Eggers [mailto:its_toas...@yahoo.com.INVALID]
Sent: Friday, July 22, 2016 1:28 PM
To: Tomcat Users List
Subject: Re: OutOfMemoryError: PermGen space - SOLVED
> Cris,
>
> On 7/22/2016 10:15 AM, Berneburg, Cris wrote:
> > Mark (Thomas), Román,
Mark/T, Román, Guido, and Mark/DE
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Friday, July 22, 2016 4:54 PM
To: Tomcat Users List
Subject: Re: OutOfMemoryError: PermGen space - SOLVED
On 22/07/2016 19:15, Berneburg, Cris wrote:
> > Mark (Thomas), Román, Guido,
Mark
Thanks again for taking the time to assist with the OutOfMemoryError. BLUF, it
looks like Log4J2 is the culprit. Will you please check my work below to see
if I have interpreted correctly?
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, July 20,
monitor on the
> Visual VM the behavior, if you consistently run out of memory, then
> you may have a leak.
>
> Of course that you would be constrained by the fact of running a
> 32-bit or 64-bit Tomcat / Java environment.
>
>
> On Fri, Jul 15, 2016 at 2:26 AM, Berneburg
Mark
Thanks for taking the time to answer my questions. Please see my response and
questions below.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Thursday, July 14, 2016 2:58 PM
To: Tomcat Users List
Subject: Re: OutOfMemoryError: PermGen space
> On 14/07/2016
Hi Guido
Thanks for taking the time to answer my questions and make suggestions. My
replies below.
-Original Message-
From: Jäkel, Guido [mailto:g.jae...@dnb.de]
Sent: Tuesday, July 19, 2016 10:31 AM
To: 'Tomcat Users List'
Subject: RE: OutOfMemoryError: PermGen space
>> In Visual
libraries for
comparison purposes.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, July 19, 2016 3:15 PM
To: Tomcat Users List
Subject: Re: OutOfMemoryError: PermGen space
> On 19/07/2016 17:19, Berneburg, Cris J. - US wrote:
>
>
>
> >
Mark
BLUF: Thanks for your explanations and assistance. I plan to follow up with
the Log4J2 group. My simple responses below.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Thursday, July 21, 2016 3:47 PM
To: Tomcat Users List
Subject: Re: OutOfMemoryError:
Guido
Thanks for following up with me:
-Original Message-
From: Jäkel, Guido [mailto:g.jae...@dnb.de]
Sent: Friday, July 22, 2016 4:31 AM
To: Berneburg, Cris
Subject: RE: OutOfMemoryError: PermGen space
> >-Original Message-
> >From: Berneburg, Cris [mailto:cberneb...@caci.com]
Mark
> "What topic(s) need to be covered in a Tomcat conference to make it
> as easy as possible to get your employer to pay for you to attend?"
OK, you asked for it. :-)
- The best and worst moments in Tomcat history.
Specific examples. Memorable events. Could be just for the year so the
Chris and Mark
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, September 28, 2016 2:21 PM
To: Tomcat Users List
Subject: Re: JreMemoryLeakPreventionListener docs example
[SNIP]
>>> attach it to a Bugzilla ticket describing what you are
>>> trying to do
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, September 28, 2016 4:43 PM
To: Tomcat Users List
Subject: Re: JreMemoryLeakPreventionListener docs example
It's a slippery slope, my friend. After this, I'll be
pressuring you
Chris
>> So, could we add a small example server.xml snippet
>> to the JreMemoryLeakPreventionListener documentation
>> to make it clear to newbies how to add the
>> classesToInitialize option? Something like:
>>
>> > className="org.apache.catalina.core.
>> JreMemoryLeakPreventionListener"
>>
Around 9/6/16 Chris Schultz replied to the "WAR isolation lifecycle" thread
with:
> There are some libraries that don't shut down well, or the applications
> that use them don't properly shut them down. The solution is to either
> fix the library (ask them!), or use Tomcat's "leak prevention
Chris
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Saturday, September 24, 2016 11:55 AM
To: Tomcat Users List
Subject: Re: JreMemoryLeakPreventionListener docs example
[SNIP]
So, could we add a small example server.xml snippet to the
Chris
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Saturday, September 24, 2016 11:55 AM
To: Tomcat Users List
Subject: Re: JreMemoryLeakPreventionListener docs example
> Once you are happy with your edits, do this:
While I can't say that
Hi Jon
-Original Message-
From: Moore, Jon, Vodafone UK [mailto:jon.mo...@vodafone.com]
Sent: Thursday, October 20, 2016 6:00 AM
To: users@tomcat.apache.org
Subject: java.lang.OutOfMemoryError: PermGen space
> I have a problem where our customers application server stops
> working
Osama
> I have been asked by a company to update their existing working
> tomcat 5 application, which is working on an old Windows 2003
> platform and accessing SQL 2005. The new servers are Windows and
> SQL 2012. I downloaded and installed Tomcat 8.5.12. So, what I
> need to do for migrating
Ankit
-Original Message-
From: Ankit Agarwal [mailto:ankit_agarwal@...]
Sent: Monday, April 10, 2017 3:24 PM
To: users@tomcat.apache.org
Subject: Using Log4J2 2.8 (via the 1.2 API Bridge) for Tomcat8 Internal Logging
- RollingFileAppender does not (cannot?) create new Log File
> Hi,
>
Hi Ankit
-Original Message-
From: Ankit Agarwal [mailto:ankit_agarwal@...]
Sent: Tuesday, April 11, 2017 12:28 PM
To: Tomcat Users List
Subject: Re: Using Log4J2 2.8 (via the 1.2 API Bridge) for Tomcat8 Internal
Logging - RollingFileAppender does not (cannot?) create new Log File
> Hi
Ankit
-Original Message-
From: Berneburg, Cris J. - US
Sent: Thursday, April 13, 2017 10:35 AM
To: Tomcat Users List
Subject: RE: Using Log4J2 2.8 (via the 1.2 API Bridge) for Tomcat8 Internal
Logging - RollingFileAppender does not (cannot?) create new Log File
>> The only p
Chris
>> BTW, why doesn't getRealPath return the full path to the
>> folder that the WAR file is in instead of null?
>
> You mean for a call like getRealPath("/")?
Yes, exactly!
> Well, that would require a path to be returned to the "root" of
> the application. Let's say that ROOT.war is in
>
Chris
Thanks for taking the time to help me out. I appreciate it. Sorry, my
response is kinda wordy. :-P
> If you really REALLY want a file path, you could use the catalina.base system
> property or the tmpdir and go from there. The former is Tomcat-specific, of
> course, and the tmpdir
Chuck
>> How do you all configure the location of a special folder that is not
>> part of the deployment package itself? A site-specific config file perhaps?
>
> Take a look at this:
> http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html
>
> A element within allows specification of
[SNIP]
>> chris S>>> getRealPath is a bad idea. <<<
>>
>> For my education's sake, would you please explain that? [SNIP]
>
> There is no guarantee it will return a non-null value. The typical reason
> is if the app is running from a packed WAR. Using it reduces the portability
> of your
Al
You may or may not find this helpful...
-Original Message-
From: Al Grant [mailto:bigal...@gmail.com]
Sent: Sunday, February 26, 2017 8:34 PM
To: users@tomcat.apache.org
Subject: Debugging
> Hello,
>
> System: Windows 10
> Tomcat Var: 8.5.4
> IDE: Intellij Ultimate
> Java: v1.8
>
>
Chris
-Original Message-
From: Christopher Schultz [mailto:chris@...]
Sent: Friday, February 24, 2017 [multiple]
To: Tomcat Users List
Subject: Re: Getting application root path before servlet is initialized?
[SNIP]
Martin K> In order to avoid hard coding that path,
Martin K> I need a
Hey Chris
> From: Christopher Schultz [mailto:chris@...]
> Sent: Friday, July 21, 2017 1:02 PM
> To: users@tomcat.apache.org
> Subject: Re: [OT] Unable to install Tomcat 9 on Windows 10
[SNIP]
> I'm not such a miserable bastard as this thread would indicate
Sounds like a great sig for you.
Chris and Chris (but not Chris)
-Original Message-
From: Chris Cheshire [mailto:yahoono...@gmail.com]
Sent: Friday, September 08, 2017 9:16 PM
To: Tomcat Users List
Subject: Re: 8.5 - multiple host configuration question
On Thu, Sep 7, 2017 at 5:29 PM,
Chris
Thanks again taking the time to help. Please see below.
>>> So I would recommend a separate CATALINA_BASE for each application's
>>> support for a major Tomcat version. Note that you are welcome to
>>> share WAR files for an application.
>>>
>>> Example:
>>>
>>> Tomcat 6
I'm thinking about upgrading our tomcat from version 6.x to 8.5.x. Yeah, it's
overdue. :-) In our test environment, I would like to install 8.5 in parallel
with 6 for side-by-side comparison testing.
Having never done it before, I'm also thinking about splitting the tomcat and
document
Chris
Thanks for taking the time to explain this to me. I'm still trying to absorb
it all. More below.
> > My question is this. Is it even possible or simply not recommended
> > for both tomcat instances to share the same CATALINA_BASE? The work
> > folder with compiled cache is buried in
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, May 2, 2018 4:01 PM
To: users@tomcat.apache.org
Subject: Re: tomcat 6 vulnerability scan default error page help
> On 02/05/18 20:51, Leon Rosenberg wrote:
> > Hi Mark,
> >
> > I agree with you that the
Leon, Mark, and Alejandro
Thanks for your time and suggestions. I appreciate it.
cjb> We are getting dinged by a vulnerability scan for the default
cjb> not-found error page being returned by Tomcat for a Status 404.
cjb> [...]
cjb> However, I can't find where the error-page for 404 is defined.
Mark
Thanks for taking the time to help. Again, I appreciate it.
cjb> We are getting dinged by a vulnerability scan for the default
cjb> not-found error page being returned by Tomcat for a Status 404.
cjb> [...]
cjb> And we're using Tomcat 6.0.37 (ahem).
MT> And you are worried about returning
Hi Greg
-Original Message-
From: Greg Huber [mailto:gregh3...@gmail.com]
Sent: Thursday, April 26, 2018 4:53 AM
To: Tomcat Users List
Subject: Tomcat 9 ;jsessionid
> Hello,
>
> One thing I have noticed with Tomcat 9.0.x I get alot
> ;jsessionid=xxx appended to
We are getting dinged by a vulnerability scan for the default not-found error
page being returned by Tomcat for a Status 404.
On my dev server when requesting an invalid URL, Tomcat returns a Status 404
page that displays the Tomcat version. Right, I need to do something about
that.
However,
Darin
> From: dbol...@dsginc.biz [mailto:dbol...@dsginc.biz]
> Sent: Friday, October 20, 2017 9:47 AM
> To: users@tomcat.apache.org
> Subject: TomCat service is running but not responding
>
> I have a TomCat 8.5.23 service running on a Windows 2008 server.
> The service would be running fine but
Christoph
While my response is late, and you seemed to have solved your problem, if you
don't mind, I would like to attempt to clarify about quotes and spaces in
Windows.
-Original Message-
From: Christoph P.U. Kukulies [mailto:k...@kukulies.org]
Sent: Wednesday, January 10, 2018 6:39
Due to security concerns and general fussiness on my part, I'd like to prevent
users from requesting JSP pages directly, except for the login page. I want
all requests to be handled by servlets. That way I can legitimately claim that
all requests are being validated, input scrubbed, JSP's
Hi Woonsan
Thanks for providing an "option C". :-) There is still much for me to learn.
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being
Hi Mark
Thanks for taking the time to reply. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed, JSP's
Hi Louis
Thanks for replying to my request for help. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input
David
Thanks for taking the time to reply. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like to
cjb> prevent users from requesting JSP pages directly [...]. That way I can
cjb> legitimately claim that all requests are being validated, input scrubbed,
cjb> JSP's
Hi Chris
Thanks for your insight and reply.
cjb> I'd like to prevent users from requesting JSP pages directly,
cjb> except for the login page.
cs> Why except for the login page? I would include the login page
cs> as something that should be fronted with a (non-JSP) servlet,
cs> even if that
Chris (and Mark)
Bingo!
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed, JSP's cannot be taken advantage
Chris
[combining messages]
cjb> Am I mistaken, but does vulnerability scanning software
cjb> seem to feed on that sort of thing?
cs> Most vulnerability scanners just try to detect your server's
cs> version and look-up any publicly-reported vulnerabilities in
cs> e.g. NVD. They are really stupid
Hi Woonsan
cjb> I'd like to prevent users from requesting JSP pages directly
cjb> a. [...] adding a for each folder.
cjb> b. [...] JSP files under the WEB-INF folder.
wk> c. Implement a servlet filter which is mapped to /* with
wk> dispatcher options: REQUEST, INCLUDE, FORWARD. The filter
Thanks Mark for making that available! My questions below.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, April 11, 2018 6:32 PM
To: Tomcat Users List
Subject: Training material is now on-line
> Hi all,
>
> Thanks to the magic
Thanks Mark
[lots of snippage]
MT> https://apache.github.io/tomcat-training/
cjb> Should "Client" actually be "Server" in Step 12: ChangeCipherSpec?
cjb> Or did you already know about that?
MT> It should and I didn't. I've just committed the fix. It should be
MT> live in a few minutes. Thanks
Thanks Chris for taking the time to provide such a detailed and educational
answer.
cjb> Now let's say that we want the Tomcat application to only do
cjb> rendering. It connects to a different server, X, and no longer to the
cjb> DB. The X server connects to the DB. Requests and data flow
Hi Folks
There's a concept I'm trying to wrap my brain around. It's similar to MVC,
separating responsibilities between the display and model/controller layers.
In terms of coding, I know how to make that happen. However, in terms of
server architecture, I do not.
For the purposes of
Chris and Chris
-Original Message-
> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
> Sent: Wednesday, February 28, 2018 8:40 AM
> To: Tomcat Users List
> Subject: RE: Security of AJP
>
> Since AJP is not really needed by Tomcat; If I comment out
Thanks Mark
mt> The argument for a JRE vs a JDK is that the JDK includes
mt> a compiler. The only reason Tomcat can run on a JRE and
mt> still support JSPs (which require compilation) is that
mt> Tomcat includes a Java compiler. I don't think the
mt> security argument holds much water.
I had not
Thanks Igal
mt> OpenJDK is very close to the Oracle JDK these days. I regularly run
mt> Tomcat's unit tests with the latest OpenJDK and have yet to find an
mt> issue that is OpenJDK specific.
is> I asked Gil Tene about this a couple of weeks ago. Gil is a co-
is> founder of Azul Systems, an
Chris
cjb> large bureaucracy [...] I would not be
cjb> surprised if there is a policy against dev kits and IDE's on
cjb> production servers for security sake. Tomcat (whisper: with built-in
cjb> compiler) is approved, but is the JDK allowed? Guess I can ask.
cjb> Yeah, it's potentially a
Thanks Igal
is> p.s. So happy to see that you finally moved from Tomcat 6 to 8.5.
is> Perhaps you can share that experience in a separate thread and let
is> others know if you ran into any major problems during that process.
Will do. So far we've only run into 3 minor issues.
--
Cris Berneburg
Hey Chris
cjb> RAMBLE: Too bad there can't be an Apache OpenJRE umbrella project,
cjb> with specific Apache OpenJRE [version X] sub-projects, that maintain
cjb> JRE [version X]'s indefinitely. One source (Apache) for all the
cjb> different JRE's for the Java community at large, rather than
Hi Folks
What has anyone been thinking about the upcoming Oracle Java 11 release /
support stuff? Frankly, I'm confused by it all and am still trying to wrap my
brain around it. I have concerns about the potential implications for my
little project, and also wonder about Tomcat at large.
Hi Folks
I upgraded Java from 8u181 to 8u191 on our dev (JDK) and test (JRE) Windows
2012 servers today. After doing so, the Tomcat 8.5(.32) Windows services would
no longer start. Removing and re-adding the service fixed the service. I
don't remember having to re-install the TC Windows
Thanks Mark
cjb> I upgraded Java from 8u181 to 8u191 on our dev (JDK) and test (JRE)
cjb> Windows 2012 servers today. After doing so, the Tomcat 8.5(.32)
cjb> Windows services would no longer start. Removing and re-adding
cjb> the service fixed the service. I don't remember having to
Thanks André
cjb> I upgraded Java from 8u181 to 8u191 on our dev (JDK) and test
cjb> (JRE) Windows 2012 servers today. After doing so, the Tomcat
cjb> 8.5(.32) Windows services would no longer start. Removing and
cjb> re-adding the service fixed the service.
mt> You need to reconfigure
Hi Gael
>> >> >> On 03/10/18 12:28, Gael REYNOARD wrote:
>> >> >>> Hello everybody,
>> >> >>>
>> >> >>> OS : Windows 7 Pro x64
>> >> >>> Tomcat : 8.5.31
>> >> >>>
>> >> >>> On a test bench, I reboot Windows to test one of our C#
>> applications.
>> >> >>> Sometimes after starting the OS, my
Mark
cjb> getting the dreaded JasperException in production.
cjb> Don't know what changed to start causing this. Same
cjb> thing happened in the test environment 9/4/18. We
cjb> got around the problem in test by upgrading to Java
cjb> 8u181 and Tomcat 8.5.30.
cjb>
cjb> JRE 8u171, 32 bit
cjb>
Thanks Mark
cjb> Anyone have advice on, experience with, or
cjb> info about setting cachingAllowed=false?
cjb> [...]
cjb> In our testing of TC 8.5.32 on Java 8u181,
cjb> report output Excel files won't load
cjb> (immediately). An error is displayed to
cjb> the user. These Stack Overflow topics
Thanks Chris
cjb> of TC 8.5.32 on Java 8u181, report output Excel
cjb> files won't load (immediately). An error is
cjb> displayed to the user. [...]
cjb> 1. What are the ramifications of disabling the cache?
cjb> IOW, what are the potential side-effects? [...]
cjb> 2. Is there a "better" way to
Mark
cjb> RAMBLE: The thing is, it worked in TC 6.0
cjb> but not 8.5. Is it possible a major change
cjb> [...] Did TC 6.0 not cache files?
mt> The resources implementation was completely
mt> re-written for 8.x [...] I'm fairly sure
mt> not found results weren't cached in 6.0.x.
OK, thanks for
Hi Folks
Anyone have advice on, experience with, or info about setting
cachingAllowed=false?
BACKGROUND:
Our customer is suddenly getting a JasperException in production. To solve,
we're planning to upgrade Tomcat to 8.5.x. In our testing of TC 8.5.32 on Java
8u181, report output Excel
OK, now we're getting the dreaded JasperException in production. Don't know
what changed to start causing this. Same thing happened in the test
environment 9/4/18. We got around the problem in test by upgrading to Java
8u181 and Tomcat 8.5.30.
JRE 8u171, 32 bit
Tomcat 6.0.32, 32 bit
Mark
cjb> SPECIFIC: The Excel files are [...] accessed only
cjb> once. They don't need to be cached. Is it
cjb> possible to declare only the Excel reports output
cjb> folder as non-cache-able but leave the (default)
cjb> context cache setting as-is so everything else
cjb> can be cached in the
I just remembered something.
cjb> After reverting Java and our app, the app still
cjb> won't run and still throws compilation errors.
cjb> * Staging Server - after rollback
cjb> JRE 8u171, 32 bit
cjb> Tomcat 6.0.32, 32 bit (unchanged)
cjb> App v3.3.2
cjb> * Partial stack trace:
cjb>
Konstantin
Thanks for jumping in to help out. :-)
cjb> After reverting Java and our app, the app still
cjb> won't run and still throws compilation errors.
cjb> * Staging Server - after rollback
cjb> JRE 8u171, 32 bit
cjb> Tomcat 6.0.32, 32 bit (unchanged)
cjb> App v3.3.2
kk> My guess is that
Konstantin, et al
Well, it's all a moot point now. :-)
cjb> After reverting Java and our app, the app still
cjb> won't run and still throws compilation errors.
cjb> * Staging Server - after rollback
cjb> JRE 8u171, 32 bit
cjb> Tomcat 6.0.32, 32 bit (unchanged)
cjb> App v3.3.2
kk> My guess is
Hi Folks
We can't figure out what's wrong with our staging server. After upgrading Java
and our application, Tomcat started logging "Compilation error" exceptions.
The login JSP page did not display.
After reverting Java and our app, the app still won't run and still throws
compilation
Hi Andi
am> Another try on a third Windows Server 2008 R2 that never contained Java or
Tomcat.
am> I am logged in as local administrator.
am> Installed Java 11 and Tomcat 9.
am> And again same error :(
am> I would really appreciate any help.
Sorry you are going through all this trouble. I have
Hi Danyaal
dh> I'm encountering following scan finding errors
dh> and couldn't find way to mitigate this.
dh> Tomcat 8.5.32
dh> 12085
dh> Apache Tomcat Default Files
dh> The following default files were found
dh> :/nessus-check/default-404-error-page.html
dh> Delete the default index page and
Hi Ralf
am> What I did now:
am> - removed Tomcat services by service.bat
am> - uninstalled all Tomcats (7 and 9)
am> - uninstalled all Java (was only Version 11)
am> - server reboot
am> - Installed Java 11 (File: jdk-11.0.1_windows-x64_bin.exe)
am> - reboot
am> - Installed Tomcat 9 (File:
Hi Youness
Please see my comments below
-Original Message-
From: youness.dakk...@bnpparibasfortis.com
Sent: Wednesday, March 6, 2019 7:55 AM
To: Tomcat Users List
Subject: RE: Tomcat 8.5.13 - random issue with HTTPS (blank page) - working
good with HTTP
> This is the content of the
-- Christopher Schultz (cs) wrote 3/12/19:
-- Rich Bowen (rb) wrote 3/6/19:
rb> * Apache Roadshow DC is in [2] weeks. Register now at
rb> https://apachecon.com/usroadshowdc19/
cs> I'll be speaking at this event, and I'd love to meet some
cs> local Tomcat-ers. It's $25 to attend; schedule
-Original Message-
From: Christopher Schultz
> "things to look into when I retire and my house is totally clean and
> my kids are finally out of the house" so of course, I'll never get around to
> it.
+1 :-)
--
Cris Berneburg
CACI Lead Software Engineer
Hi Sumit
Please see my response below your question.
-Original Message-
From: Sumit Bhardwaj
Sent: Saturday, July 20, 2019 8:48 AM
To: Tomcat Users List
Subject: Security vulnerabilities with tomcat 9
> Hi,
>
> We are using tomcat 9 and getting following two vulnerabilities in
Hi JHHL
> security audit on the Tomcat server we maintain
My condolences. :-) We're gone through several scans over the past couple
years too. Yeah, it's a pain.
If you can get the report details, it may provide enough info to pinpoint the
exact problems. Checkmarx scanning software does,
Thanks Chris!
CS> IMO, the JSP effort was a stepping-stone on a path to better
CS> technologies like Velocity, FreeMarker, and others. If I were
CS> king, JSP would just go away. Just my POV of course [...]
cjb> what do you like better about Velocity, FreeMarker, etc.
cjb> more than JSP?
CS> I
Rony
RF> If possible I would like to write a single tagclass, but use it
RF> for two or more different tags, as the implementation would share
RF> quite a lot of code. Besides, it might be helpful for debugging.
CS> Feel free to build a base class with the shared code and then implement
CS> the
Hey Chris
CS> IMO, the JSP effort was a stepping-stone on a path to better
CS> technologies like Velocity, FreeMarker, and others. If I were
CS> king, JSP would just go away. Just my POV of course, you are
CS> welcome to fall in love with JSP. :)
Seeing as I am ever on the trailing edge of
Hi Mark
Thanks for taking the time to explain that to me. :-)
A few more questions, if you don't mind.
cjb> TC thinks the stream should be closed when the client
cjb> thinks the stream is still open? Basically RST_STREAM
cjb> is a keep-alive?
mt> No. The stream closed cleanly. The client is
Thanks again Mark :-)
mt> how that Map is pruned (it is currently too aggressive)
mt> if Tomcat is processing 10k req/s just keeping track of
mt> the last 30s is potentially 300k streams. How to do that
mt> efficiently for all usage patterns is a problem that
mt> needs some thought.
Sounds a
Hi Mark
As with most topics here, I struggle to understand what is being discussed.
:-) So please bear with me.
> improving how Tomcat handles traffic like this.
>
> Looks like Tomcat could prune the closed streams
> less aggressively.
>
> At the moment it waits until there are
>
Chris
[major snippage]
CS> app/work/Catalina/localhost/[$context]/org/apache/jsp/admin/
CS> SessionSnooper_jsp.java exist and have file-dates from way back
CS> in 2016. (No recent changes)
CS> This is Tomcat 8.5.65 from a stock ASF-distrubuted tarball,
CS> launched using "catalina.sh start".
Hi Folks
Sometimes we get strange errors after deployments to our test server. We just
"solved" some weirdness by manually cleaning out the TC temp folder(s) - again.
Googling confirms what I thought about the TC work versus temp folder:
* "work stores compiled JSPs and other assets".
* "temp
Hi Mark
Thanks for getting back with me. :-)
markt> What is the setting for unpackWARs for Host?
These are the host settings in server.xml:
name="localhost"
appBase="webapps"
unpackWARs="true"
autoDeploy="true"
deployOnStartup="false"
markt> Running directly from a WAR (with
Hi Folks :-)
One of our web apps is using a "lot" of memory, specifically a big user query.
We'd like to find out why.
The Tomcat Web Application Manager Find leaks button said that "No web
applications appear to have triggered a memory leak on stop, reload or
undeploy."
Tomcat Manager
Hi Chris
cs> This is a relatively simple JSP. There are no tag libraries in use and
cs> there are 3 imports of JSPs which contain some static utility functions.
Sorry, no technical suggestions, but some questions...
Can you load those 3 dependent JSP's in a browser via URL (or are they
Thanks Chris
[snip, snip, snippety-snip]
CS> What's the database? And the driver?
Oracle 19, oracle.jdbc.OracleDriver - jdbc:oracle:thin.
CS> MySQL Connector/J used to (still does?) read 100% of the results
CS> into the heap before Statement.executeQuery() returns unless you
CS> specifically
Hi Amit :-)
cb> 1. Is there a way to analyze uncollected garbage?
cb> 2. Is that a reasonable way to identify potential memory usage problems?
ap> Have you enabled the " Enable 'keep unreachable objects'" setting of MAT?
ap> https://blog.gceasy.io/2015/12/11/eclipse-mat-titbits/
No, I had not
1 - 100 of 130 matches
Mail list logo