I was tasked with writing a web application that needs to forward a http
request to each server after checking certain headers.
Of course I can use a library like apache http client to reconstruct and
send the data.
But if you think about it, this is a very unreasonable and bad way.
Suppose you
Hello,
When I deploy my war it produces the below error message, telling me
to pass the "--enable-preview". I can add the "--enable-preview" to
my tomcat start.sh script dev environment to resolve the problem.
However, if I launch the production tomcat using the jsvc binary (to
bind to port 443
On 3/18/20 1:16 AM, Olaf Kock wrote:
Are you sure that this is for tomcat, not for your own application?
Actually, since on-screen it looks like one of ours, I was already
leaning to that conclusion, and had brought it to the attention of our
webapp developer.
Thanks for all the responses
Hi JHHL
> security audit on the Tomcat server we maintain
My condolences. :-) We're gone through several scans over the past couple
years too. Yeah, it's a pain.
If you can get the report details, it may provide enough info to pinpoint the
exact problems. Checkmarx scanning software does,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 3/17/20 18:31, James H. H. Lampert wrote:
>
> On 3/17/20 3:18 PM, Martynas Jusevičius wrote:
>> why should DELETE or OPTIONS not be enabled? They are standard
>> HTTP methods.
>
> True, but (quoting the audit report)
>> . . . [DELETE] may
On 18/03/2020 00:04, James H. H. Lampert wrote:
> On 3/17/20 3:50 PM, Mark Thomas wrote:
>> The XXS might be valid. I assume the tool provided a sample URL you
>> could use to validate the finding. That should point you in the right
>> direction but feel free to ask here if more help is required.
Thank you so much Mark!
Moving to Tomcat 9.0.33 indeed solved the problem I was facing.
Thanks,
Amit
-Original Message-
From: Mark Thomas
Sent: Tuesday, March 17, 2020 1:06 PM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Uploads breaking post upgrade to 9.0.31
On
On 17/03/2020 23:30, Martynas Jusevičius wrote:
> Tomcat does not allow DELETE by default? I’m using 8.0.x with Jersey and I
> don’t think I used any config to enable it.
By default, HttpServlet (which pretty much every servlet extends)
returns a 405 for a DELETE.
The Servlets that Tomcat
On 17.03.2020 21:43, Maxfield, Rebecca A wrote:
Ah, some problems are arising because, I suppose, the startup process wants to
create or touch something in ../logs and that's now all the way over in
/var/lib/tomcat8. How do I move on from here?
Try (as root) : service tomcat8 start (or
On 18.03.20 01:04, James H. H. Lampert wrote:
> On 3/17/20 3:50 PM, Mark Thomas wrote:
>> The XXS might be valid. I assume the tool provided a sample URL you
>> could use to validate the finding. That should point you in the right
>> direction but feel free to ask here if more help is required.
Grande Brian, congrats!
Sorry, I've just read your message, a bit late to the party: time ago I had
cooked a tomcat9 container + log4j2 with a sample spring-boot app deployed.
You can have a look here [1]
Cheers,
Luis
[1]
On 18/3/20 5:18 pm, Brian Burch wrote:
Could resist tinkering a bit more, but I'll be in trouble because I'm
late for dinner!!
Success! I have just created the catalina.log file formatted according
to my own log4j2.xml.
Yes, it was my stupid mistake, but I'll write tomorrow about what
On 18/3/20 2:57 pm, Brian Burch wrote:
I have done quite a lot of experiments, but I will stick to the case
which appears to have produced the most encouraging(!) results.
I stumbled across
https://logging.apache.org/log4j/2.x/log4j-appserver/index.html.
This short page has significant
13 matches
Mail list logo
