Thanks for the info Mark.
Regards,
Chinoy
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, June 22, 2016 11:43 AM
To: Tomcat Users List
Subject: Re: CVE-2016-3092: Apache Commons Fileupload information disclosure
vulnerability
On 22/06/2016 05:51, Chinoy
On 22/06/2016 05:51, Chinoy Gupta wrote:
> What about 8.5.x branch? Is that also affected.
Yes. 8.5.0 to 8.5.2 are affected.
> And I am not able to see this update on Tomcat security page. Any reasons for
> that?
Oversight. I'll get it added later today unless someone beats me to it.
I'll also
2016-06-21 19:08 GMT-04:00 Joleen Barker :
> Hello Daniel,
>
> Thank you for your replies.
>
> Yes, I have the Java build 1.7.0_71 installed and I have the Unlimited
> security package installed as the application from the vendor requires it.
>
> Ok, you say never to edit the catalina,sh. I can ch
What about 8.5.x branch? Is that also affected. And I am not able to see this
update on Tomcat security page. Any reasons for that?
Regards,
Chinoy
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, June 21, 2016 3:23 PM
To: users@tomcat.apache.org; d...@tomca
Hello Daniel,
Thank you for your replies.
Yes, I have the Java build 1.7.0_71 installed and I have the Unlimited
security package installed as the application from the vendor requires it.
Ok, you say never to edit the catalina,sh. I can change it back. The
settings originally was SSL_VERSION="-D
2016-06-21 14:12 GMT-04:00 Joleen Barker :
> Hello Tomcat friends,
>
> I am looking for some understanding on what is happening in my environment
> to make sure I am not missing anything in my settings.
>
> Basics:
> 1) OS is GNU/Linux
> 2) Java is JDK v1.7
> 3) Tomcat 7
>
> First, this question h
Gerald,
On 6/21/2016 11:03 AM, Miller, Gerald wrote:
> I'm seeing errors from attempts to append uncorrected paths (e.g.,
> C:\out\) and corrected ones (e.g., ~/out/) onto some arbitrary path.
> Assuming a relative path in a case like this makes about as much
> sense as using relative branching in
Now that I think about it, this is probably a classpath issue. Nice to have
when it works, but a royal pain the rest of the time.
From: Miller, Gerald
Sent: Tuesday, June 21, 2016 2:04 PM
To: 'users@tomcat.apache.org'
Subject: How to force keystoreFile and truststoreFile to be absolute paths
I
Hello Tomcat friends,
I am looking for some understanding on what is happening in my environment
to make sure I am not missing anything in my settings.
Basics:
1) OS is GNU/Linux
2) Java is JDK v1.7
3) Tomcat 7
First, this question has come up because we needed to allow TLSv1.2
connections to ou
I'm seeing errors from attempts to append uncorrected paths (e.g., C:\out\) and
corrected ones (e.g., ~/out/) onto some arbitrary path. Assuming a relative
path in a case like this makes about as much sense as using relative branching
in non-relocatable code. I've wasted hours trying to get ri
On 21/06/2016 14:52, Mark Thomas wrote:
> On 21/06/2016 14:43, Andrei Ivanov wrote:
>> 21-Jun-2016 13:38:41.122 FINE [https-openssl-apr-8443-exec-6]
>> org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer
>> An APR general error was returned by the SSL read operation on
>> APR/
On 21/06/2016 15:52, Afaf Zahkya wrote:
> Hello,
>
> I m using tomcat 8.0.21.
>
> I want to send *up* to 4 MB of text messages through a websocket connection
> to my tomcat server. I set the MaxTextMessageBufferSize to 4 MB.Now as a
> result, every time I open a websocket connection and I send a
Hello,
I m using tomcat 8.0.21.
I want to send *up* to 4 MB of text messages through a websocket connection
to my tomcat server. I set the MaxTextMessageBufferSize to 4 MB.Now as a
result, every time I open a websocket connection and I send a message , I
can see that 4 MB are being allocated in
On Tue, Jun 21, 2016 at 4:52 PM, Mark Thomas wrote:
> On 21/06/2016 14:43, Andrei Ivanov wrote:
>> On Tue, Jun 21, 2016 at 4:01 PM, Mark Thomas wrote:
>>> On 21/06/2016 13:43, Mark Thomas wrote:
>>>
I'll take a look at the code and see if I can figure out how this is
happening. Are you
On 21/06/2016 14:43, Andrei Ivanov wrote:
> On Tue, Jun 21, 2016 at 4:01 PM, Mark Thomas wrote:
>> On 21/06/2016 13:43, Mark Thomas wrote:
>>
>>> I'll take a look at the code and see if I can figure out how this is
>>> happening. Are you able to build 8.5.x from source to test any changes I
>>> mi
On Tue, Jun 21, 2016 at 4:01 PM, Mark Thomas wrote:
> On 21/06/2016 13:43, Mark Thomas wrote:
>
>> I'll take a look at the code and see if I can figure out how this is
>> happening. Are you able to build 8.5.x from source to test any changes I
>> might make?
If all it needs is a Java tools, I can
Hi,
I had done some stress tests on Apache Tomcat/7.0.47 and found that tomcat
didn't taken full advantage of hardware resources.I had used Apache Benchmark
tool(ab) to do benckmark,and then monitor the jvm instance of tomcat via
jvisualvm.In the benchmark,I just test the response time of re
On 21/06/2016 13:43, Mark Thomas wrote:
> I'll take a look at the code and see if I can figure out how this is
> happening. Are you able to build 8.5.x from source to test any changes I
> might make?
I have a theory which can be proved/disproved with some extra logging.
First, please add the fol
On 21/06/2016 12:31, Andrei Ivanov wrote:
> Hello,
> Trying to upgrade from 8.0.35 to 8.5.3 (on Win 7 and JDK
> 1.8.0_92-b14), I ran into this error, using Firefox 47:
>
> 21-Jun-2016 11:13:01.689 SEVERE [https-openssl-apr-8443-exec-5]
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process
2016-06-21 13:31 GMT+02:00 Andrei Ivanov :
> Hello,
> Trying to upgrade from 8.0.35 to 8.5.3 (on Win 7 and JDK
> 1.8.0_92-b14), I ran into this error, using Firefox 47:
>
> Try not using the APR connector, for starters, your platform isn't the
best for it IMO.
Rémy
Hello,
Trying to upgrade from 8.0.35 to 8.5.3 (on Win 7 and JDK
1.8.0_92-b14), I ran into this error, using Firefox 47:
21-Jun-2016 11:13:01.689 SEVERE [https-openssl-apr-8443-exec-5]
org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
reading request, ignored
java.lang.IllegalStat
Thanks for forwarding. I hope, that everything is alright with the announcement?
On Tue, Jun 21, 2016 at 11:53 AM, Mark Thomas wrote:
>
> Original Message
> From: Jochen Wiedmann
> Sent: 21 June 2016 10:18:15 BST
> To: priv...@commons.apache.org, "secur...@apache.org" ,
> Tom
I am so sorry. You are correct.
Lance
Sent from my iPhone
> On Jun 20, 2016, at 12:13 PM, Rainer Jung wrote:
>
>> Am 20.06.2016 um 18:32 schrieb Campbell, Lance:
>> Neither of these options will work for me:
>> 1) no-jk is only supported for: "Starting with mod_jk 1.2.6 for Apache 2.x
>> a
Original Message
From: Jochen Wiedmann
Sent: 21 June 2016 10:18:15 BST
To: priv...@commons.apache.org, "secur...@apache.org" ,
Tomcat Security List , annou...@apache.org, Apache
Commons Developers List
Subject: CVE-2016-3092: Apache Commons Fileupload information disclosure
Hello list,
On a new tomcat installation I am noticing extremely high values for
request processing times being reported by the server status page. Even if
I restart tomcat and start sending requests again, the request processing
time again shows extremely high values for a few requests. I have te
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.70.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.
This release contains a number of bug fixes and improvement
On 21/06/2016 03:54, mw...@loftware.com wrote:
>
>
>> -Original Message-
>> From: Mark Thomas [mailto:ma...@apache.org]
>> Sent: Monday, June 20, 2016 11:32 AM
>> To: Tomcat Users List
>> Subject: Re: session-timeout and maxInactiveInterval
>>
>> On 20/06/2016 16:00, mw...@loftware.com w
27 matches
Mail list logo