Greetings,
I have a javax.naming.spi.ObjectFactory implemented in a JAR file
sitting in $CATALINA_HOME/lib. I have declared it as a in
$CATALINA_HOME/conf/server.xml. Upon Tomcat startup, its
getObjectInstance(...) method is being invoked, and within that method,
some objects are bound
On 11/03/2016 19:00, jimi.hulleg...@svensktnaringsliv.se wrote:
> On Friday, March 11, 2016 6:07 PM, ma...@apache.org wrote:
> I'm wasn't talking about gathering information regarding performance. I was
> talking about gathering information about what jsp/tag code and what EL
> variable names
Hi All,
Our client has a simple website consists of some jsps, images, css,
javascripts and html files. It has two Apache proxy(under loadbalancers)
and two Tomcat6(under Loadbalancer). All servers are installed under Linux
environment.This website don't deal with any e-mailing or SMTP
Barry,
The deserialization-vulnerability for RMI endpoints in your webapp can be
mitigated using our library at https://github.com/Servoy/rmi-whitelist
Add it to the tomcat system library and classes like the
commons-collections can no longer be used in the serialisation attacks over
RMI.
Rob
On 10/03/2016 22:16, Christopher Schultz wrote:
> Mark,
>
> On 3/10/16 4:43 PM, Mark Thomas wrote:
>> On 10/03/2016 21:16, jimi.hulleg...@svensktnaringsliv.se wrote:
>>> On Thursday, March 10, 2016 11:20 AM, ma...@apache.org wrote:
> 3. Why is the problem not limited to the first request
On 11/03/2016 08:26, Subhro Paul wrote:
> Hi All,
>
> Our client has a simple website consists of some jsps, images, css,
> javascripts and html files. It has two Apache proxy(under loadbalancers)
> and two Tomcat6(under Loadbalancer). All servers are installed under Linux
> environment.This
On 11/03/2016 01:43, Christopher Schultz wrote:
> 林慶龍,
>
> On 3/10/16 8:07 PM, 林慶龍 Barry Lin wrote:
>> These days, Everyone talks about the vulnerability in Tomcat, and
>> we found that we had the same problem with “deserialization
>> vulnerability”.
>
>> How can I fix deserialization
Thanks again for the reply, Chris & Violeta!
Thanks for clarifying what the "protected directory" is, even i guessed it
to be same. Now i understood the fix for the directories protected by a
security constraint. I also verified this & the redirect is no more
happening for these protected ones.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.5 stable.
The key features of this release are:
- Report OpenSSL runtime version in use rather than compile
time version used.
- Windows binaries built with APR 1.5.1 and OpenSSL 1.0.2g.
Note that users
On Thursday, March 10, 2016 10:44 PM, ma...@apache.org wrote:
>
> We'll have to agree to disagree on that one. If you are concerned
> about a performance issue then you need to know where to look to
> enable debug logging. A profiler will tell you where to look and
> at that point you don't need
On 11/03/2016 14:17, jimi.hulleg...@svensktnaringsliv.se wrote:
> On Thursday, March 10, 2016 10:44 PM, ma...@apache.org wrote:
>>
>> We'll have to agree to disagree on that one. If you are concerned
>> about a performance issue then you need to know where to look to
>> enable debug logging. A
On Friday, March 11, 2016 6:07 PM, ma...@apache.org wrote:
>
> And a debug log message is unlikely to tell you any more than the thread dump
> did.
That depends on what is actually being logged. If the class name is printed,
then one could immediately figure out the name of the EL variable
12 matches
Mail list logo
