Hi Markus,

I installed the updated packages (in my case only: libtomcat8-java, tomcat8-common and tomcat8) on three different servers. My private one, that serves only my own little projects, a test-server and a redundant production server at work.

It looks like they fix the reported issue on all three hosts and every thing else works as expected.

I will keep monitoring the servers and report back, if I encounter anything strange.

Some days later I will also install the fixed packages on our production-server at work, if nothing has shown up on the servers, where the packages are already installed.

By the way:
During the installation of the three packages I noticed, that one of the three hosts has been vulnarable to the bug, even though the access to the HTTP-connector was restricted to one special client. That means, the bug can be exploited, even if one restricts the access to the port in the server.xml.


Regards,

kai

Am 10.02.2017 um 02:28 schrieb Markus Koschany:
Hello,

thank you for reporting this bug. We think we have found a solution for
this issue. I have uploaded new binary packages of Tomcat 8 for Debian
Jessie to [1] and a debdiff in case you prefer to build the package from
source. We would appreciate it if you could test those packages and tell
us if they fix your cpu load problem.

[1] https://people.debian.org/~apo/tomcat8/

Regards,

Markus


--
juplo
Inhaber: Kai Moritz

Tel: +49 (0)176 20 50 47 47
k...@juplo.de
http://juplo.de

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to