Re: EOL - Tomcat versions
On 19/01/2024 19:06, Francisco Dellanio Leite Alencar wrote: @Mark Thomas, Is it possible to consider that the minimum support time of Apache Tomcat 9.0.X is until 2027 (10 years since Released)? I'd say 2027 is a reasonable estimate of the likely EOL date for 9.0.x but I'm not going to provide any guarantees on that. The Tomcat community has committed to providing at least 12 months notice of EOL of any major version. More detail in the thread listed below against 9.0.x. If long term support is your concern then I'd consider looking at Tomcat 10.1.x. It does require Java 11 (Tomcat 9.0.x requires Java 8) but it will get you an additional ~3 years support. I will take the opportunity to point out that what you get with Tomcat is already pretty good. - major versions support for ~10 years including new features, bug fixes and security fixes - monthly releases throughout that ~10 year period (with the odd gap) - all reproducible bugs reported fixed in the next release (this is the one where Tomcat really stands out) - you can actually talk to the folks the maintain the code If you really need 9.0.x and really need guarantees on dates then there are commercial organizations that will sell you that service. Just make sure you pick one that has the skills and in-depth Tomcat knowledge necessary to deliver that support. Mark Thanks. On 2024/01/08 08:42:28 Mark Thomas wrote: On 08/01/2024 06:47, i...@flyingfischer.ch wrote: https://endoflife.date/tomcat Am 08.01.24 um 07:39 schrieb Deshmukh, Kedar: Hello, Could you please throw some light on Tomcat versions and its EOL plan? See https://tomcat.apache.org/whichversion.html 1. 8.5.X EOL 31 March 2024 2. 9.0.X No plans. See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0 3. 10.0.X Already EOL as of 31 October 2022 4. 10.1.X No plans. See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: EOL - Tomcat versions
Francisco, On 1/19/24 14:06, Francisco Dellanio Leite Alencar wrote: Is it possible to consider that the minimum support time of Apache Tomcat 9.0.X is until 2027 (10 years since Released)? Did you take a look at the mailing list thread references? -chris On 2024/01/08 08:42:28 Mark Thomas wrote: On 08/01/2024 06:47, i...@flyingfischer.ch wrote: https://endoflife.date/tomcat Am 08.01.24 um 07:39 schrieb Deshmukh, Kedar: Hello, Could you please throw some light on Tomcat versions and its EOL plan? See https://tomcat.apache.org/whichversion.html 1. 8.5.X EOL 31 March 2024 2. 9.0.X No plans. See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0 3. 10.0.X Already EOL as of 31 October 2022 4. 10.1.X No plans. See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat Windows Service fails when running in OpenJDK 11
On Fri, Jan 19, 2024 at 4:05 PM Decarbon wrote: > Hi all, > > I have been installing and running a Windows Service using Tomcat 9.0.83 > on OpenJDK 8 just fine. But when I moved to OpenJDK 11, specifically > microsoft-jdk-11.0.21-windows-x64.zip, the Service always fails to start > with the following error logged in commons-daemon.log: > [2024-01-19 15:39:03] [info] [15344] Apache Commons Daemon procrun > (1.3.4.0 64-bit) started. > [2024-01-19 15:39:03] [info] [15344] Running Service 'FFBruh'... > [2024-01-19 15:39:03] [info] [15636] Starting service... > [2024-01-19 15:39:03] [error] [18700] CreateJavaVM Failed with error [-6] > [2024-01-19 15:39:03] [error] [18700] The system cannot find the file > specified. > [2024-01-19 15:39:03] [error] [15636] Failed to start Java > [2024-01-19 15:39:03] [error] [15636] ServiceStart returned 4. > [2024-01-19 15:39:03] [info] [15344] Run service finished. > [2024-01-19 15:39:03] [info] [15344] Apache Commons Daemon procrun > finished. > > The service is installed as follows: > > C:\app\bin\tomcat9.exe //IS//%SERVICE_NAME% ^ > --Description "Some Desc" ^ > --DisplayName "Display Name" ^ > --Install "C:\app\bin\tomcat9.exe" ^ > --LogPath "%CATALINA_BASE%\logs" ^ > --StdOutput auto ^ > --StdError auto ^ > --Classpath "%CLASSPATH%" ^ > --Jvm "%JVM%" ^ > --StartMode jvm ^ > --StopMode jvm ^ > --StartPath "%CATALINA_HOME%" ^ > --StopPath "%CATALINA_HOME%" ^ > --StartClass org.apache.catalina.startup.Bootstrap ^ > --StopClass org.apache.catalina.startup.Bootstrap ^ > --StartParams start ^ > --StopParams stop ^ > --Startup auto ^ > --JvmMs %INIT_MEMORY_POOL_SIZE% ^ > --JvmMx %MAX_MEMORY_POOL_SIZE% ^ > --JvmSs %STACK_SIZE% ^ > --Environment "ksp=%KSP%" ^ > --StartPath "%CATALINA_HOME%" ^ > --JvmOptions9 "some long list of -D options" > > One thing to note is that, with OpenJDK 8, the JRE was included in the JDK > but from OpenJDK 11 they have removed it and is not part of the JDK. > Therefore, with 8 the --Jvm flag was pointing to > C:\app\java\jre\bin\jvm.dll but now after the upgrade it is > C:\app\java\bin\jvm.dll > > Looking for your advice here. > Thanks! > Decarbon > Small correction, the path to %JVM% was C:\app\java\jre\bin\server\jvm.dll and now with OpenJDK 11 C:\app\java\bin\server\jvm.dll
Apache Tomcat Windows Service fails when running in OpenJDK 11
Hi all, I have been installing and running a Windows Service using Tomcat 9.0.83 on OpenJDK 8 just fine. But when I moved to OpenJDK 11, specifically microsoft-jdk-11.0.21-windows-x64.zip, the Service always fails to start with the following error logged in commons-daemon.log: [2024-01-19 15:39:03] [info] [15344] Apache Commons Daemon procrun (1.3.4.0 64-bit) started. [2024-01-19 15:39:03] [info] [15344] Running Service 'FFBruh'... [2024-01-19 15:39:03] [info] [15636] Starting service... [2024-01-19 15:39:03] [error] [18700] CreateJavaVM Failed with error [-6] [2024-01-19 15:39:03] [error] [18700] The system cannot find the file specified. [2024-01-19 15:39:03] [error] [15636] Failed to start Java [2024-01-19 15:39:03] [error] [15636] ServiceStart returned 4. [2024-01-19 15:39:03] [info] [15344] Run service finished. [2024-01-19 15:39:03] [info] [15344] Apache Commons Daemon procrun finished. The service is installed as follows: C:\app\bin\tomcat9.exe //IS//%SERVICE_NAME% ^ --Description "Some Desc" ^ --DisplayName "Display Name" ^ --Install "C:\app\bin\tomcat9.exe" ^ --LogPath "%CATALINA_BASE%\logs" ^ --StdOutput auto ^ --StdError auto ^ --Classpath "%CLASSPATH%" ^ --Jvm "%JVM%" ^ --StartMode jvm ^ --StopMode jvm ^ --StartPath "%CATALINA_HOME%" ^ --StopPath "%CATALINA_HOME%" ^ --StartClass org.apache.catalina.startup.Bootstrap ^ --StopClass org.apache.catalina.startup.Bootstrap ^ --StartParams start ^ --StopParams stop ^ --Startup auto ^ --JvmMs %INIT_MEMORY_POOL_SIZE% ^ --JvmMx %MAX_MEMORY_POOL_SIZE% ^ --JvmSs %STACK_SIZE% ^ --Environment "ksp=%KSP%" ^ --StartPath "%CATALINA_HOME%" ^ --JvmOptions9 "some long list of -D options" One thing to note is that, with OpenJDK 8, the JRE was included in the JDK but from OpenJDK 11 they have removed it and is not part of the JDK. Therefore, with 8 the --Jvm flag was pointing to C:\app\java\jre\bin\jvm.dll but now after the upgrade it is C:\app\java\bin\jvm.dll Looking for your advice here. Thanks! Decarbon
RE: Re: EOL - Tomcat versions
@Mark Thomas, Is it possible to consider that the minimum support time of Apache Tomcat 9.0.X is until 2027 (10 years since Released)? Thanks. On 2024/01/08 08:42:28 Mark Thomas wrote: > > > On 08/01/2024 06:47, i...@flyingfischer.ch wrote: > > https://endoflife.date/tomcat > > > > Am 08.01.24 um 07:39 schrieb Deshmukh, Kedar: > >> Hello, > >> > >> Could you please throw some light on Tomcat versions and its EOL plan? > > See https://tomcat.apache.org/whichversion.html > > >> 1. 8.5.X > > EOL 31 March 2024 > > >> 2. 9.0.X > > No plans. > See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0 > > >> 3. 10.0.X > > Already EOL as of 31 October 2022 > > >> 4. 10.1.X > > No plans. > See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0 > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Getting Two times login page issue.
Mohit, Please don't hijack threads. On 1/18/24 20:08, Chaudhary, Mohit wrote: Hello Team , We are facing a issue with the tomcat application login URL , where it is asking twice for login to the user , with first login it will redirect again to the login page , while reentering the credentials again , it is successful ( with second attempt it is working ) and user will be redirected to the next page , this issue we have encountered after a datacenter migration for the tomcat server on Test region , the servers were cloned from the original server to the new datacenter servers, we had manually updated the new IP address on the configuration files related to new servers , but with testing part we encountering this issue , We had 2 servers on Test region which are load balanced where 1 server is working fine ( with another server shutdown ) , no issue with login page on this server , while issue happening on another server. The application login page resides on the Lotus Domino server and authentication happens on Domino side and then it redirects the request to Apache and Tomcat servers . Please suggest on this issue . Thanks, Mohit - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure
Correcting the CVE reference in the text (the subject line is correct) Mark On 19/01/2024 10:17, Mark Thomas wrote: CVE-2023-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data from a previous request from another user. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 9.0.44 or later - Upgrade to Apache Tomcat 8.5.64 or later Credit: This vulnerability was reported responsibly to the Tomcat security team by xer0dayz from Sn1perSecurity LLC. History: 2024-01-19 Original advisory References: [3] https://tomcat.apache.org/security-9.html [4] https://tomcat.apache.org/security-8.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure
CVE-2023-46589 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data from a previous request from another user. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 9.0.44 or later - Upgrade to Apache Tomcat 8.5.64 or later Credit: This vulnerability was reported responsibly to the Tomcat security team by xer0dayz from Sn1perSecurity LLC. History: 2024-01-19 Original advisory References: [3] https://tomcat.apache.org/security-9.html [4] https://tomcat.apache.org/security-8.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org