While testing locally the new 8.5 branch, I did experience some
inconsistency with self-sigend SSL certs. I did manage to resolve them
by installing Tomcat-Native library / APR, but maybe it is still worth
reporting in regard of the different behaviour for the same cert,
between Tomcat
Am 18.07.2016 um 17:14 schrieb Sanka, Ambica:
Steffen,
Is it also possible to test your stuff with jdk1.8.0_51 so that we will know
something must be wrong with security in jdk1.8.0_51?
Appreciate your help
Ambica.
You may want to follow the changes in
Am 08.08.2017 um 14:05 schrieb Christopher Schultz:
> All,
>
> In spite of my (somewhat) recent work on the CredentialHandlers, I
> haven't been using Tomcat's container-provider authentication and
> authorization for over a decade. This is because I need access to the
> user's source IP address
Am 14.09.2017 um 18:38 schrieb Small, Wayne H:
> All,
> A question for the forum: Does TomCat 8.5.13 use Apache Struts or the Rest
> plugin?
>
>
> Wayne Small
> Software Engineer Sr.
> Lockheed Martin
> Clearwater Manufacturing Facility
> 3655 Tampa Road
> Oldsmar, FL. 34677
> 813-854-7305 -
Am 13.10.2017 um 12:48 schrieb Alex O'Ree:
> Well that explains a lot. Similar issue for me. With url encoding, tomcat
> is dropping back slash and the plus symbol.
While I think it is perfectly eligible to strive for a most perfect
alignement with standards and specs, I think Tomcat should
Am 13.10.2017 um 09:01 schrieb Mark Thomas:
> From memory, # isn't one of the allowed exceptions.
>
> The full list of invalid characters in the request line that Tomcat
> started to check for is:
> ' ', '\"', '#', '<', '>', '\\', '^', '`', '{', '|', '}'
>
> The allowed exceptions are (currently)
Am 08.09.2017 um 10:59 schrieb Billy Aung Myint:
> Hi Everyone,
>
> May I know if Tomcat 7.x version is affected by the Apache Struts 2
> vulnerability?
> I mean does Tomcat uses any of the Struts' libraries or such in any part of
> the Tomcat?
>
> Thanks!
>
Tomcat is affected by Tomcat
>
> Yes, it's the SecureRandom initialization that is killing you. Being a
> virtual server, it likely has no direct source of true randomness so
> it needs to pull from whatever the hypervisor is willing to provide.
>
> You'll need to ask your virtualization vendor for how to get access to
>
Thanks for the two new configurable options relaxedPathChars and
relaxedQueryChars.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62273
However, since these two elements will be nested in server.xml, adding
"<>"
will result in an invalid XML and a failing reboot of tomcat.
The instructions
Am 27.10.2017 um 15:29 schrieb André Warnier (tomcat):
> On 27.10.2017 15:05, Don Flinn wrote:
>> Hi Andre,
>>
>> I have looked and it may be my ignorance but I didn't find any that
>> seemed
>> to fit. I'll look more closely at the available letsencrypt clients.
>
> It is certainly more my own
> Hi all,
>
> I have problems to pass (REST-) URLs containing escaped slashes ('%2F') in
> path elements using the Apache httpd and mod_jk to the application server
> (in fact not Tomcat, but Wildfy. But this is of no matter, here).
>
> This kind of URL may be accepted by the httpd using
Am 27.12.18 um 21:34 schrieb Rémy Maucherat:
> On Thu, Dec 27, 2018 at 9:30 PM Mark Thomas wrote:
>
>> On December 26, 2018 9:49:00 PM UTC, "i...@flyingfischer.ch" <
>> i...@flyingfischer.ch> wrote:
>>> Tomcat versions 8.5.37 and 9.0.14 seem
Tomcat versions 8.5.37 and 9.0.14 seem to serve CSS files embedded in a
webapp as
content-type: text/html;charset=UTF-8
instead of
content-type: text/css;charset=UTF-8
This causes the browser (FF) not to interpret the CSS.
I suspect the listed change in changelog of 8.5.36: "The default
Am 11.01.19 um 18:23 schrieb Mark Thomas:
> Found it.
>
> The leak impacted NIO and NIO2 when used with OpenSSL.
>
> The bug is in Tomcat Native. I have a fix that I am currently testing.
> That fix should be in the next Tomcat Native release.
>
> For those interested in the technical details,
Am 09.01.19 um 11:14 schrieb Mark Thomas:
> On 08/01/2019 23:51, Mason Meier wrote:
>> Hello,
>>
>> I'm running Tomcat-8.5 with TLS and I've noticed substantial memory growth
>> with requests over time, to the point that if I run Tomcat in Docker and
>> make constant requests to it, Docker will
Am 18.03.19 um 16:43 schrieb Igor T:
>> Since 9.0.12 and 16 do the same, I wouldn't look at that at all. Something
>> simple like this works in the general case, there must be something
>> specific here. So it's Windows, which some unspecified OpenSSL version.
>>
>> Rémy
> That's not right. After
Try
apt-get install haveged
update-rc.d haveged defaults
This increases the system entropy for random generation and reduces boot
time for Tomcat considerably.
Markus
Am 18.05.19 um 22:18 schrieb Rainer Jung:
> Most likely it hangs waiting for enough entropy for random number
> generator
Sorry, you seem to be lost on a Windows Server...
...haveged won't help you in this situation.
Markus
Am 18.05.19 um 23:39 schrieb i...@flyingfischer.ch:
> Try
>
> apt-get install haveged
> update-rc.d haveged defaults
>
> This increases the system entropy for random gene
Am 19.08.19 um 19:43 schrieb i...@flyingfischer.ch:
> Am 19.08.19 um 10:00 schrieb Mark Thomas:
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 9.0.24.
>>
>> Apache Tomcat 9 is an open source software implementation of the Java
>>
Am 19.08.19 um 10:00 schrieb Mark Thomas:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.24.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and JASPIC
I stumbled over a new problem which very likely appeared after
apache-tomcat-8.5.43 and between apache-tomcat-8.5.46
Using Apache Commons FileUpload gives for some kind of PDF files:
[https-openssl-apr-443-exec-15]
org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest
Failed to
thresholds as well. If you have a reproducible test case,
> enabling debug for http2 in logging.properties should shed some light on
> exactly what is going on.
>
> Mark
>
>
> On 30/09/2019 17:48, i...@flyingfischer.ch wrote:
>> I stumbled over a new problem which very li
In case anybody with advanced Docker skills is interested to help
improve compatibility tests between HttpClient 5.0 and Apache Tomcat:
http://mail-archives.apache.org/mod_mbox/hc-dev/201909.mbox/%3C0d30be42ab3743b48fd73122a4421d11d301761b.camel%40apache.org%3E
Best
Markus
After updating to Tomcat 8.5.49 starting TC on daemon fails with:
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
at java.base/java.lang.String.charAt(String.java:709)
at
r-1-config
--with-java-home=$JAVA_HOME --with-ssl=yes
--prefix=/usr/share/tomcat8/$newVersion)
Markus
Am 23.11.19 um 11:37 schrieb Mark Thomas:
> On 23/11/2019 09:43, i...@flyingfischer.ch wrote:
>> After updating to Tomcat 8.5.49 starting TC on daemon fails with:
>>
>> java.lang.
Am 28.10.19 um 15:39 schrieb Mark Thomas
>> If this is going to be disruptive and we cannot maintain compat, why
>> not
>> go the extra step and explicitly move Tomcat code to
>> org.apache.tomcat.*
>> for Tomcat 10? Git renames will work flawlessly for backports.
> It will break things for
gt; On 23/11/2019 15:38, i...@flyingfischer.ch wrote:
>> openjdk version "13.0.1" 2019-10-15
>> OpenJDK Runtime Environment Zulu13.28+11-CA (build 13.0.1+10-MTS)
>> OpenJDK 64-Bit Server VM Zulu13.28+11-CA (build 13.0.1+10-MTS, mixed
>> mode, sharing)
> And how
rting the addition of " in daemon.sh
> made in this commit:
> https://markmail.org/message/ouaatfznmjbrva23
>
> I'll get this fixed for the next release. The November release was
> fairly late. The December one should (hopefully) be nearer the beginning
> of the mont
Am 05.03.20 um 23:10 schrieb rugman66 .:
> On Thu, Mar 5, 2020 at 10:44 AM i...@flyingfischer.ch
> wrote:
>> Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all
>> +TLSv1.2".
>>
>> Had this issue too. The connector parameter
Am 06.03.20 um 15:41 schrieb Christopher Schultz:
> Markus,
>
> On 3/5/20 13:44, i...@flyingfischer.ch wrote:
> > Try SSLProtocol="TLSv1.2" (mind the case) instead of
> > sslProtocol="-all +TLSv1.2".
>
> This is correct when using either OpenSSL o
apt-get install haveged
update-rc.d haveged defaults
Increases entropy pool and there for reduces start up time for Tomcat.
Markus
Am 30.12.19 um 11:22 schrieb Rainer Jung:
> It depends a bit on the major Java version you are using, but have a
> look at this page:
>
>
Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all
+TLSv1.2".
Had this issue too. The connector parameters for SSL are a huge mess and
have been changed constantly.
Best
Markus
Am 05.03.20 um 19:30 schrieb rugman66 .:
> Hello,
>
>
>
> I have both Apache and Tomcat running on
Am 17.03.22 um 14:15 schrieb Christopher Schultz:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.77.
[...]
Downloads:
http://tomcat.apache.org/download-80.cgi
Migration guides from Apache Tomcat 7.x and 8.0.x:
http://tomcat.apache.org/migration.html
Enjoy!
-
Am 23.02.22 um 09:12 schrieb Claude Brisson:
Hi.
After an upgrade from debian buster to debian bullseye, the APR native
library stopped working:
Did you install libapr1 libapr1-dev libssl-dev before compiling?
Markus
# dpkg -l | ag tomcat
ii libtcnative-1:amd64 1.2.26-1
Am 12.10.23 um 03:01 schrieb Paul Zepernick:
Thank you Chuck
Paul
From: Chuck Caldarale
Sent: Wednesday, October 11, 2023 8:54:59 PM
To: Tomcat Users List
Subject: Re: Tomcat 9.0.81 Degraded ssl performance
NOTICE: This email originated from outside of the
Strange change in behavior, when updating to the latest Tomcat 9.0.81
version:
Calling static files (.js / .css) from a server running Tomcat 9.0.81
over httpclient now results in
org.apache.http.ConnectionClosedException: Premature end of
Content-Length delimited message body (expected:
Am 11.10.23 um 14:02 schrieb Alexander Veit:
Caused by: org.apache.http.ConnectionClosedException: Premature end of
Content-Length delimited message body (expected: 4,999; received: 3,040)
at
org.apache.http.impl.io.ContentLengthInputStream.read(ContentLengthInputStream.java:178)
https://endoflife.date/tomcat
Am 08.01.24 um 07:39 schrieb Deshmukh, Kedar:
Hello,
Could you please throw some light on Tomcat versions and its EOL plan?
1. 8.5.X
2. 9.0.X
3. 10.0.X
4. 10.1.X
This information would be very critical for us to move forward.
Thanks,
Kedar
38 matches
Mail list logo
