James,
On 12/13/21 19:24, James H. H. Lampert wrote:
I can *barely* wrap my mind around the idea of getting executable code
from an RMI server, but what legitimate purpose could be served by
allowing a *logger* to resolve executable code?
None. The designers of log4j probably were thinking
James,
On 12/13/21 14:48, James H. H. Lampert wrote:
On 12/13/21 10:53 AM, Mark Thomas wrote:
Log4j2 supports a log message format syntax that includes JNDI lookups.
Log4j2 processes log messages repeatedly until it doesn't find any
more format strings. This means the output of one format
--Original Message-----
From: Christopher Schultz
Sent: Monday, December 13, 2021 11:39 AM
To: users@tomcat.apache.org
Subject: Re: log4j CVE general question
Jon,
On 12/13/21 11:51, jonmcalexan...@wellsfargo.com.INVALID wrote:
So, based on these entries on the log4j apache pages, I can't see t
Jon,
On 12/13/21 11:51, jonmcalexan...@wellsfargo.com.INVALID wrote:
So, based on these entries on the log4j apache pages, I can't see
that any 1x product is vulnerable. Mark, is there some message from
Apache that we can share with those that need to know that for
certain 1x log4j is NOT
Tim,
Adding to what others have posted...
On 12/13/21 03:57, Scott,Tim wrote:
Suspecting that someone here knows the answer immediately, I thought I’d
ask.
If you do not know the answer, please don’t spend any time
investigating: I’ll do that later today and update everyone whether or
not
Mark,
On 12/11/21 18:39, Mark Thomas wrote:
On 11/12/2021 22:04, Sebastian Hennebrüder wrote:
Hi all,
I reproduced the attack against Tomcat 9.0.56 with latest Java 8 and
Java 11. Actually the Java path version is not relevant.
Utter nonsense. Tomcat is not vulnerable to this attack.
It
All,
On 12/11/21 03:18, Mark Thomas wrote:
On 10/12/2021 22:17, James H. H. Lampert wrote:
A customer brought this to my attention:
https://www.randori.com/blog/cve-2021-44228/
I have no idea how (or if) Tomcat is affected. I have only the vaguest
idea what this vulnerability even *is.*
All,
On 12/11/21 03:18, Mark Thomas wrote:
On 10/12/2021 22:17, James H. H. Lampert wrote:
A customer brought this to my attention:
https://www.randori.com/blog/cve-2021-44228/
I have no idea how (or if) Tomcat is affected. I have only the vaguest
idea what this vulnerability even *is.*
James,
On 12/10/21 11:52, James H. H. Lampert wrote:
On 12/10/21 8:38 AM, Mark Thomas wrote:
. . .
The messages are there to warn you that you might have a malicious
actor trying a brute force attack on your server.
Can anybody point me to a good tutorial for constructing a regular
Mark,
On 12/9/21 00:54, Mark Eggers wrote:
Then there's clustering without multicast. Right now we don't use
sessions, so I am not concerned about clustering. However, we will have
some applications in the near future that will require sessions.
Clustering across availability zones, and
James,
On 12/8/21 13:21, James H. H. Lampert wrote:
Also, based on what "yum check-update" returned, it appears that at the
moment, I can only go as far as 8.5.72, rather than 8.5.73. Is there a
way to go all the way to 8.5.73 without fundamentally changing how
Tomcat is installed on that
James,
On 12/8/21 13:14, James H. H. Lampert wrote:
On 12/8/21 9:46 AM, jonmcalexan...@wellsfargo.com.INVALID wrote:
I think it's going to come down to how the 8.5.58 was installed. Was
it via an rpm or zip file? I have used both methods and you should be
able to install the 8.5.73 without
Phil,
On 12/8/21 15:23, Phil Steitz wrote:
On 12/8/21 6:36 AM, Christopher Schultz wrote:
Jerry,
On 12/7/21 20:59, Jerry Malcolm wrote:
Chris, The way I thought it worked was if I configured
'RemoveAbandonedOnBorrow' and RemoveAbandonedTimeout="15" was that
each time I reque
Hiran,
On 12/8/21 03:44, Hiran CHAUDHURI wrote:
My organization requires that Tomcat releases - especially patches -
get tested before we propagate them into production environments. For
sure similar tests are run by the ASF before releasing the software
at all.
Is there a way to run the very
and logAbandoned="true". You'll find any leaks
VERY quickly. ;)
-chris
On 12/7/2021 2:31 PM, Christopher Schultz wrote:
Jerry,
On 12/4/21 23:06, Jerry Malcolm wrote:
I had a db connection leak in my code where an error condition would
throw an exception and bypass the connection cl
Jerry,
On 12/4/21 23:06, Jerry Malcolm wrote:
I had a db connection leak in my code where an error condition would
throw an exception and bypass the connection cleanup code. I found that
and fixed it. But before I found the problem, my program was
overrunning the max connections and locking
Jon,
On 12/6/21 10:28, Jonathan Yom-Tov wrote:
I have a single instance of Tomcat (version 9.0.54) in which the thread
count on a connector thread pool doesn't reduce despite most of the threads
(198/200) being idle. If I understand correctly the default idle time
before a thread is reaped is
Mark,
On 12/3/21 05:29, Mark Thomas wrote:
On 03/12/2021 10:00, Keil, Matthias (ORISA Software GmbH) wrote:
Hi Mark, sorry for the late reply. Unfortunately I was sick.
Thanks for your advice. The error was in front of the computer . I
had misspelled the context path in the appContext
Now
Jerry,
On 12/1/21 11:44, Jerry Malcolm wrote:
Chris,
On 11/30/2021 11:41 PM, Jerry Malcolm wrote:
On 11/30/2021 1:58 PM, Christopher Schultz wrote:
Jerry,
On 11/30/21 14:17, Jerry Malcolm wrote:
Chris, Thanks for the response.
Sorry... forgot to include the TC ver -- 8.5.69.
I had
equest, is recycled):
public void recycle() {
type=T_NULL;
byteC.recycle();
charC.recycle();
strValue=null;
hasStrValue=false;
hasHashCode=false;
hasLongValue=false;
}
So it definitely looks like your request has been recycled somehow.
-chr
Simon,
On 11/30/21 08:21, Simon Matter wrote:
I'm running an application on Tomcat 9.0.55 on x86_64 Linux with OpenJDK
JRE-11.0.13+8 and have problems shutting down Tomcat in certain ways.
When I shutdown Tomcat via 'catalina.sh stop', it shuts down mostly (most
threads are gone) but send a
Jerry,
On 11/29/21 19:33, Jerry Malcolm wrote:
Can anyone tell me what I might be doing that would cause an NPE inside
the request object on getRequestURL()? The NPE only happens about 10%
of the time. I can't figure out what is happening differently in that
10% of the calls to this code.
JK,
On 11/25/21 04:23, jkla...@iki.fi wrote:
On Wednesday, Nov 24, 2021 at 7:37 PM, Christopher Schultz
mailto:ch...@christopherschultz.net)> wrote:
(on the significance of DBCP overall)
It's essentially "failing faster" or, IMO, "failing safer."
All right, I thi
JK,
On 11/24/21 08:03, jkla...@iki.fi wrote:
On Tuesday, Nov 23, 2021 at 4:20 PM, Christopher Schultz
mailto:ch...@christopherschultz.net)> wrote:
ProxySQL is, mostly, a load-balancing and caching product. Sure, it can
provide connection-pooling, but that doesn't mean that you want y
JK,
On 11/23/21 08:23, jkla...@iki.fi wrote:
I've been tasked with the maintenance of a client's legacy Tomcat 8.0
application servers. The person who initially configured Tomcat on
them is no longer with the company, and I've basically been thrown
into the deep end with no prior Tomcat or Java
Priyank,
On 11/22/21 03:13, priyank agarwal wrote:
I am trying to replace javax references to jakarta in my project as per the
Jakarta EE9 standard. The problem is I am unable to find a jakarta
dependency for
javax.portlet:portlet-api
In this jar there is an interface *PortletRequest*, of
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.73.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
Michael,
On 11/16/21 17:05, Michael B Allen wrote:
https://people.apache.org/~schultz/presentations/ApacheCon%20NA%202020/Splitting%20Your%20Tomcat%20Installation.pdf
Thanks. That's what I'm looking for.
Slightly related: Instead of setting environment variables in your
profile and running
) situation and
store the appropriate path in the registry, understanding that any
change to the file-layout would require a refresh of that stored-info.
-chris
-Original Message-
From: Christopher Schultz
Sent: Tuesday, November 16, 2021 11:39 AM
To: users@tomcat.apache.org
Subject: Re
v 15, 2021 at 4:31 PM Christopher Schultz
wrote:
conf
All of the conf files.
Specifically, you'll want server.xml and web.xml. You can also choose to
customize context.xml, and put any [engine]/[host]/[webapp].xml
deployment descriptors there.
Hi chros,
Ok, so then the minimum required is
Michael,
On 11/15/21 17:23, Michael B Allen wrote:
On Mon, Nov 15, 2021 at 4:31 PM Christopher Schultz
wrote:
conf
All of the conf files.
Specifically, you'll want server.xml and web.xml. You can also choose to
customize context.xml, and put any [engine]/[host]/[webapp].xml
deployment
ost to
users@tomcat.apache.org with a new subject.
-chris
On Tue, 16 Nov, 2021, 3:01 am Christopher Schultz, <
ch...@christopherschultz.net> wrote:
Jon,
On 11/15/21 15:20, jonmcalexan...@wellsfargo.com.INVALID wrote:
Files Required in CATALINA_BASE:
bin
Only shell scripts or bat
Jon,
On 11/15/21 15:20, jonmcalexan...@wellsfargo.com.INVALID wrote:
Files Required in CATALINA_BASE:
bin
Only shell scripts or batch files. Make sure that setenv.sh or
setenv.bat sets and passes the CATALINA_BASE and CATALINA_HOME
locations properly.
You can't use CATALINA_BASE/bin/setenv.sh
David,
On 11/4/21 09:50, David J Pearson wrote:
Hi - What are the end of life / end of support dates for v8.5 and v9
please ?
No dates have been announced.
Typically, the Tomcat team will support 3 concurrent versions of Tomcat.
Right now, those are 10.0, 9.0, and 8.5.
Tomcat 10.0
Suvendu,
On 10/28/21 12:55, Suvendu Sekhar Mondal wrote:
Hello Everyone,
I was investigating one thread pool exhaustion issue. Thread dump
analysis showed that all HTTP threads were waiting for a ReentrantLock
object. Object address 0x00066d727f28 were same for all of the
waiting threads:
Mark,
On 10/26/21 15:56, Mark Thomas wrote:
On 26/10/2021 09:47, Poison wrote:
Thank you for your detailed explanation. Now I understand the
background of this part of the comment. When corePoolSize is equal to
maxThreads, the native implementation will create threads first.
There is
tianshuang,
On 10/23/21 23:44, Poison wrote:
Tomcat version: 8.5.72
org.apache.tomcat.util.threads.TaskQueuesource
code:https://github.com/apache/tomcat/blob/8.5.72/java/org/apache/tomcat/util/threads/TaskQueue.java#L33
In the comments of theTaskQueueclass, it mentions "If you use a normal
the
behavior OP is reporting, here.
All the evidence so far points to user error.
+1
-chris
-Original Message-
From: Christopher Schultz
Sent: Monday, October 18, 2021 10:14 PM
To: users@tomcat.apache.org
Subject: Re: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL
Natraj
Natraj,
On 10/18/21 01:19, Natraj Thekkan wrote:
@Mark
Thanks for your response.
We have tested by removing that line of code, still client able to establish
the connection with server using TLSv1 and TLSv1.1. Below one is configured in
java.security file.
Werner,
On 10/15/21 09:10, Werner Dähn wrote:
Thanks Mark. Why do you believe the refactoring is difficult? All we
actually need is access to the response object.
... which requires a lot of refactoring. Have a look at all the code
that handles authentication in Tomcat.
This would allow to
Gerhardt,
On 10/12/21 13:27, Martin, Gerhardt A wrote:
Running Tomcat 9.0.50 on Centos 7.9.x Linux and using Tomcat JDBC connection
pool to connect to my application's databases. My app connects to about a dozen
read only databases and one read/write database. Here is a typical resource
Mark,
On 10/10/21 13:47, Mark Thomas wrote:
On 10/10/2021 13:00, Christopher Schultz wrote:
On 10/9/21 04:52, Mark Thomas wrote:
If the user is using e.g. BouncyCastle, IBM's JRE, Corretto, etc.
those ciphers might be available in those environments. (It looks like
BC supports
Mark,
On 10/9/21 04:52, Mark Thomas wrote:
On 08/10/2021 19:34, Farber, Ilja wrote:
Hi all,
I noticed org.apache.tomcat.util.net.openssl.ciphers.Cipher does not
define the cipher suites defined by rfc 6367 and 6209. The ciphers are
listed
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.72.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
henticator as the class name.
Hope that helps,
-chris
On 10/5/2021 1:54 PM, Christopher Schultz wrote:
Jerry,
On 10/5/21 12:23, Jerry Malcolm wrote:
hi Chris, thanks for the feedback.
I'm not using JWTs. I'm just sending a base64 token made up of
"a:b:c:d:e". I don't mind cloning th
ings to orient
yourself. Feel free to extend BasicAuthenticator and override whatever
you need. Ultimately, it will need to do whatever you need it to do and
then set a Principal on the request (and/or session). Again, looking at
the BasicAuthenticator source will help a lot.
-chris
On 10/5/202
ndler.
But if your header is formatted enough like HTTP Basic and you can match
input-password (or whatever) against the stored credential without the
username, then maybe you can get away with only a CredentialHandler.
-chris
On 10/4/2021 8:49 AM, Christopher Schultz wrote:
Michael,
t;?
Probably not that much. Looking at Tomcat's BasicAuthenticator you'd
have to override most of it to do this anyway so I'd probably copy it as
the starting point and then edit it.
+1
-chris
On 10/4/2021 8:49 AM, Christopher Schultz wrote:
Michael,
On 10/3/21 11:58, Michael Osipo
Michael,
On 10/3/21 11:58, Michael Osipov wrote:
Am 2021-10-02 um 02:48 schrieb Jerry Malcolm:
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google
for info. I found one post where the answer included the statement:
Jerry,
On 10/1/21 20:48, Jerry Malcolm wrote:
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google for
info. I found one post where the answer included the statement:
"Extending from AuthenticatorBase is a great
Greg,
On 9/28/21 06:52, Greg Huber wrote:
Hello,
Are there any best practice notes for the manager app?
eg, if include the app in webapps I get a context on my site, do I
create a long name for the folder (the url) to hide it?
eg folder called reallylongmanager1234567890
so I get
Mark,
On 9/27/21 16:21, Mark Thomas wrote:
On 27/09/2021 20:27, Усманов Азат Анварович wrote:
Hi everyone! Does anybody know where/when to find the
video/audio/slides (if any) from the last weeks's tomcat track on
ApacheCon 2021?Because I completely missed it last week.
I'm assuming all
Kuang Neu,
On 9/25/21 04:48, Yi Kuang Niu wrote:
As is known,when the client accesses the server, the server will create a
session and send the sessionId (in the form of cookie) to the client.But these
days,I met a problem.I found the IE11 browser doesn’t support cookie if the
cookie version
pe certificate chain for the
client-certificate.
Is there any particular reason why you are using RSA for the CA and EC
for the client-cert?
-chris
-Original Message-----
From: Christopher Schultz
Sent: Wednesday, September 22, 2021 6:16 PM
To: users@tomcat.apache.org
Subject: {EXTERNAL} Re:
Sreevidya,
On 9/22/21 12:25, Mandava, Sreevidya wrote:
Tomcat version : 8.5.70
Attached my self -signed client cert(ecdsatestclient.crt_txt), self
signed CA (rsatestca_original.crt_txt)output from openssl
(defaultciphersuite.txt) my connector configuration(connector.txt)
Your attachment
, Sep 21, 2021 at 5:25 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Priyanka,
On 9/21/21 13:52, Kumawat, Priyanka wrote:
Hello Team ,
Please find the error details as below -
The site can’t provide a secure connection .
xmotam01.phl.com uses an unsupported pr
Andrew,
On 9/21/21 13:54, Javateck wrote:
Hi,
With NIO connector with Servlet 3.1 support, I’m registering with a
ReadListener, while it got the first read signal from tomcat container (I tried
9.0.19 and 9.0.53), the read call is blocked after isReady returns true
if
Priyanka,
On 9/21/21 13:52, Kumawat, Priyanka wrote:
Hello Team ,
Please find the error details as below -
The site can’t provide a secure connection .
xmotam01.phl.com uses an unsupported protocol
ERR_SSL_VERSION or CIPHER MISMATCH
Unsupported protocol – The client and server don;t
All,
ApacheCon @Home starts today at 13:00 UTC (15 minutes from now, as I
write this). Please join us for opening keynotes followed by the Apache
Tomcat presentation track featuring the following topics:
- Apache Tomcat: New and Upcoming
- HTTP/2, HTTP/3, and TLS Start of the Art in our
Bernd,
On 9/17/21 03:52, Bernd Schatz wrote:
Hi Matthias,
Am 17.09.21 um 09:39 schrieb bernd.sch...@daimler.com:
From: "Keil, Matthias (ORISA Software GmbH)"
To: users@tomcat.apache.org
Subject: JASPIC AuthConfigProvider packaged with the web application
not found
I would like to
All,
ApacheCon is coming back to your living room / bed room / home office
next week, Tuesday - Thursday, mostly centered on the US-Eastern time zone.
There is *zero cost* to attend the conference.
https://www.apachecon.com/acah2021/
The Tomcat track is only happening on Tuesday, including
, I'll just update the reference.
+1 to updating the reference to point to Libra.Chat.
-chris
On Tue, May 25, 2021 at 9:19 AM Coty Sutherland wrote:
On Thu, May 20, 2021 at 1:03 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Coty,
On 5/19/21 15:28, Coty Sutherland wrot
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.71.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
Mike,
On 9/13/21 10:56, Mike Webb wrote:
I manage a web application that uses REST Web Services. After upgrading from
8.5.30 to 8.5.58, the web services return 403 messages.
Commenting out the and sections below allows
the web services to run again, but it does remove the security
Pradeep,
On 9/13/21 09:35, Pradeep wrote:
I am using Tomcat 7.0.57, I can't change the Tomcat version now.
Running my previous "forge" file (with GET http://www.microsoft.com/,
the the forged Host header) against Tomcat 7.0.57:
$ nc localhost 8080 < forge
HTTP/1.1 200 OK
Server:
reproduce this "attack">?
-chris
On Mon, 13 Sep 2021, 2:28 pm Christopher Schultz, <
ch...@christopherschultz.net> wrote:
Pradeep,
On 9/10/21 17:38, Pradeep wrote:
My application is HTTPS not HTTP and now one of the application security
platforms WhitHatSec raised this v
Peter,
On 9/13/21 04:12, Peter Rader wrote:
Chris,
Gesendet: Donnerstag, 09. September 2021 um 22:15 Uhr
Von: "Christopher Schultz"
An: users@tomcat.apache.org
Betreff: Re: Aw: tomcat hangs
Peter,
On 9/9/21 08:21, Peter Rader wrote:
I might noticed a simmilar issue: I r
Barry,
On 9/12/21 12:59, Barry Kimelman wrote:
I just installed tomcat 9.0.52 on my linux ubuntu 20.04 LTS system.
I was successfully able to run the manager app as a test.
Now I am trying to build an application that I had worked on quite a while
ago in an older version of tomcat.
I have a
the RemoteAddrValve[1].
The valve enforces client identity, not the host the client is trying to
access. It also works on IP addresses, not hostnames. I'm surprised you
were able to access anything at all.
-chris
[1]
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Valve
On Fri,
Pradeep,
On 9/10/21 06:19, Pradeep wrote:
Hi Team,
I need your help to fix HTTP Host header attacks.
I'm currently in the process of trying to fix a site vulnerability,
basically it is one type of the "Improper Input Handling" attack.
Let's say my website is www.mywebsite.com and there is
Peter,
On 9/9/21 08:21, Peter Rader wrote:
I might noticed a simmilar issue: I ran the JVM in a linux OS on a VM
(in virtualbox btw). The jdk for some reason request a random number.
The JDK asks the LinuxOS for a new random number (maybe in the hope
to use a hardware-based TRNG). Since this
Mark,
On 9/9/21 03:05, Mark Thomas wrote:
On 08/09/2021 20:50, Christopher Schultz wrote:
Mark,
On 9/8/21 11:28, Mark Thomas wrote:
On 08/09/2021 16:15, Gilles Robert wrote:
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
You ne
Mark,
On 9/8/21 11:28, Mark Thomas wrote:
On 08/09/2021 16:15, Gilles Robert wrote:
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
You need to talk to the Spring folks then. Default Tomcat behaviour is
to return a 405 with an error message in
Jerry,
On 9/7/21 15:49, Jerry Malcolm wrote:
On 9/7/2021 2:35 PM, Christopher Schultz wrote:
Jerry, Rémy,
On 9/3/21 07:15, Rémy Maucherat wrote:
On Fri, Sep 3, 2021 at 2:46 AM Jerry Malcolm
wrote:
I have a requirement to start a new log database on the first of every
month. I still need
Jerry, Rémy,
On 9/3/21 07:15, Rémy Maucherat wrote:
On Fri, Sep 3, 2021 at 2:46 AM Jerry Malcolm wrote:
I have a requirement to start a new log database on the first of every
month. I still need to have access to older monthly log databases. I
do not want to create a bunch of hardcoded
are
pointing to. Are you sure you are running out of files with many
database connections, or is it just a suspicion?
You can probably also ask the database how many connections are open.
-chris
-Original Message-
From: Christopher Schultz
Sent: Tuesday, August 31, 2021 11:50 AM
To: users
Yeggy,
On 8/31/21 11:22, Yeggy Javadi wrote:
Please indicate if there is any debug option and log that can trace
sockets open by tomcat to identify when and by which application
function a socket is open.
Do you mean a web application?
Tomcat manages incoming HTTP/2/Websocket/APR connections
Rinilnath,
On 8/31/21 09:54, rinilnath r wrote:
Hi Chris,
Java : 1.8.0_45
OS : Windows 7
Also, can you please post the full stack trace of the
UnsupportedOperationException?
-chris
-
To unsubscribe, e-mail:
Rinilnath,
On 8/31/21 09:54, rinilnath r wrote:
On 8/31/21 09:23, rinilnath r wrote:
I am using tomcat Http11nio2protocol. I configured it in server XML.
When I start the server it failed to start
UnsupportedOperationException. SO_LINGER not supported
Any help please?
Please post:
1.
Rinilnath,
On 8/31/21 09:23, rinilnath r wrote:
I am using tomcat Http11nio2protocol. I configured it in server XML.
When I start the server it failed to start
UnsupportedOperationException. SO_LINGER not supported
Any help please?
Please post:
1. Your Java version
2. Your OS and version
Terrence and Jerry,
On 8/27/21 21:33, Terence M. Bandoian wrote:
On 8/27/2021 2:31 PM, Jerry Malcolm wrote:
On 8/27/2021 1:30 PM, Mark Eggers wrote:
On 8/27/2021 11:16 AM, Jerry Malcolm wrote:
On 8/27/2021 11:55 AM, Christopher Schultz wrote:
Mark and Jerry,
On 8/26/21 22:03, Mark Eggers
Piyush,
On 8/24/21 23:47, Piyush Sharma wrote:
On Mon, Aug 23, 2021 at 8:29 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Piyush,
On 8/22/21 03:54, Piyush Sharma wrote:
On Fri, Aug 20, 2021 at 10:40 PM Christopher Schultz <
ch...@christopherschultz.net> wro
Jerry,
On 8/27/21 14:16, Jerry Malcolm wrote:
On 8/27/2021 11:55 AM, Christopher Schultz wrote:
Mark and Jerry,
On 8/26/21 22:03, Mark Eggers wrote:
Jerry,
On 8/26/2021 6:35 PM, Jerry Malcolm wrote:
I am encountering a weird problem. I'm getting the following SQL
error on an INSERT
Jerry,
On 8/27/21 14:16, Jerry Malcolm wrote:
On 8/27/2021 11:55 AM, Christopher Schultz wrote:
Mark and Jerry,
On 8/26/21 22:03, Mark Eggers wrote:
Jerry,
On 8/26/2021 6:35 PM, Jerry Malcolm wrote:
I am encountering a weird problem. I'm getting the following SQL
error on an INSERT
Polina,
On 8/26/21 10:48, Polina Georgieva wrote:
Currently the RestCsrfPreventionFilter is responding with 403 response when
the csrf token sent in the request is different from the one stored in the
session.
However except the 403 response code visible in the http access log file,
there’s no
Srijith,
On 8/27/21 06:50, Srijith Kochunni wrote:
We have a project requirement that we need to scale up to accept very
high number of connections. I understand that setting maxConnections
to -1 will disable the counting of the connections. I just wanted to
know whether there are any
Mark and Jerry,
On 8/26/21 22:03, Mark Eggers wrote:
Jerry,
On 8/26/2021 6:35 PM, Jerry Malcolm wrote:
I am encountering a weird problem. I'm getting the following SQL error
on an INSERT command.
com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation:
Incorrect datetime value:
Mark, James,
On 8/24/21 20:40, Mark Eggers wrote:
Folks,
On 8/24/2021 3:55 PM, Christopher Schultz wrote:
James,
On 8/24/21 17:20, James H. H. Lampert wrote:
I could have sworn I asked about this over a year ago, but I can't
find any record of having done so.
We've got a low-priority
Jon,
On 8/24/21 19:51, jonmcalexan...@wellsfargo.com.INVALID wrote:
Chris,
-Original Message-
From: Christopher Schultz
Sent: Tuesday, August 24, 2021 5:52 PM
To: users@tomcat.apache.org
Subject: Re: UserDatabaseRealm and DIGEST
Jon,
On 8/24/21 12:53, jonmcalexan
James,
On 8/24/21 17:20, James H. H. Lampert wrote:
I could have sworn I asked about this over a year ago, but I can't find
any record of having done so.
We've got a low-priority complaint about a security scan looking for
"test.jsp" on one of our installations, expecting a 404 response, and
Jon,
On 8/24/21 12:53, jonmcalexan...@wellsfargo.com.INVALID wrote:
-Original Message-
From: Mark Thomas
Sent: Tuesday, August 24, 2021 11:41 AM
To: users@tomcat.apache.org
Subject: Re: UserDatabaseRealm and DIGEST
On 24/08/2021 17:28, jonmcalexan...@wellsfargo.com.INVALID wrote:
Ok,
Mark,
On 8/23/21 04:05, Mark Thomas wrote:
On 23/08/2021 08:10, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Is there anything, the application can prevent this?
Yes. Call Thread.setContextClassLoader(ClassLoader) before calling the
code that creates those threads, passing the common class
Piyush,
On 8/22/21 03:54, Piyush Sharma wrote:
On Fri, Aug 20, 2021 at 10:40 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Piyush,
On 8/20/21 06:36, Piyush Sharma wrote:
Hello,
I am using Apache Tomcat 9.0.46 version on docker container.
There is a problem, where th
Piyush,
On 8/20/21 06:36, Piyush Sharma wrote:
Hello,
I am using Apache Tomcat 9.0.46 version on docker container.
There is a problem, where the base path was wrongly set by automation
script due to which it starts for few seconds, listen port 8080 and then
stop, due to that container exit
Michael,
On 8/19/21 21:34, Michael Richardson wrote:
Aha. Well, I left it running after the last email and went on to more
important things. Then the window just jumped:
The previous log line:
20-Aug-2021 01:02:42.315 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL
Michael,
On 8/19/21 20:35, Michael Richardson wrote:
try #1. Now rebooting VM.
Christopher Schultz wrote:
> 1. Stop Tomcat, clear all logs, delete your oscar.war file and the
exploded
> directory in CATALINA_BASE/webapps/oscar (or wherever your appBase points
> to).
Michael,
On 8/19/21 21:37, Michael Richardson wrote:
Let's deploy the oscar.war, what's the worst that can happen?
20-Aug-2021 01:36:10.129 WARNING [Catalina-utility-1]
org.apache.catalina.webresources.Cache.getResource Unable to add the resource
at
Mohan,
On 8/8/21 08:45, Mohan T wrote:
There is no specific upgrade to the environment.
Did you see the reply to your message I sent on August 6th?
We are introducing new components and the permission is being set for
them in catalina.policy file.
Are your JAR files signed? The error says
Michael,
On 8/17/21 12:31, Michael Richardson wrote:
Christopher Schultz wrote:
> Not at all. EC2 is entirely reasonable for such purposes. Amazon will
> even grant you a signed BAA if you ask for one.
Canada is not the US, and OHIP has rules differently than others.
Michael,
On 8/16/21 16:14, Michael Richardson wrote:
Christopher Schultz wrote:
> Okay, all that looks fine to me, except the "9.0.16" part. That version
> is *very/8 old. I see you are running Ubuntu: are you running the
> latest release? That 9.0.16 numbe
801 - 900 of 13524 matches
Mail list logo