Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

request line it MUST be identical (host and port) to the host header. Mark ________ From: Mark Thomas Sent: Friday, May 5, 2023 4:56 PM To: Tomcat Users List Subject: [EXTERNAL] Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "fal

Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

5 May 2023 18:21:02 Alvaro Garay : Hi, Tomcat version: 9.0.73 Operating system: Unix z/OS System I have a question in regard to the Connector attribute allowHostHeaderMismatch=false which checks the request line is consistent with the Host Header. So in this scenario, I have the

Re: About StandardServer

On 28/04/2023 08:16, 沉淀 wrote: I am reading the source code of tomcat, the version is 9.0.73. I see such a piece of code in the `await()`method in the `StandardServer`class: int expected = 1024; // Cut off to avoid DoS attack while (expected < shutdown.length()) { if (random == null) {

Re: Tomcat VAPT Closure

On 25/04/2023 12:18, PRATIK HUMNABADKAR wrote: Hi, We tried below suggestion but still receiving below errors. Please guide. Try reading the log messages. server.xml 25-Apr-2023 16:08:46.067 INFO [main]

Re: Tomcat Native 1.2.30 -- Windows 2016 TLSv1.3 support?

On 24/04/2023 20:15, Ragosta, Vincent wrote: Hello all, We have an application packaged with Tomcat Native 1.2.30, which, per the following, the Windows binaries were built using OpenSSL 1.1.1k: https://www.mail-archive.com/dev@tomcat.apache.org/msg152993.html However, per Microsoft, Windows

Re: Cluster Manager not working

-- On Wed, Apr 19, 2023 at 3:14 AM Mark Thomas wrote: On 18/04/2023 15:59, Kevin Huntly wrote: Hello, I'm getting the following error message: 18-Apr-2023 10:56:55.404 INFO [main] org.apache.catalina.startup.HostConfig.deployDescriptor Deploying deployment descriptor [/opt/Apache/tomcat/apache

[ANN] Apache Tomcat 11.0.0-M5 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M5 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: Tomcat 9.0.73 - Exception while accessing application

On 19/04/2023 03:11, jonmcalexan...@wellsfargo.com.INVALID wrote: Hi Christopher , Where was this change in functionality documented, please? It was part of the fix for BZ 66196 which was documented in the change log. Mark Thank you , Dream * Excel * Explore * Inspire Jon McAlexander

Re: Cluster Manager not working

On 18/04/2023 15:59, Kevin Huntly wrote: Hello, I'm getting the following error message: 18-Apr-2023 10:56:55.404 INFO [main] org.apache.catalina.startup.HostConfig.deployDescriptor Deploying deployment descriptor [/opt/Apache/tomcat/apache-tomcat-9.0.74/conf/Catalina/localhost/esolutions.xml]

Re: Tomcat 8.5.85 and above - Issue with file uploads

On 17/04/2023 19:51, Mark Thomas wrote: Hi, I have tried but am unable to recreate this. Please provide the simplest possible web application (it should be possible to do this in a single Servlet) that demonstrates the issue. To give you an idea of what I mean by a single servlet, here

Re: Tomcat 8.5.85 and above - Issue with file uploads

, William L. Cunningham wrote: Thanks, yes it happens with any file upload. -Original Message- From: Mark Thomas Sent: Friday, April 14, 2023 9:36 AM To: users@tomcat.apache.org Subject: Re: Tomcat 8.5.85 and above - Issue with file uploads WARNING: This email originated from an external

Re: How to have a custom classloader outside Tomcat's own lib-dir?

On 16/04/2023 12:36, Thorsten Schöning wrote: Hi everyone, I have some app consisting of a directory layout with some bundled Tomcat, containing at least one exploded webapp. For various reasons, What are those reasons? I'm wondering if the reasons have any impact on the answer. that

Re: Tomcat Manager App and Federation

On 14/04/2023 16:45, Robert Hicks wrote: Does the manager app support something like Apache CXF to authenticate people to the manager application or is the manager application only accessible through username/password? The Manager web application will work with any configured Authenticator

Re: Clustering issue

--- r+++ y+++* --END GEEK CODE BLOCK-- On Fri, Apr 14, 2023 at 10:43 AM Mark Thomas wrote: On 13/04/2023 00:20, Kevin Huntly wrote: Hello Everyone, I setup a quick and dirty cluster following https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html I am seeing the following: 12

Re: Clustering issue

On 13/04/2023 00:20, Kevin Huntly wrote: Hello Everyone, I setup a quick and dirty cluster following https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html I am seeing the following: 12-Apr-2023 19:18:00.369 WARNING [main] org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager

Re: Tomcat 8.5.85 and above - Issue with file uploads

On 13/04/2023 21:40, William L. Cunningham wrote: Environment: Windows 2019 Standard with latest JDK 17 and Apache Tomcat 8.5.87. When trying to upload a file to the application running off Tomcat (custom software), we are getting the following error since 8.5.85 (works fine on 8.5.84).

Re: Encountered java.sql.sqlexception "the url cannot be null" starting from tomcat 9.0.71

ext format to work with connectionstring? Sent from Outlook for Android<https://aka.ms/AAb9ysg> ____ From: Mark Thomas Sent: Wednesday, 8 March 2023, 20:14 To: users@tomcat.apache.org Subject: Re: Encountered java.sql.sqlexception "the url cannot be null&q

Re: Clustering issue

On 13/04/2023 23:28, Kevin Huntly wrote: Hi Chris, The configuration in the link I shared is what I used - copy/paste - I want to see it working before I break it =) And where in server.xml did you add that configuration? Mark Kevin Huntly

Re: Session loss with filter enabled

On 13/04/2023 23:03, Kevin Huntly wrote: Hello, With this filter enabled in Tomcat's web.xml: httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter true My sessions are being immediately lost. If I comment out the filter, everythis is fine. What

Re: Tomcat 9.0.73 - Exception while accessing application

On 12/04/2023 20:07, jonmcalexan...@wellsfargo.com.INVALID wrote: I have an application team that started receiving the following Exception: 11-Apr-2023 09:26:01.396 SEVERE [https-jsse-nio-0.0.0.0-11510-exec-19] org.apache.catalina.core.StandardHostValve.custom Exception Processing ErrorPa

Re: Is Microsoft's spring-cloud-azure-starter-active-directory for Spring Boot 3 / Spring 6 compatible with Tomcat 10?

ch version of which JAR is that ServletContainerInitializer coming from? Mark b. From: Mark Thomas Sent: Tuesday, April 11, 2023 2:41 PM To: users@tomcat.apache.org Subject: Re: Is Microsoft's spring-cloud-azure-starter-active-directory for Spring Boot 3 / Spring 6 compatible with Tomcat 10? On

Re: Getting started with Websocket

On 12/04/2023 20:39, Christopher Schultz wrote: Mark, On 4/12/23 15:21, Mark Thomas wrote: On 12/04/2023 19:31, Christopher Schultz wrote: All, I'm finally dipping my toes into Websocket-based communication with my Tomcat-based applications. Is it possible to do everything with "real&

Re: Getting started with Websocket

On 12/04/2023 19:31, Christopher Schultz wrote: All, I'm finally dipping my toes into Websocket-based communication with my Tomcat-based applications. Is it possible to do everything with "real" code and not any annotations? I was looking for something like the Servlet Async model where you

Re: Is Microsoft's spring-cloud-azure-starter-active-directory for Spring Boot 3 / Spring 6 compatible with Tomcat 10?

On 11/04/2023 20:28, BRUNO MELLONI wrote: I was able to migrate applications to Spring Boot 3 / Spring 6 (standalone or running on Tomcat 10) so long as authentication was NOT through Azure AD. But when I tried to migrate applications that used Microsoft's

Re: java.lang.IllegalStateException: Unable to find match between the canonical context path

On 09/04/2023 11:38, Chandru Mariraj wrote: I am migrating some of my spring projects from Spring 2 to spring 3.0.4. Most of them are communicating within Rest calls. I see for some requests I am getting the below error .

Re: Accessing Tomcat Sessions

On 02/04/2023 13:44, Chew Kok Hoor wrote: Hi, As part of a way to prevent concurrent login, and to re-assign a session back to a request based on JWT token (for clients that cannot pass us cookies), we need to access to the 'findSession' and 'findSessions' in org.apache.catalina.Manager.

Re: [org.apache.jasper.JasperException: Unable to compile class for JSP] with root cause

the NOAA web server. You might create a "grant" entries like this: // // The permissions granted to the context root directory apply to JSP pages. // grant codeBase "file:${catalina.base}/webapps/examples/-" { // permission java.net.SocketPermission "dbhost.mycompany.com:5

Re: Can't get RemoteIpValve to work

On 28/03/2023 21:08, Leon Rosenberg wrote: Sorry it took a little longer. Turns out that the actual RemoteIpValve works correctly, but the *Access Log Valve *doesn't. We were primarily looking into the localhost_access*logs, hence the confusion: Headers with RemoteIpValue on: header: host;

Re: Question regarding config.ini 'answer file'

On 28/03/2023 20:49, Jason Murray | ROI Solutions wrote: Hello, Apologies if my this my first post is misdirected. It isn't. All is good but thanks for checking. In a nutshell: my goal is to automate Tomcat 8.5 upgrades on Windows Server as much as possible. More specifically, I have been

Re: [org.apache.jasper.JasperException: Unable to compile class for JSP] with root cause

Hi, The mailing lists strips attachments so please provide the contents of your catalina.policy file in-line. Thanks, Mark On 27/03/2023 12:59, Kesavan, Suresh Prabhu (Fed) wrote: Hi There, I am new to this forum, please correct me if this is not the right place to ask below question.

Re: Requirements to support HTTPS

On 25/03/2023 14:16, Blake McBride wrote: Greetings, I wanted to confirm my suspicions regarding packages needed in tomcat to support HTTPS. The config I am using is: No. For that configuration you can use Tomcat Native 1.2.x or 2.0.x. Tomcat Native depends on OpenSSL and APR. Whether

Re: UnsatisfiedLinkError

You are using Tomcat Native 2.0.3. That does not support the HTTP APR/native connector (nor the AJP/native connector). You need to use Tomcat Native 1.2.x or switch to the HTTP NIO or HTTP NIO2 connector. Mark On 25/03/2023 01:13, Blake McBride wrote: Greetings, I am getting an unsatisfied

Re: Can't get RemoteIpValve to work

access log magic, puts the X-Forwarded-For in the localhost_access.log ... but strange nevertheless. On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas wrote: Maybe try commenting out the RemoteIpValve in Tomcat and retest so you can see exactly what headers Tomcat is seeing. Alternatively, since

Re: Can't get RemoteIpValve to work

Maybe try commenting out the RemoteIpValve in Tomcat and retest so you can see exactly what headers Tomcat is seeing. Alternatively, since this is over http, Wireshark or similar could help. Mark On 24/03/2023 10:29, Leon Rosenberg wrote: Hi, we have following setup apache 2.4 on a ubuntu

Re: service() failed with http error 502

fotech.com) 646.452.9349 - Original Message ----- From: "Mark Thomas" To: "users" Sent: Thursday, March 23, 2023 12:51:59 PM Subject: Re: service() failed with http error 502 And the workers.properties file? Mark On 23/03/2023 16:13, Luis Ramos wrote: Hi Apache

Re: service() failed with http error 502

And the workers.properties file? Mark On 23/03/2023 16:13, Luis Ramos wrote: Hi Apache Tomcat/9.0.65 from server.xml Luis J Ramos CNT Infotech Corp. (www.cntinfotech.com) 646.452.9349 - Original Message - From: "Mark Thomas" To: "users" Sent: Thur

Re: service() failed with http error 502

On 22/03/2023 19:20, Luis Ramos wrote: Hi List. In and around last windows updates for our WIN2019 box, our tomcat connector start to fail with the below error message. Setup is IIS 10->ISAPI connector => Tomcat 9 -> https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html Has someone

[SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure

CVE-2023-28708 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M2 Apache Tomcat 10.1.0-M1 to 10.1.5 Apache Tomcat 9.0.0-M1 to 9.0.71 Apache Tomcat 8.5.0 to 8.5.85 Description: When using the

Re: tag files compiled in wrong encoding?

On 21/03/2023 09:17, Holger Klawitter wrote: Hi there, I am investigating an encoding problem in the compiler for tag files: the following tag file (WEB-INF/tag/umlaut.tag): <%@tag trimDirectiveWhitespaces="true" pageEncoding="UTF-8" %> <%= "ü does not work" %> // bytes c3 bc (the file

Re: GoDaddy SSL certificate not working with Tomcat9

On 21/03/2023 01:09, Ralph Grove wrote: I'm having a problem installing a new SSL certificate on a GoDaddy-hosted server running Tomcat. Any suggestions for resolving it would be appreciated. I set up the server last year and installed the SSL certificate with no problem. This year, after the

Re: how to make tomcat 9 remember which application where stopped before shutdown

On 20/03/2023 10:09, Ivano Luberti wrote: Hi all , I would like to find a way to start tomcat with all the application stopped except the manager. My colleagues made a test manually  stopping an application and restarting tomcat. After the service restarted the application was up and

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

As you can see from Devtools it is missing Protocol HTTP2 and is hung there. image.png [04/Mar/2023:00:40:47 +] 10.40.207.127 - https-jsse-nio-127.0.0.1-8443-exec-54 Administrator "GET /versa/ncs-services/vnms/analyticgroup/all *HTTP/2.0*" 204 -

Re: AW: Unable to start application

Greetings, Thomas -BEGIN GEEK CODE BLOCK- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* --END GEEK CODE BLOCK-- On Sat, Mar 18, 2023 at 3:16 AM Mark Thomas

Re: Unable to start application

On 17/03/2023 23:18, John Dale (DB2DOM) wrote: ok - "mnet" should be "ment" From the logs excerpt I saw earlier in the thread, that needs fixing (although it was only a test element). I don't think it will break anything else but better to remove the noise from the logs. I figured I'd

Re: health check return 404 after upgrade from 70 to tomcat 9.0.71

em. Next I will go through these codes, but any clue? thanks Zhou Rui On Tue, 7 Mar 2023 at 00:34, Mark Thomas wrote: On 25/02/2023 17:57, Mark Thomas wrote: On 25/02/2023 15:47, Rui wrote: Hi recently upgraded tomcat to 9.0.71 from 9.0.70 but saw 404 in our EKS cluster(with istio installed) Rec

Re: Tomcat 9.0.72 and New Relic APM java agent issues

On 17/03/2023 14:02, Roe, Jennifer L wrote: Hi,    We have opened a case with New Relic. The behavior exists with the 7.11.1 and 8.0.1 java agents per multiple applications teams. [The behavior was first noticed with Tomcat 9.0.72; Tomcat 9.0.73 which was released shortly after 9.0.72 also

Re: CVE-2023-24998 : Apache Denial of Service

On 16/03/2023 05:33, S Abirami wrote: Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a

Re: Excluded service.bat From Maven Artefact

On 16/03/2023 04:01, LANDER Tim wrote: Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's: https://github.com/apache/tomcat/blob/6de806a21adc68a23aa4043c67c0d80bbab1c458/build.xml#L2825-L2828) are excluded from the tomcat maven artefact (org.apache.tomcat:tomcat). What's the

Re: HTTP2: How to check if the client aborted a request

On 14/03/2023 09:00, Robin Stevens wrote: Does anybody has a pointer on how to obtain this info through official APIs, or to some documentation related to this that I might have missed ? The short answer is that there is no way do this via the Servlet API that doesn't involved trying to

Re: OT: Disabling Stack Traces

On 13/03/2023 19:22, jonmcalexan...@wellsfargo.com.INVALID wrote: Hello everyone, I know that we can put the following in the section in the server.xml, but is there a way that we can force this setting in the catalina.properties, or some other way? Sorry, no. Mark Thanks, Dream *

Re: connecting tomcat server to eclipse java ee

This idiot has been unsubscribed from the mailing list and blocked from re-subscribing. Mark On 10/03/2023 03:03, Veliz Broncano wrote: Hi! You are very pretty - To unsubscribe, e-mail:

Re: HTTP Error 414. The request URL is too long.

On 09/03/2023 20:59, Seth Mayers wrote: I am running Apache Tomcat Version 9.0.48. If I post a transaction that is very large, I get the "414; The request URL is too long". I have tried adding a bunch of parameters to my server.xml file but none of them seem to work. I have tried:

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

On Thu, Mar 9, 2023 at 1:14 AM Mark Thomas wrote: On 08/03/2023 21:32, Bhavesh Mistry wrote: Hi Mark, We have a NAT rule that forwards 443 to 8443. OK. That explains the change in port. Trust me on that, we have a direct connection. To rule out any networking layer issues, I did direct ssh

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

:8080 *DNAT tcp -- anywhere anywhere tcp dpt:https to:127.0.0.1:8443 <http://127.0.0.1:8443>// this rule Fowards it to the 8443.* admin@SDWAN-VOAE1:~$ On Wed, Mar 8, 2023 at 12:29 PM Mark Thomas wrote: On 08/03/2023 19:52, Bhavesh Mistry wrote: H

Re: Encountered java.sql.sqlexception "the url cannot be null" starting from tomcat 9.0.71

: Mark Sent from Outlook for Android<https://aka.ms/AAb9ysg> From: Mark Thomas Sent: Wednesday, 8 March 2023, 20:14 To: users@tomcat.apache.org Subject: Re: Encountered java.sql.sqlexception "the url cannot be null" starting from tomc

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

without a body. Mark Thanks, Bhavesh On Wed, Mar 8, 2023 at 11:43 AM Mark Thomas wrote: On 08/03/2023 19:38, Bhavesh Mistry wrote: I will see if I can give a sample. But after removing JUST ONE LINE ( streamOutputBuffer.closed = true;) Everything seems to work. Somehow, firefox

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

On 08/03/2023 19:38, Bhavesh Mistry wrote: I will see if I can give a sample. But after removing JUST ONE LINE ( streamOutputBuffer.closed = true;) Everything seems to work. Somehow, firefox does not like an active stream being closed (I am not 100% what close does). I will try to work on a

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

On 08/03/2023 17:24, James H. H. Lampert wrote: Curious about one thing: on our IBM Midrange installations, log entries go into catalina.out. On our Cloud Linux installations, catalina.out is almost always completely empty, and I have to go into the dated catalina log files to see any entries.

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

On 08/03/2023 19:05, Bhavesh Mistry wrote: *Then, *I build 9.0.72 src code *without HTTP2 no Content commit, and firefox worked ( I just replace tomcat-coyote.jar) . What is your suggestion we do next? * Again, if you can provide a simple test case (with source code - should be no more

Re: Encountered java.sql.sqlexception "the url cannot be null" starting from tomcat 9.0.71

On 08/03/2023 11:58, Mark Thomas wrote: Thanks, I am able to recreate that stack trace. I am looking into the root cause now. Found it. There was a change in Commons DBCP to use "connectionString" rather than url internally and this was mistakenly applied to the lookup of

Re: Encountered java.sql.sqlexception "the url cannot be null" starting from tomcat 9.0.71

of the addressee and may contain information that is confidential or subject to legal professional privilege. If you receive this email in error, please immediately notify the sender and delete the email. -Original Message- From: Mark Thomas Sent: Wednesday, 8 March 2023 4:35 pm

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

On 08/03/2023 03:07, Bhavesh Mistry wrote: Hi Mark Thomas and Tomcat Team, We have a strange issue with Tomcat 9.0.72.  All 204 response does not complete in firefox.  It works in the Chrome browser.  If we downgrade the tomcat version is less than .72. Everything works on all browsers

Re: sslHostConfig and ciphers

On 08/03/2023 07:45, l...@kreuser.name wrote: Beware Jon, Am 08.03.2023 um 07:56 schrieb jonmcalexan...@wellsfargo.com.invalid : Fwiw, this is happening in an outbound connection originated by a springboot app hosted in Tomcat. Any known issues with this and handshake issues? What is

Re: Encountered java.sql.sqlexception "the url cannot be null" starting from tomcat 9.0.71

On 08/03/2023 03:50, Poh Wei Xiang wrote: Hi, I am encountering an issue validating my application database connectivity, it throws java.sql.SQLException: The url cannot be null upon validation. Full stack trace please. Mark The application is developed using Avaya’s Orchestration

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

On 07/03/2023 21:09, James H. H. Lampert wrote: Dear Mesrs. Thomas, Schultz, et al.: Changing it to "org.apache.coyote.http11.Http11NioProtocol" did the trick. The Tomcat 9 server launched, on our cloud Midrange box, and both it and the webapp contexts we have running seem to be working. It

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

d="true" scheme="https" secure="true" keystoreFile="/foo/tomcat/bar.ks" keyAlias="baz" clientAuth="false"  sslProtocol="TLS" /> To which Mark Thomas replied: Yes. This afternoon, I realized that I had a guinea pig avail

Re: health check return 404 after upgrade from 70 to tomcat 9.0.71

On 25/02/2023 17:57, Mark Thomas wrote: On 25/02/2023 15:47, Rui wrote: Hi recently upgraded tomcat to 9.0.71 from 9.0.70 but saw 404 in our EKS cluster(with istio installed) Received [GET /actuator HTTP/1.1 Host: x:8079 User-Agent: kube-probe/1.23+ Accept: */* Connection: close Accept

[ANN] Apache Tomcat 11.0.0-M4 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M4 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: 9.0.73 change log

rui On Sat, 4 Mar 2023 at 16:38, Mark Thomas wrote: Fixed. Thanks for letting us know. Mark On 03/03/2023 22:56, Adam Rauch wrote: Thanks, Tomcat team, for cranking out another release! I noticed a minor discrepancy on the main website home page (https://tomcat.apache.org/). In the "T

Re: [10.1.4] Dots in URL

On 06/03/2023 12:24, Martynas Jusevičius wrote: Hi, I have a JAX-RS application deployed on Tomcat. When a URL contains dots, I get a 422 Unprocessable Entity response which looks like it's coming from Tomcat. When I remove the dots, the request works fine and reaches my application. Is that

Re: Tomcat 9.0.71 Anomalies

- From: Mark Thomas Sent: Friday, March 3, 2023 1:32 AM To: users@tomcat.apache.org Subject: Re: Tomcat 9.0.71 Anomalies On 02/03/2023 21:54, jonmcalexan...@wellsfargo.com.INVALID wrote: Hello gentle beings, I have a couple of application teams having issues since getting upgraded to Tomcat

Re: 9.0.73 change log

Fixed. Thanks for letting us know. Mark On 03/03/2023 22:56, Adam Rauch wrote: Thanks, Tomcat team, for cranking out another release! I noticed a minor discrepancy on the main website home page (https://tomcat.apache.org/). In the "Tomcat 9.0.73 Released" section, "Tomcat 9 changelog"

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

On 03/03/2023 17:44, James H. H. Lampert wrote: On 3/2/23 3:50 PM, jonmcalexan...@wellsfargo.com.INVALID wrote: Yes, Tomcat9 runs under Java8 and above. Ok, another question: will Tomcat 9 accept a "legacy" connector definition in the form as shown below?  

Re: Tomcat 9 crashes because of a Windows update

of the log files. I suggest the following: - delete (or move) all the existing logs - configure Commons Daemon for debug logging - start the Tomcat service - wait for the service to stop Provide us with all the logs. Thanks, Mark - Katie Le jeu. 2 mars 2023 à 15:09, Mark Thomas <mailto

Re: Tomcat 9.0.71 Anomalies

On 02/03/2023 21:54, jonmcalexan...@wellsfargo.com.INVALID wrote: Hello gentle beings, I have a couple of application teams having issues since getting upgraded to Tomcat 9.0.71. Upgrading from which Tomcat version? The main one has to do with an application that has run fine in the past

Re: Unpackwar

On 02/03/2023 14:43, Christopher Schultz wrote: Mark, On 3/2/23 09:39, Mark Thomas wrote: On 02/03/2023 14:20, Devatha Naga Puneeth wrote: Hi, I checked the documentation and only understood that if unpackwar enabled then contents of the application will be extracted in the appBase. What

Re: Unpackwar

On 02/03/2023 14:20, Devatha Naga Puneeth wrote: Hi, I checked the documentation and only understood that if unpackwar enabled then contents of the application will be extracted in the appBase. What is the use of UnpackWar to false ? When to prefer true and false ? Generally, unpacked web

Re: Tomcat 9 crashes because of a Windows update

- Katie Le jeu. 2 mars 2023 à 11:10, Mark Thomas a écrit : On 02/03/2023 08:49, Katie S wrote: Sorry for being unclear and thank you for your answer. I can start Tomcat but after a few minutes it stops working. And everytime I restart it, the behavior is the same. Again, define &q

Re: Tomcat 9 crashes because of a Windows update

On 02/03/2023 08:49, Katie S wrote: Sorry for being unclear and thank you for your answer. I can start Tomcat but after a few minutes it stops working. And everytime I restart it, the behavior is the same. Again, define "stops working". Mark - Katie Le jeu. 2 mars 2023 à 0

Re: Tomcat 9 crashes because of a Windows update

On 02/03/2023 08:28, Katie S wrote: Hello, Do you have any information on Tomcat 9 not working after some Windows Updates ? We have installed the KB5022838 on our Windows Server 2016 Standard and since this we can restart Tomcat but it stops working after only few minutes. Define "stops

Re: CVE2023-24998 configuration

The default (limit of 10,000 for combined total of query parameters and upload parts) should be sufficient to mitigate the issue. You can, of course, set the limit lower if you like (maxParameterCount on the Connector(s) in server.xml). Mark On 28/02/2023 16:24, A Name wrote: Just to

Re: Log rotation issue

cation? It shouldn't be Tomcat. Can you provide a few examples? Mark From: Mark Thomas Date: Monday, 27 February 2023 at 11:17 PM To: users@tomcat.apache.org Subject: Re: Log rotation issue On 27/02/2023 02:28, Ragavendhiran Bhiman (rabhiman) wrote: Hi we are facing log rotation issue i

Re: Log rotation issue

On 27/02/2023 02:28, Ragavendhiran Bhiman (rabhiman) wrote: Hi we are facing log rotation issue in apache tomcat. Our configurations like below handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler,

Re: Tomcat V8.5.85

and delete this message. Thank you for your cooperation. -Original Message- From: Mark Thomas Sent: Saturday, February 25, 2023 11:56 AM To: users@tomcat.apache.org Subject: Re: Tomcat V8.5.85 On 24/02/2023 18:50, Nitish Khune wrote: HI, Since I upgraded from 8.5.84 to 8.5.85 or later

Re: 9.0.70 / 9.0.71 regression?

Looks like this is the issue: https://bz.apache.org/bugzilla/show_bug.cgi?id=66488 That you only see the problem when using the SSO layer is consistent with our understanding of that bug. Mark On 16/02/2023 08:37, Mark Thomas wrote: On 16/02/2023 00:42, Dan Armbrust wrote: Are there any

Re: How to update tomcat to user different version of commons-fileupload

On 25/02/2023 17:28, Ph. Dinh wrote: Hi, Is there a way to try different versions of commons-fileupload (i.e 1.3, 1.4, and 1.5) on a Tomcat server (either 9.0 or 10.x)? Drop the necessary JARs (commons-dbcp, commons-pool) into $CATALINA_BASE/lib and then configure your DataSource Resource

Re: health check return 404 after upgrade from 70 to tomcat 9.0.71

On 25/02/2023 15:47, Rui wrote: Hi recently upgraded tomcat to 9.0.71 from 9.0.70 but saw 404 in our EKS cluster(with istio installed) Received [GET /actuator HTTP/1.1 Host: x:8079 User-Agent: kube-probe/1.23+ Accept: */* Connection: close Accept-Encoding: gzip ] Incoming request /health

Re: Tomcat V8.5.85

On 24/02/2023 18:50, Nitish Khune wrote: HI, Since I upgraded from 8.5.84 to 8.5.85 or later, Any REST API with below header throws a context mismatch exception Sample header : --header 'Cookie:

Re: emulate slowloris DoS attack on apache-tomcat-9.0.71

On 24/02/2023 05:57, Manohar Mikkili wrote: I am trying to emulate the slowloris DoS attack on Tomcat v9.0.71 Despite much deliberation, I failed to achieve this. Since this CVE is a pretty old one(circa 2012) my guess is that the same has been taken care of in the subsequent Tomcat releases. I

Re: Tomcat 7.0.54

On 23/02/2023 21:41, a.grub...@bluewin.ch wrote: Hi all Can you tell me if there is a difference between Tomcat 7.0.54 with Oracle JRE 1.8.0_221 and OpenJDK 1.8.0_342 from a functional perspective? Tomcat should behave exactly the same way with either of those JVMs. However, the Tomcat

Re: Database related performance degradation after upgrading from Tomcat 9.0.33 to Tomcat 9.0.69

. Mark Thank you, Artur Tomusiak On Wed, Feb 22, 2023 at 12:43 PM Mark Thomas wrote: On 22/02/2023 04:58, Konstantin Kolinko wrote: ср, 22 февр. 2023 г. в 01:31, Artur Tomusiak - Hannon Hill : After upgrading from Tomcat 9.0.33 to Tomcat 9.0.69, Note that using a binary search (bisection

Re: Got a customer who's paranoid about Manager

On 23/02/2023 16:49, James H. H. Lampert wrote: On 2/22/23 9:23 AM, Mark Thomas wrote: Alternatively, you can use denyStatus="404" on the RemoteAddrValve. That attribute should be available in all versions of all currently supported Tomcat releases (it was added back in 2011). Y

[ANN] Apache Tomcat 11.0.0-M3 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M3 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: Any successful SSL Implementation on Tomcat 9.0.69, Java 11, and Oracle ORDS 22.2?

On 22/02/2023 19:59, James Boggs wrote: Has anyone been able to complete a successful SSL Implementation on Tomcat 9.0.69, Java 11, and Oracle ORDS 22.2? We had SSL working with Tomcat 9.0.65, Java 8, and ORDS 21, on an Oracle 19c database with Oracle APEX 21 (on Windows Server 2012). Now

Re: Got a customer who's paranoid about Manager

On 22/02/2023 17:49, James H. H. Lampert wrote: On 2/22/23 9:23 AM, Mark Thomas wrote: Fire them and hire a security consultant with a proper understanding of risk? Pardon my Yiddish, but "Fun dayn moyl in Gots oyern." (From your mouth to God's ears. Such a colorful language.)

Re: Database related performance degradation after upgrading from Tomcat 9.0.33 to Tomcat 9.0.69

On 22/02/2023 04:58, Konstantin Kolinko wrote: ср, 22 февр. 2023 г. в 01:31, Artur Tomusiak - Hannon Hill : After upgrading from Tomcat 9.0.33 to Tomcat 9.0.69, Note that using a binary search (bisection) one could limit the version range. Relevant version information is: 9.0.71 - DBCP

Re: Got a customer who's paranoid about Manager

On 22/02/2023 17:10, James H. H. Lampert wrote: We've got a customer -- the same one that was our first test of a working RemoteAddrValve -- whose security consultant is complaining that a potential intruder can confirm the *existence* of the manager context (because it returns a 403, as

Re: Query about support for OpenSSL 1.1.1

but that can be overridden if desired. Mark Regards Vivek Singh -Original Message- From: Mark Thomas Sent: 15 February 2023 16:43 To: users@tomcat.apache.org Subject: Re: Query about support for OpenSSL 1.1.1 On 15/02/2023 10:30, Vivek Naruka (EXT-NSB) wrote: Hi Tomcat Support Team

[SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts

Re-sending with corrected credit CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 Apache Tomcat 10.1.0-M1 to 10.1.4 Apache Tomcat 9.0.0-M1 to 9.0.70 Apache Tomcat 8.5.0 to

[SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts

CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 Apache Tomcat 10.1.0-M1 to 10.1.4 Apache Tomcat 9.0.0-M1 to 9.0.70 Apache Tomcat 8.5.0 to 8.5.84 Description: Apache Tomcat

<    1   2   3   4   5   6   7   8   9   10   >