I'm trying to get the following configuration working:
- Tomcat 9.0.17 (also tested with 9.0.16)
- AdoptOpenJDK Java 11.0.2 on Linux (also tested on Windows)
- Http11NioProtocol Connector
- Http2Protocol ProtocolUpgrade
I'm using the following connector config:
With the UpgradeProtocol in
which 8.5.x u were referring? i just checked 8.5.39 has ecj in lib directory.
On Wed, Mar 27, 2019 at 1:58 AM David Cleary wrote:
>
> I'm current updating our server that is based on Tomcat 8.5.x and found that
> ecj-4.6.3.jar is no longer in the distribution. The changelog does not note
> that
вт, 26 мар. 2019 г. в 20:58, David Cleary :
>
> I'm current updating our server that is based on Tomcat 8.5.x and found that
> ecj-4.6.3.jar is no longer in the distribution. The changelog does not
note that it has been removed. I just want to confirm that I should
remove this library as part of t
I'm current updating our server that is based on Tomcat 8.5.x and found that
ecj-4.6.3.jar is no longer in the distribution. The changelog does not note
that it has been removed. I just want to confirm that I should remove this
library as part of the Tomcat update.
Thanks
Dave
Hi Yemi,
You may implement servlet filters to insert these security headers before the
responses reaches the client. I hope this helps.
Ike
-Original Message-
From: Olayemi Olatunji
Sent: Tuesday, March 26, 2019 3:37 AM
To: users@tomcat.apache.org
Subject: Setting headers in tomcat 9
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Richard,
On 3/25/19 14:15, Richard Huntrods wrote:
> It's time to update my application to use "real" (i.e.
> current best practices) data connection pooling.
:)
> My application is Java Servlets, no beans, no JSP. Database is
> MySQL.
>
> Syste
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Gary,
On 3/25/19 12:08, Hua, Gary - Saint Louis, MO - Contractor wrote:
> Olaf:
>
> Thanks for the input.I removed jdbc2_0-stdext.jar and
> tomcat-dbcp.jar from
> /opt/TomCat/apache-tomcat-9.0.13/webapps/TOPS-WEB/WEB-INF/lib and
> did some
On 26/03/2019 11:47, George Angeletos wrote:
> Hello,
>
> Is an upgrade required for those who are not using the HTTP/2 protocol?
No. CVE-2019-0199 only affects servers where HTTP/2 is enabled.
Mark
-
To unsubscribe, e-mail: us
Hello,
Is an upgrade required for those who are not using the HTTP/2 protocol?
Many thanks
George Angeletos
Hi Olayemi,
Am 26.03.2019 09:36, schrieb Olayemi Olatunji:
Hello,
I'm deploying an application on Tomcat 9 which a client has requested
we conduct vulnerability test on.
The test came back with missing headers for the following:
Content-Security-Policy, X-Frame-Options, X-XSS-Protection,
X-Con
Hello Richard,
In my experience the best is to "start simple". I would have a look at the
apache tomcat doc [1], configure your pool with a minimal setup and test.
Everything depends on your application workload, how your queries looks
like, etc, so I am afraid that there are no "silver bullets"
Hello,
I'm deploying an application on Tomcat 9 which a client has requested we
conduct vulnerability test on.
The test came back with missing headers for the following:
Content-Security-Policy, X-Frame-Options, X-XSS-Protection,
X-Content-Type-Options, Referrer-Policy, Feature-Policy.
How c
12 matches
Mail list logo