Is there perhaps a patch that can be applied or better yet, a list of jars
that are were affected by this? (I'm just trying to find a simple way to
patch a large volume of servers)
On Wed, Oct 10, 2018 at 10:23 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED
On 14.10.2018 18:44, Tony Esposito wrote:
Hello André,
As always I appreciate your detailed response.
The web server is indeed setup in this simplified, "basic" configuration
(i.e. the tomcat-users.xml file and server.xml file are configured as you described).
The password is always th
Hello everyone! I have an java 7 web app running on tomcat 7 with
APR/tomcat-native ON Linux .(OpenSSL 1.1.1) I would like to enable OCSP
stapling on tomcat
so that
When OCSP is enabled, a server will pre-fetch the OCSP response for its own
certificate and deliver the response to the user's bro
Hello André,
As always I appreciate your detailed response.
The web server is indeed setup in this simplified, "basic" configuration
(i.e. the tomcat-users.xml file and server.xml file are configured as you
described).
The password is always the same. However, the users (hence, the user n
On 14.10.2018 02:29, Tony Esposito wrote:
Hello André,
It's routed through a server...
A co-worker noticed a Tomcat valve that might do the trick...
https://github.com/lokechenlin/tomcat-auto-login-valve
Your thoughts?
They are as follows :
If that works, fine.
But as per Occam's razor princ