On 29/05/2024 10:26, Mark Thomas wrote:
On 28/05/2024 16:26, Eric Robinson wrote:
Took a bunch of thread and heap dumps during today's painful debacle.
Will send a link to those as soon as I can.
Thanks. I have them. I have taken a look and I am starting to form a
theory. To help
Tomcat in production with a binary patch
(against 9.0.80). This would involve placing one or more class files in
the right directory structure under $CATALINA_BASE/lib either to collect
additional debug logging or to test a potential fix.
Mark
dumps when the
problem is happening to figure out where the blockage is happening and
(hopefully) why.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
ed Tomcat committers. If you do
need to do that, I'd encourage to to share a redacted version with the
list if you can. There are lots of very experienced folks on the users
list who can help who aren't Tomcat committers.
Mark
Thanks tons!
-Eric
Disclaimer : This email and a
upgrade
to 9.0.x and then start looking at moving to 10.1.x or even 11.0.x but
that is a bigger job due to the Java EE -> Jskarta EE repackaging.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.
On 24/05/2024 14:31, Jakub Królikowski wrote:
Hi Mark,
It seems to me that this can be tested on any application.
In Tomcat 10.1, if any session attribute is an instance of a new public
class (unknown to Tomcat and to Tomcat class loader), implementing
java.io.Serializable,
then on reloading
Can you provide the simplest web application (with source) that
replications the problem?
Mark
On 23/05/2024 23:45, Jakub Królikowski wrote:
Hi,
I'm working with Tomcat 10.1.
When a user starts using the store in my web application, I save the
ShopCart object on the "cart&quo
should be sufficient.
Note you can monitor the expiration time for sessions using the Manager
application. That might be helpful in testing.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
On 5/7/2024 4:52 PM, Christopher Schultz wrote:
Mark,
On 5/3/24 12:16, Mark Foley wrote:
On 4/23/24 18:44, Chuck Caldarale wrote:
uploadfile
uploadfile
/schDistImportResults.jsp
The first servlet is named “uploadfile”.
On Apr 23, 2024, at 12:42, Mark Foley wrote:
Now I
ated.
Version of Tomcat is Tomcat-9.0.83
To emphasize we are not able to reproduce this in our local computer it
only happens to the longrunning production servers.
If you manually reboot the production servers (without clearing out work
or temp) can you trigger t
On 4/23/24 18:44, Chuck Caldarale wrote:
uploadfile
uploadfile
/schDistImportResults.jsp
The first servlet is named “uploadfile”.
On Apr 23, 2024, at 12:42, Mark Foley wrote:
Now I need to add another program to the system that does file uploads. I
created another
- sample response as sent by Tomcat
- sample response as received by the client
- the previous 4 to be provided both by going via the reverse proxy and
by going directly to Tomcat
Mark
-
To unsubscribe, e-mail: users-unsubscr
copy to use for Tomcat
development but there are lots of different profilers available.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
is working as designed.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
and
launched by the correspoding requesting program?
Thanks --Mark
On Thu Nov 16 14:36:21 2023 Christopher Schultz
wrote:
> Mark,
>
> Apologies for not replying earlier; looks like you have made good
> progress. See below.
>
> On 11/14/23 12:19, Mark Foley wrote:
> > Anyway
vely, you could look in the logs directory. It is usually
easiest if you empty the logs directory, attempt to start Tomcat and
then check the log files for errors.
Mark
Running subsequently shutdown gives: Tomcat may not be running.Thanks a lot ...
Each next window version made installation m
On 18/04/2024 15:18, Stefan Ansing wrote:
Hi Rémy, Mark,
I just want to make sure that we’re understanding each other. I can see
that the connection needs to be closed in certain conditions to prevent
request smuggling attacks. I certainly don’t want to change that behaviour.
However, I’m
here but 400 has always struck me as more
for protocol level issues rather than application level issues.
That is the fundamental problem here. The status codes are being used
for two completely different purposes.
Mark
On Thu, Apr 18, 2024 at 6:41 AM Rémy Maucherat wrote:
On Thu, Apr
On 18/04/2024 14:41, Rémy Maucherat wrote:
On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote:
On 18/04/2024 09:07, Stefan Ansing wrote:
Hi,
We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19)
where we see that HTTP/1.1 connections are closed whenever a servlet
er element)?
You need to configure the RewriteValve.
https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mai
as current and if users want to change it then they
have to accept the associated security risks.
Mark
A colleague of mine reported a bug for this issue:
https://bz.apache.org/bugzilla/show_bug.cgi?id=68901
Kind regards,
Stefan Ansing
[1]:
https://github.com/apache/tomcat/blame
It would be worth creating an enhancement request for this in Bugzilla
to ensure the request doesn't get forgotten about.
Mark
On 16/04/2024 01:06, Baron Fujimoto wrote:
From our perspective, it needn't be super timely. It would be more for
forensic confirmation that there's something we
topic for
security-disc...@community.apache.org where pURL has already been
touched on this thread:
https://lists.apache.org/thread/7hs5ooqhfozmhlvq24k5xztzn1nwp9yv
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apac
should measure the
impact of adding this code before we decide on whether to include it.
Mark
On Thu, Apr 11, 2024 at 1:44 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Baron,
On 4/9/24 16:33, Baron Fujimoto wrote:
I'm investigating occasional 503 errors for our
On 11/04/2024 15:49, Bill Stewart wrote:
On Wed, Apr 10, 2024 at 2:14 PM Mark Thomas wrote:
... and it might represent an information leakage vulnerability in your
application. Be Careful.
Shall we start the flame war now on whether exposing the current version
you are running
On 10/04/2024 21:15, Christopher Schultz wrote:
All,
On 4/10/24 4:00 AM, Mark Thomas wrote:
On 09/04/2024 17:17, prat 007 wrote:
Hi All,
I would like to know is there a way to find tomcat's server.built and
server.number remotely using tool loke curl or from browser?
In a default
that page.
Mark
I am currently running tomcat v 9.0.87.
This information gets displayed when we run version.sh or in the starting
logs when tomcat starts up but how we can find it without logging into the
tomcat server.
Thanks
Contributions always welconme.
The initial work will be on the changes to the Servlet API. The issue to
track that is:
https://github.com/jakartaee/servlet/issues/542
Mark
On 09/04/2024 08:15, xulin y wrote:
Hi Mark,
Is there any chance I could help with delivering this new feature
not have 103 response status.
If not, do we have any plan to implement it?
It is expected to be part of Servlet.next / Tomcat 12. If possible, there
is a good chance it will be back-ported to earlier Tomcat versions.
Mark
By Xulin Yang
Kind Regards
an issue with JSP compilation. I'd suggest stopping
Tomcat, cleaning out the work directory and then starting Tomcat.
Mark
Last week I changed the user of the Tomcat services.
When I refresh teh page then every second time the page appears
correctly and the other 50% I get the error
No I get
On 02/04/2024 15:41, Rick Noel wrote:
Mark you were correct. I, needed to move those attributes to the Connection
element.
Plus on top of that I had this misspelled attribute compressableMinemType
should be compressibleMimeType
In your opinion, should we use the Upgrade UpgradeProtcol
configuration and
the error message.
BTW, I am supposed to get improved speed by using the UpgradeProtcol
Correct?
It depends. YMMV.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e
free to email the pem files
to me directly.
Mark
generate a DB cert for ODBC connectivity. Please see the following link
for more information.
https://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.12.0.1/dbadmin/gencert-ml-ref1.html
-t encryption type
-b length
-ca
to
provide the same resource link to all web applications rather than have
to specify it in each web application.
Mark
-chris
-Original Message-
From: Christopher Schultz
Sent: Friday, March 29, 2024 2:21 PM
To: Tomcat Users List ; Rick Noel
Subject: Re: [EXT]Re: how to define
On 22/03/2024 15:43, Rick Noel wrote:
Mark,
So if my customer object is failing to get set in the session replication,
I could add this to the config snippet?
sessionAttributeNameFilter="customer"
You set that to the attributes you DO want to replicate, not the ones
you don't.
such non serialized objects
and I do not want to search out change them all to implement serialiazable
I am hoping there is a way to configure Tomcat to just not try and replication
sessions all object which are not serialiazable
https://tomcat.apache.org/tomcat-10.1-doc/conf
On 21/03/2024 16:12, Amit Pande wrote:
Thank you Mark for your inputs.
Upon further debugging, it looks like the issue we ran into is also with the
reloading of SSL context.
Test execution sequence:
1. Add a trusted CA in Tomcat's trust store.
2. The SSL context is reloaded if any
standards + Tomcat an authentcator
of type 2FA?
No plans I am aware of.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
have some suggestions for a fix?
Please provide a set of OpenSSL commands that create a problematic,
self-signed certificate for localhost. This will save us a *lot* of time.
Mark
Thanks Mark Resh
15-Mar-2024 18:27:37.621 WARNING [main]
org.apache.tomcat.util.net.SSLUtilBase.getEnabled
On 19/03/2024 07:54, Ivano Luberti wrote:
Could there be a regression also in 9.0.86
Yes. It will be fixed in 9.0.88.
Mark
Because I had a similar issue (reload tls didn't work) but It was the
first time I was doing that on that tomcat instance and I had assumed
there was some
On 18/03/2024 08:21, Mark Thomas wrote:
On 17/03/2024 15:26, Justin Y wrote:
Hi Everyone --
I've spent a few hours scratching my head and then diving into the
source code of 10.1.19 to figure out what's going on.
Could you test with 10.1.18? I'm wondering if the user provided
SSLContext
til 9.0.85.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
?
git clone
grep
Also, one more question - with optional certificate verification, the
connection doesn't fail if certificate is not passed. But connection will fail
if SSL handshake fails when a certificate is passed by client, is that correct
understanding?
Yes, that
a regression.
Mark
I'm using the /TLSCertificateReloadListener/
<https://github.com/apache/tomcat/commit/144cb84e1a9777ef63c30f6021b562cc04aa708d> to reload files that will be (eventually) managed by Let's Encrypt.
Although it does detect the expiration and log that things were
re
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M18 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
On 12/03/2024 13:47, Christopher Schultz wrote:
Greg and Mark,
On 3/12/24 05:00, Greg Huber wrote:
On 11/03/2024 18:17, Christopher Schultz wrote:
Mark,
On 3/10/24 08:49, Mark Thomas wrote:
On 10/03/2024 10:50, Greg Huber wrote:
Hello,
Using http://tomcat/manager-app/text/reload?path
On 14/03/2024 11:51, Vincent Daniel wrote:
Thank you so much.
I am ashamed that I did not read the documentation carefully.
No problem. It is only a single line in the docs and it helps a lot if
you know what you are looking for.
Mark
On Thu, Mar 14, 2024 at 7:46 PM Mark Thomas wrote
ain this please?
https://tomcat.apache.org/tomcat-11.0-doc/logging.html
Search for the word "prefix".
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
CVE-2024-23672 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M16
Apache Tomcat 10.1.0-M1 to 10.1.18
Apache Tomcat 9.0.0-M1 to 9.0.85
Apache Tomcat 8.5.0 to 8.5.98
Description:
It was possible
CVE-2024-24549 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M16
Apache Tomcat 10.1.0-M1 to 10.1.18
Apache Tomcat 9.0.0-M1 to 9.0.85
Apache Tomcat 8.5.0 to 8.5.98
Description:
When processing
it is
created? The resources implementation can cache "not found" results for
a short period of time.
You might want to test the code with a simple text file to determine
whether file type is a factor (which seems unlikely but you never know).
Mark
On Mon, Mar 11, 2024, 5:22 a.m. M
turns null in this
case. Although that might just move the source of the NPE to your code.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 10/03/2024 16:59, Manak Bisht wrote:
On Fri, Feb 9, 2024 at 4:45 PM Mark Thomas wrote:
Using 0.0.0.0 as the address for the receiver is going to cause
problems. I see similar issues with 11.0.x as 8.5.x. I haven't dug too
deeply into things as a) I am short of time and b) I'm not convinced
'*
Are the audio files generated dynamically on request?
Mark
Here is the audio control code:
I've tried relative path and full path but result is the same in both cases.
I've spent days trying to solve this but no luck :(
I would really appreciate any guidance
then the provided content name may not be
HTML safe (it could be a deliberate XSS attempt) hence it is escaped.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Mark
Your input is very helpful. Thank You very much! I have been having headaches
with all the issues you mentioned and will be following your guidance.
On Monday, February 26, 2024 at 06:12:49 PM EST, Mark Eggers
wrote:
On 2/26/2024 2:18 PM, Mark Caruso wrote:
> If anyone
Thank you very much!
On Monday, February 26, 2024 at 05:43:02 PM EST, Chuck Caldarale
wrote:
> On Feb 26, 2024, at 16:18, Mark Caruso wrote:
>
> If anyone has guidance for configuring Tomcat 9.0.85 for debugging please
> send it along. I am running the program under
On 2/26/2024 2:18 PM, Mark Caruso wrote:
If anyone has guidance for configuring Tomcat 9.0.85 for debugging please send
it along. I am running the program under Ubuntu 20.04. I am not sure the
guidance on the internet for modifying catalina.sh is right. My goal is to
then attach a debugger
If anyone has guidance for configuring Tomcat 9.0.85 for debugging please send
it along. I am running the program under Ubuntu 20.04. I am not sure the
guidance on the internet for modifying catalina.sh is right. My goal is to
then attach a debugger from Netbeans 16 and debug my web app.
Thank
oadly equivalent to
local administrator. You generally don't want to be running Tomcat under
Local System.
Can somebody suggest, how we can create a service with tomcat-9, with the privilege of
"Local System"?
Have you looked at the documentation?
https://t
t is 250ms
although looking at the code it appears there is a minimum of 2000ms -
need to see why that is.
Configuring a specific address (even 127.0.0.1) for the Connector would
also address this.
Mark
-
To unsubscribe, e-m
On 23/02/2024 01:14, bigelytechnol...@yahoo.com wrote:
This spammer has been unsubscribed and banned from re-subscribing.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail
/my404page
Is that the full error message?
Why is SSI involved?
Is the rest of the application working correctly?
Mark
But the custom 404 page does exist,and the path is right.
I want to figure out what this error means. If possible, maybe can try
this problem.
Thanks in advance for your s
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 17/02/2024 16:01, Troels Arvin wrote:
Hello,
Since 9.0.83, building Tomcat has required JDK 17, according to the
release notes.
Is it possible to take the resulting binaries and run them on JRE 11?
Yes. The minimum Java version at runtime (8) is unchanged.
Mark
assuming it's some kind
of timeout mechanism.
I think you need to do a little more investigation with your
application. I've been running the snake WebSocket example on 9.0.x for
over any hour wihtout any issues.
Mark
On 09/02/2024 16:26, Rick Noel wrote:
Thank you so much Mark for working with me on this issue!
I am taking your recommendation to create a webapps-javaee directory and
place my Tomcat 9 running war file into
that dir so that Tomcat does the compile correctly.
Only problem is that now I
On 13/02/2024 10:21, Michael Osipov wrote:
On 2024/02/13 08:46:42 Mark Thomas wrote:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.3.0 stable.
The key features of this release are:
- The minimum supported OpenSSL version is 1.1.1
- The minimum supported
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.3.0 stable.
The key features of this release are:
- The minimum supported OpenSSL version is 1.1.1
- The minimum supported APR version in 1.6.3
- The windows binaries in this release have been built with
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.7 stable.
The key features of this release are:
- Align default pass phrase prompt with httpd on Windows
- The windows binaries in this release have been built with OpenSSL
3.0.13
The 2.0.x branch is
On 09/02/2024 07:51, Manak Bisht wrote:
On Fri, Feb 9, 2024 at 3:25 AM Mark Thomas wrote:
Same JRE?
Yes, 8.0.402
Generally, I wouldn't use 0.0.0.0, I'd use a specific IP address. I'm
not sure how the clustering would behave with 0.0.0.0
Using 0.0.0.0 as the address for the receiver
. You seem to be using a connection
property of "truststorePassword" which is a Tomcat property for HTTPS
connections.
Mark
[1] https://www.oracle.com/docs/tech/wp-oracle-jdbc-thin-ssl.pdf
-
To unsubscribe, e-
sure the appContext is correct. The context path for the ROOT
web application is "" (the empty string), not "/".
That would make the appContext "Catalina/localhost ".
Note that means it will
Try turning on ALL logging for the org.apache.catalina.session package.
Mark
On 08/02/2024 20:49, Miguel Vidal wrote:
demo4.zip
<https://drive.google.com/file/d/1XOUHhw59Djk2XmdFEmkBsusnHf5_yNE7/view?usp=drive_web>
Hello,
Specifications
Windows 10
Tomcat 8.5
this is a configu
pplication for Tomcat 10.1.x.
At this point the simplest solution is likely to be:
- take the WAR file that works on Tomcat 9
- drop in webapps-javaee in Tomcat 10 and let Tomcat convert it
automatically
Mark
On 08/02/2024 20:28, Rick Noel wrote:
No I cannot compile from command line.
But I do
address. I'm
not sure how the clustering would behave with 0.0.0.0
Mark
Sincerely,
Manak Bisht
On Fri, Feb 2, 2024 at 9:41 PM Mark Thomas wrote:
On 31/01/2024 13:33, Manak Bisht wrote:
I tried tweaking all the settings that I could think of but I am unable
to
sync sessions on restart
at runtime. You have to
use the migrated JAR at compile time as well.
Mark
Where in my code does it use javax.server, other than from classes in package
org.apache.xmlrpc?
package com.radiovoodoo.xmlrpc;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL
9 and Tomcat 10 I
suggest you:
- write it for Tomcat 9
- package it as a WAR file
- process the entire WAR file with the migration tool
- use original WAR file with Tomcat 9 and the migrated WAR file with
Tomcat 10+
Mark
06-Feb-2024 15:48:53.044 SEVERE [http-nio-8588-exec-1
if the migration tool didn't process a JAR that old
correctly.
Mark
BTW the jar in question has classes in this package
org.apache.xmlrpc.
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-
To unsubscribe
On 05/02/2024 15:49, Jeroen Hoffman wrote:
On Mon, Feb 5, 2024 at 4:05 PM Mark Thomas wrote:
Are there plans to release the 2.0.0 version?
No plans.
Tomcat 10.1.x onwards uses the 1.2.5 taglibs release converted for
Jakarta EE using the Tomcat migration tool.
Thanks for the quick
migration tool.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
this at the web application level:
Read section 10.9.2 of the Servlet 4.0 specification
To do this globally, look at the errorCode.nnn attribute of the
ErrorReportValve
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Error_Report_Valve
Mark
On 31/01/2024 13:33, Manak Bisht wrote:
I tried tweaking all the settings that I could think of but I am unable to
sync sessions on restart even on a stock Tomcat 8.5.98 installation using
your provided war. I am unable to identify whether this is actually a bug
or something wrong with my
On 01/02/2024 17:48, Ryanesch@yahoo wrote:
On Feb 1, 2024, at 10:34 AM, Mark Thomas wrote:
On 31/01/2024 00:15, Ryan Esch wrote:
From what I understand, the container knows if a user is authenticated by
using the session id passed to it and then looking up the user principal
ccess token for authentication?
Thank you for any input or advice. I'd be happy to share additional details.Ryan
Take a look at AuthenticatorBase.register()
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For addi
On 27/01/2024 14:38, Dan McLaughlin wrote:
Hey Mark,
If you see a bug report, then that will mean I was able to reproduce it. I
see different behaviors in our local docker environment. Still, it's
nowhere as complex as our production environment--where everything is
clustered and behind
install of the latest
10.1.x release (or any other currently supported version) I'd be happy
to take another look. All we'd need would be the steps to recreate the
issue from the clean install.
Mark
-
To unsub
. Is there a better way to do this?
It depends what you are trying to do - which you haven't explained.
You have direct access to the request object in the invoke() method.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
need to
contact whichever organization provides you with support for Business
Objects and/or OpenSAML.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
On 24/01/2024 15:48, joan.balagu...@ventusproxy.com wrote:
Any help would be really appreciated.
Configuration error.
Someone has done the equivalent of
Or possibly a mis-configured RemoteIpFilter (or Valve).
Or similar.
Mark
as LocalMember or as an ordinary Member and Tomcat
will figure out it is the local one.
Mark
On 22/01/2024 08:39, Manak Bisht wrote:
I thought that this https://marc.info/?l=tomcat-user=119376798217922=2
might be the problem.
*"The uniqueId is used to be able to differentiate between the
On 19/01/2024 19:06, Francisco Dellanio Leite Alencar wrote:
@Mark Thomas,
Is it possible to consider that the minimum support time of Apache Tomcat 9.0.X
is until 2027 (10 years since Released)?
I'd say 2027 is a reasonable estimate of the likely EOL date for 9.0.x
but I'm not going
Correcting the CVE reference in the text (the subject line is correct)
Mark
On 19/01/2024 10:17, Mark Thomas wrote:
CVE-2023-21733 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache
CVE-2023-46589 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache Tomcat 8.5.7 to 8.5.63
Description:
Incomplete POST requests triggered an error response that could contain
data from a
it?
No.
Attached are the questions and the source code found
Attachments are removed automatically. Please use plain text.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M16 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
On 09/01/2024 10:11, Vaidya, Omkar wrote:
Hi Mark,
Thanks for the response. For mainly related to our Thingworx IOT-based
application, we are using the Tomcat 9.0.62 server. So for that, we are getting
zombie or defunct processes.
"Please provide the steps you used to recreate this
2. 9.0.X
No plans.
See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0
3. 10.0.X
Already EOL as of 31 October 2022
4. 10.1.X
No plans.
See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0
Mark
this issue in a clean
installation of a standalone Tomcat instance.
Mark
On 05/01/2024 09:48, Vaidya, Omkar wrote:
Adding information -
Tomcat Version - 9.0.62
Platform - Linux Platform
From: Vaidya, Omkar
Sent: Friday, January 5, 2024 3:15 PM
To: users@tomcat.apache.org
Cc: Shriwardhankar, Varun
things for.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
1 - 100 of 10240 matches
Mail list logo
