Lars had advised me this would not be easy, as this fix would need to be made in several apps.
I did not have time to figure out exactly which Tomcat package would work, but your approach sounds reasonable to me. We took a temporary route and used one we knew would work until the upgrade to at least 2.24 is feasible. On Wed, Feb 1, 2017, 18:38 Bob Jolliffe <[email protected]> wrote: > Thanks Jason. To make matters more complicated it looks like ubuntu > maintains its own patch release numbering of tomcat. So for example it > looks like the problem first raised in Zim after > upgrading 7.0.52-1ubuntu0.7 to 7.0.52-1ubuntu0.8. > > They can try to rewind that upgrade to see if good behaviour is restored. > > Then I believe you can hold back further upgrades to certain packages > with apt-mark hold <package-name>. We'll see. > > How painful is it to patch dhis2 older versions? I was looking (without > success) for relevant github commit. > > > > On 1 February 2017 at 11:54, Jason Pickering <[email protected]> > wrote: > > Hi Bob, > > https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.35/ > > is known to work in this situation for me. Lars suggested this version and > it worked for us. > > We had the exact same thing happen on another instance, which basically > "broke" dhis2-tools, so for the time being, we are using this specific > version of Tomcat as a local install to work around the problem until that > instance can be upgraded. > > Specifically, it was this commit (thanks to BAO for finding it) > > > https://github.com/apache/tomcat70/commit/a3d7be9e35505f85fc01f5f36451c710f9c9bbcc > > which introduced this, which seems to be Tomcat 7.0.73, so something > earlier than that should work as well. I am not sure which commit this was > in Tomcat 8. > > Hope that helps. > > Regards, > Jason > > > On Wed, Feb 1, 2017 at 6:06 PM, Bob Jolliffe <[email protected]> > wrote: > > Hi Lars and all > > I can see this is going to cause quite a bit of chaos with large country > installations where they are not able to be too agile with upgrading. > > Do you have more precise info on the exact tomcat version numbers? We > just saw in Zim (DHIS 2.22) that the package manager automatically upgraded > to 7.0.52 and they started seeing these problems. So maybe it is that > version? > > They will have to try and come up with a process of downgrading tomcat and > holding that version via the package manager as a short term measure while > they plan any dhis2 upgrade process. > > So getting the exact tomcat versions where the URL checking was introduced > will be helpful if you have them. > > On 7 January 2017 at 12:56, Lars Helge Øverland <[email protected]> wrote: > > Hi all, > > the latest builds of tomcat (the servlet container mostly used with DHIS > 2) has tightened up validation of characters in URLs, so that only > characters defined as safe per RFC 1738 > <https://www.ietf.org/rfc/rfc1738.txt> are allowed. Our apps had some > cases of un-escaped use of the pipe character which was causing tomcat to > occasionally return 400 bad request. > > We have patched this now in 2.24, 2.25 and master. > > Bottom line: If you plan to upgrade to very latest Tomcat 7, 8 or 8.5 > builds on your server, make sure to upgrade to latest 2.24 or 2.25 of DHIS > 2. > > > regards, > > Lars > > > > > > > -- > Lars Helge Øverland > Lead developer, DHIS 2 > University of Oslo > Skype: larshelgeoverland > [email protected] > http://www.dhis2.org <https://www.dhis2.org/> > > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-users > Post to : [email protected] > Unsubscribe : https://launchpad.net/~dhis2-users > More help : https://help.launchpad.net/ListHelp > > > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : [email protected] > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > > > > > -- > Jason P. Pickering > email: [email protected] > tel:+46764147049 <+46%2076%20414%2070%2049> > > >
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
