Due to the announce security bug
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 I wanted to
upgrade tomcat from 6.0.14 to 6.0.18.
Tomcat is running on a VPS on a Linux box with kernel 2.6.18. The
application has been running for a while without any problems with
tomcat 6.0.14. Load is difficult to measure due to invisible load on
host-system.
After the upgrade, I got the following problems:
* running with the NIO http connector, tomcat crashed with a 'Too many
open files' exception
java.io.IOException: Too many open files
at sun.nio.ch.ServerSocketChannelImpl.accept0(Native Method)
at sun.nio.ch.ServerSocketChannelImpl.accept(Unknown Source)
at
org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:
1163)
at java.lang.Thread.run(Unknown Source)
* running with the apr connector, tomcat crashed silently, even when
shutting down it complained about threads it didn't managed to shut down.
* with apr and blocking http connector, I got problems with
cookies-handling and the advise to use Base64 encoding for cookies.
After two month struggling to get tomcat in a stable state, I switched
back to tomcat 6.0.14 with the original NIO connector:
<Connector port="80"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
URIEncoding="UTF-8"
compression="on"
enableLookups="false"
maxThreads="100"
maxSpareThreads="20" />
and everything worked without problems again. I made sure that I didn't
use 'allowLinking' so I'm not in danger of the vulnerability.
I hope somebody has some ideas what has gone wrong. I would like to
known what I should look for when upgrading the next time.
Best regards,
Heiko
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
