Re: [SECURITY] CVE-2017-12617 Apache Tomcat Possible additional RCE via JSP upload

2017-09-29 Thread Harish Krishnan
Thank you for this latest update. Looking forward for the 7.x new build. Sent from my iPhone > On Sep 29, 2017, at 2:14 AM, Mark Thomas wrote: > > Hi all, > > Hopefully this will be the final update on this. > > The fixes for CVE-2017-12617 have now been applied to all

Re: TomcatCon Where (and when) next?

2017-09-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/27/17 5:14 PM, Mark Thomas wrote: > All, > > TomcatCon London 2017 took place yesterday and was even more > successful than hoped. We sold 16 tickets for a full day of content > from 3 Tomcat committers. > > I'd like to take this

Re: Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-29 Thread Mark Thomas
On 29 September 2017 16:11:01 BST, Coty Sutherland wrote: >On Fri, Sep 29, 2017 at 10:38 AM, Wang, Jennifer > wrote: >> NONCONFIDENTIAL // EXTERNAL >> Hi Coty, >> >> I got exactly the same error. Did you try to run it in windows? Do >you need other

Re: Why Tomcat Session Replication requires Sticky Sessions

2017-09-29 Thread Mark Thomas
On 29 September 2017 15:38:12 BST, "Singh, Rahul (CWM-NR)" wrote: >Hi, >We are using Tomcat 7 >My question is - Why does Tomcat Session Replication require Sticky >sessions to be enabled? It doesn't. >We cannot have a sticky session setup in our servers, due to policy

Re: Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-29 Thread Coty Sutherland
On Fri, Sep 29, 2017 at 10:38 AM, Wang, Jennifer wrote: > NONCONFIDENTIAL // EXTERNAL > Hi Coty, > > I got exactly the same error. Did you try to run it in windows? Do you need > other MS dlls other than tcnative-1.dll? Also I down load the link and got as > below. I

RE: Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-29 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL Hi Coty, I got exactly the same error. Did you try to run it in windows? Do you need other MS dlls other than tcnative-1.dll? Also I down load the link and got as below. I updated tomcat to 8.5.20, below error is gone, but the no apr error came back. Caused by:

RE: Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-29 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL Hi Coty, I got exactly the same error. Did you try to run it in windows? Do you need other MS dlls other than tcnative-1.dll? Also I down load the link and got as below. I updated tomcat to 8.5.20, below error is gone, but the no apr error came back. Caused by:

Why Tomcat Session Replication requires Sticky Sessions

2017-09-29 Thread Singh, Rahul (CWM-NR)
Hi, We are using Tomcat 7 My question is - Why does Tomcat Session Replication require Sticky sessions to be enabled? We cannot have a sticky session setup in our servers, due to policy issues. To maintain session state across different machines, we were planning to use session replication. But

Re: Help needed - JPA probem - No connection specified with project

2017-09-29 Thread Konstantin Kolinko
>> >> 1. See a link to Eclipse IDE FAQ here: >> >> https://wiki.apache.org/tomcat/FAQ/Developing#Q6 The actual Tomcat configuration that is running is in ".metadata/.plugins/org.eclipse.wst.server.core" directory (the Eclipse Web Tools FAQ should provide more pointers). There may be situations

Tomcat Embedded Quickstarts

2017-09-29 Thread Coty Sutherland
Hi all, Sorry for cross posting, but I thought this pertinent to both lists. I hear that there was lots of talk about quickstarts and/or the need for quickstarts at the most recent TomcatCon. I've been working on some off and on for a while now and rather enjoy creating them; I'd like to

Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-29 Thread Coty Sutherland
Here is a working quickstart (that I forgot to link yesterday) for APR in Spring Boot: https://github.com/csutherl/tomcat-embedded-quickstarts/tree/master/springboot-apr-example On Thu, Sep 28, 2017 at 3:34 PM, Coty Sutherland wrote: > On Thu, Sep 28, 2017 at 12:27 PM, Wang,

Re: TomcatCon Where (and when) next?

2017-09-29 Thread Olaf Kock
On 27.09.2017 23:14, Mark Thomas wrote: We are looking for suggestions for possible locations for the next event. Please add your suggestions to this thread. I've sent a more thorough reply privately and will be happy to assist in continuing Liferay's sponsorship. This will be easiest to secure

Re: [SECURITY] CVE-2017-12617 Apache Tomcat Possible additional RCE via JSP upload

2017-09-29 Thread Mark Thomas
Hi all, Hopefully this will be the final update on this. The fixes for CVE-2017-12617 have now been applied to all current versions. Releases for 9.0.x and 8.5.x are already in progress on the dev@ list. The release process for 8.0.x and 7.0.x is expected to start shortly. As per my previous

Re: Help needed - JPA probem - No connection specified with project

2017-09-29 Thread Guang Chao
On Fri, Sep 22, 2017 at 6:35 PM, Karen Goh wrote: > Hi expert, > > I have been trying very hard to nail the above problem including asking > various forums like CodeRanch, dream in code etc but to no avail. > > As such, I am hoping to get help from the Apache Tomcat

Re: Randomly tomcat process create another copy process of it. Now see two PIDs of tomcat running

2017-09-29 Thread Naresh Yadav
from my observation both nodes get almost equal load as we had set load factor=1 in mod_jk; On Fri, Sep 29, 2017 at 11:28 AM, Guang Chao wrote: > On Thu, Sep 28, 2017 at 2:50 PM, Naresh Yadav > wrote: > > > my hard requirement is to run