Re: Error in stopping application tomcat !!

Thanks Martin, By looking at the change log I found few relevant items. 1. https://bz.apache.org/bugzilla/show_bug.cgi?id=55969 2. https://bz.apache.org/bugzilla/show_bug.cgi?id=62515 3. https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 4. https://bz.apache.org/bugzilla/show_bug.cgi?id=63210

RE: CVE-2020-1935

Chris, This is just silly. The code change is there. If I am rouge actor, I can and I will understand issue and try to produce exploit. With explanation like this legitimate Tomcat users are left to scratch their head if they are vulnerable or not especially as the explanation says that a 3rd

Re: CVE-2020-1935

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 7/24/20 15:15, George Stanchev wrote: > The description for this CVE is pretty vague (as perhaps > necessary) but we have a customer that is trying to assess their > risk for this CVE. Their risk is probably very low. Their risk of a

CVE-2020-1935

The description for this CVE is pretty vague (as perhaps necessary) but we have a customer that is trying to assess their risk for this CVE. They are behind a reverse-proxy. Even though the description on Tomcat's security page states that the risk is low it doesn't describe how would a

Reloading JNDI

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I have a JNDI which is a JDBC DataSource. It is set to singleton="true" via defaults (not explicitly set). The JDBC Connections in this DataSource pool (using dbcp2 as provided by Tomcat) have TLS configuration including client certificates,

Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

On Fri, Jul 24, 2020 at 9:36 AM Christopher Schultz wrote: Note that everything you can configure using tomcatXw.exe //ES/svcname > you can also install from the command-line. > Correct. See the InstallService PascalScript procedure in the installer which performs the equivalent:

Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, Hans, On 7/24/20 09:42, Bill Stewart wrote: > On Fri, Jul 24, 2020 at 2:26 AM Hans Schou wrote: > > "document" manually? Like copy into a text file? >> > > Yes, however you customarily do so. Note that everything you can configure using

Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

On Fri, Jul 24, 2020 at 2:26 AM Hans Schou wrote: "document" manually? Like copy into a text file? > Yes, however you customarily do so. > > 2. If you used Apache's Windows installer, uninstall it (unfortunately > this removes the service and service configuration info). > > I use the zip file

SV: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

Fra: Bill Stewart > https://github.com/Bill-Stewart/ApacheTomcatSetup/releases I will look into that. > Basically the steps would be: > 1. Back up/document your 8.x configuration. "document" manually? Like copy into a text file? > 2. If you used Apache's Windows installer, uninstall it