Re: What sets Java version at installation?

2021-06-11 Thread Mark Thomas
On 11/06/2021 21:53, Joel Griffith wrote: Hi everyone, I have two Ubuntu 20.04 servers, both with Tomcat 9 and Java 8 installed from the standard repositories. On the first, I installed Java 8 before installing Tomcat 9. When I installed Tomcat 9, it evidently found the existing Java 8

Re: Strange connection error

2021-06-11 Thread Mark Thomas
On 11/06/2021 21:01, Mark A. Claassen wrote: RESOLVED. (Sort of, I have questions) I had to add a -TLSv1.3 protocols="all -SSLv3 -TLSv1 -TLSv1.3" https://stackoverflow.com/questions/57601284/java-11-and-12-ssl-sockets-fail-on-a-handshake-failure-error-with-tlsv1-3-enable Why does the

Re: Firefox triggers HTTP2 overhead protection - known issue?

2021-06-11 Thread Mark Thomas
On 06/05/2021 14:36, Mark Thomas wrote: It's probably worth us taking some time to adapt markt's SO answer there into a whole section on "Protocol Abuse and Protection Features" in the HTTP/2 configuration guide. There is an open issue for Chrome: https://bugs.chromium.org/

Re: Strange connection error

2021-06-10 Thread Mark Thomas
On 10/06/2021 18:11, Mark A. Claassen wrote: Thanks for the reply. Is doesn't seem like OpenSSL is rejecting the connection. I would have thought that if OpenSSL would have rejected the connection, it would not hit even hit the access log. Maybe that is not the case. But, to answer your

Re: Need help on ssl handshake logging for audit purpose

2021-06-10 Thread Mark Thomas
On 10/06/2021 12:40, Ragavendhiran Bhiman (rabhiman) wrote: Any help please? Exact JDK name and version? Mark From: Ragavendhiran Bhiman (rabhiman) Date: Wednesday, 9 June 2021 at 7:37 PM To: Tomcat Users List Subject: Re: Need help on ssl handshake logging for audit purpose Hi John I

Re: Heap allocations when switching from Tomcat 7 to Tomcat 8

2021-06-10 Thread Mark Thomas
On 09/06/2021 19:12, James H. H. Lampert wrote: We are beginning to migrate some of our customers from Tomcat 7 to Tomcat 8.5. Some of them have performance issues even with heap allocations of -Xms4096m -Xmx5120m Would it be necessary to go even bigger with Tomcat 8.5? Generally I'd say

[ANN] Apache Tomcat Native 1.2.30 released

2021-06-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.30 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1k - Fix an issue where some Windows systems in some configurations would only listen on IPv6 addresses on dual

Re: Question about encrypting database passwords in the context.xml file - Tomcat 9

2021-06-07 Thread Mark Thomas
ways to move the secrets to a separate, more tightly controlled file. Mark https://docs.oracle.com/middleware/1213/wls/JDBCA/ds_security.htm#JDBCA477 Thanks, Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Monday, 7 de June de 2021 11:42, Mark Thomas wrote

Re: Question about encrypting database passwords in the context.xml file - Tomcat 9

2021-06-07 Thread Mark Thomas
On 07/06/2021 09:56, xcorpius wrote: Hello again! Checking the documentation ... Tomcat can create an encrypted password with the "digest.sh" tool for application passwords. But you cannot create an encrypted password for the DB in the context.xml file. The only solution without adding

Re: Enhancement: Additional user attributes queried by (some) realms

2021-06-01 Thread Mark Thomas
On 01/06/2021 08:39, Carsten Klein wrote: Mark, On 01/06/2021 09:28, Mark Thomas wrote: We have been seeing that a lot lately. As far as I can tell, it is an issue with Travis CI. Can you use the PR anyway? Yes. We don't have a strict CI must pass rule. Whether or not a PR is applied

Re: Enhancement: Additional user attributes queried by (some) realms

2021-06-01 Thread Mark Thomas
On 29/05/2021 13:28, Carsten Klein wrote: Mark, On 27/05/2021 18:56, Carsten Klein wrote: Concerning removal of class UserDatabaseRealm.UserDatabasePrincipal: I will provide a PR and file a corresponding issue in Bugzilla soon. My PR and Bugzilla issue are present. However,  Travis CI

Re: Encoding of LocalStrings_xy.properties files

2021-06-01 Thread Mark Thomas
On 28/05/2021 10:13, Carsten Klein wrote: Mark, On 28/05/2021 10:35, Mark Thomas wrote: No doubt that UTF-8 is the better encoding for messages and language files. And yes, my Eclipse actually does not use the version built by Ant. I use the start-tomcat.launch configuration file

Re: Encoding of LocalStrings_xy.properties files

2021-05-28 Thread Mark Thomas
On 28/05/2021 08:14, Carsten Klein wrote: Hi there, I'm facing character set encoding problems in quite a recent Tomcat 10 setup. I noticed that with the http://localhost:8080/manager/html application in a browser (my browser) set to German language. My Tomcat runs from within Eclipse,

Re: Enhancement: Additional user attributes queried by (some) realms

2021-05-28 Thread Mark Thomas
On 28/05/2021 07:22, Carsten Klein wrote: Chris, Mark, On 27/05/2021 22:11, Christopher Schultz wrote: After re-reading this, you mentioned reflection while asking how much we trust in Collections.unmodifiableMap(). I didn't get that right, my bad. However, I thought of reflection in

Re: Enhancement: Additional user attributes queried by (some) realms

2021-05-27 Thread Mark Thomas
On 27/05/2021 15:04, Christopher Schultz wrote: Mark, On 5/27/21 04:59, Mark Thomas wrote: On 27/05/2021 07:32, Carsten Klein wrote: On 26/05/2021 19:56, Mark Thomas wrote: Given that the attributes may well be security related, you would need to make sure neither the Map nor any

Re: Enhancement: Additional user attributes queried by (some) realms

2021-05-27 Thread Mark Thomas
On 27/05/2021 12:49, Carsten Klein wrote: On 27/05/2021 10:59, Mark Thomas wrote: As far as I can tell, removing UserDatabasePrincipal, relying on GenericPrincipal and User remaining an internal object not exposed via the Servlet API would achieve the same result with less code

Re: Enhancement: Additional user attributes queried by (some) realms

2021-05-27 Thread Mark Thomas
On 27/05/2021 07:32, Carsten Klein wrote: On 26/05/2021 19:56, Mark Thomas wrote: Given that the attributes may well be security related, you would need to make sure neither the Map nor any of the keys/values could be modified. Protecting the Map is easy. Protecting the keys/values

Re: Enhancement: Additional user attributes queried by (some) realms

2021-05-26 Thread Mark Thomas
On 26/05/2021 18:56, Mark Thomas wrote: On 26/05/2021 12:00, Carsten Klein wrote: Why does UserDatabaseRealm pass a userPrincipal of type UserDatabasePrincipal? Can't we just drop that and do it like JNDIRealm or DataSourceRealm? I don't see any obvious reason. I'll do some digging

Re: Enhancement: Additional user attributes queried by (some) realms

2021-05-26 Thread Mark Thomas
On 26/05/2021 12:00, Carsten Klein wrote: 1. How to access the Principal's new attributes Simplest is to provide a getter method, that actually returns the map (optionally with a read-only parameter): Given that the attributes may well be security related, you would need to make sure

Re: Tomcat8.5.53: HTTP requests parsing error

2021-05-26 Thread Mark Thomas
ame checks as Tomcat 8. They were introduced as part of the fix for CVE-2016-6816 in 7.0.73, 8.0.39, 8.5.8 and 9.0.0.M13 with the option to relax the checks introduced in 7.0.87, 8.0.52 and 8.5.31, 9.0.8. Mark -Original Message----- From: Mark Thomas Sent: Wednesday, May 26, 2021 11:10 AM

Re: Tomcat8.5.53: HTTP requests parsing error

2021-05-26 Thread Mark Thomas
On 26/05/2021 09:02, Nada Mahmoud Ahmed Aboueata wrote: Dear all, We are using Tomcat 8.5.53, and I have been noticing the attached below exceptions in my logs. After looking deeply what kind of requests that caused these exception, I noticed that some request include Null http protocol and

Re: POEditor translations currently corrupted

2021-05-25 Thread Mark Thomas
On 25/05/2021 18:16, Mark Thomas wrote: All, The translations we manage via POEditor are currently corrupted. This is entirely my fault. In trying to fix a small bug, I introduced a bigger one. No translations have been lost. Reverting my fix and re-exporting the translations from a clean

POEditor translations currently corrupted

2021-05-25 Thread Mark Thomas
All, The translations we manage via POEditor are currently corrupted. This is entirely my fault. In trying to fix a small bug, I introduced a bigger one. No translations have been lost. Reverting my fix and re-exporting the translations from a clean git checkout will restore everything.

Re: [External] Re: Zip file upload corruption on Linux

2021-05-24 Thread Mark Thomas
On 24/05/2021 14:22, Scott,Tim wrote: Hi Mark, From: Mark Thomas wrote: import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.fileupload.servlet.ServletRequestContext; You are using Commons

Re: [External] Re: Zip file upload corruption on Linux

2021-05-24 Thread Mark Thomas
On 24/05/2021 12:08, Scott,Tim wrote: Hi Mark, Thanks for the prompt response. On 24/05/2021 10:58, Scott,Tim wrote: Hi experts, First time poster, here, so I know I'm risking not providing nearly enough of the right information. Please let me know what I can send to help you help me

Re: Zip file upload corruption on Linux

2021-05-24 Thread Mark Thomas
On 24/05/2021 10:58, Scott,Tim wrote: Hi experts, First time poster, here, so I know I’m risking not providing nearly enough of the right information. Please let me know what I can send to help you help me further through this. How are you reading the uploaded file? Please provide the code

Re: tomcat-embed-el JAR appears to violate EL spec causing ClassNotFoundException's

2021-05-24 Thread Mark Thomas
On 23/05/2021 22:40, Steve Storey wrote: The spec at https://docs.oracle.com/javaee/7/api/javax/el/ExpressionFactory.html#newInstance-- says: Use the Services API (as detailed in the JAR specification). The above is the key part. If a resource with the name of

Re: ISAPI redirector for Microsoft IIS, Jboss EAP 7.2 - sticky session issue

2021-05-21 Thread Mark Thomas
On 21/05/2021 05:51, Mathiazhagan, Saravanakumar TPC wrote: Hi Mark, Thanks for the quick response. I suspect some sort of configuration issue. A guess would be that JBoss EAOP isn't configured to append the jvmRoute (to use the Tomcat configuration setting name) to the session ID. I

Re: Tomcat SSL stops working after an undetermined amount of time

2021-05-20 Thread Mark Thomas
argument? Try: -Djavax.net.debug=handshake Mark I expected the debug to be in the access log. Should I be looking elsewhere? I also checked other logs that had timestamps for after the instance was restarted. -- Ez On Thu, May 20, 2021 at 3:05 AM Mark Thomas wrote: On 19/05/2021 20:42, Ezsra

Re: AW: AW: AW: AW: maxConnections behaving unexpected - no connection gets ever refused

2021-05-20 Thread Mark Thomas
On 20/05/2021 10:58, Mark Thomas wrote: I'll get docs updated. The website will update after the next round of releases (due in the first week or so of June). https://ci.apache.org/projects/tomcat/tomcat10/docs/config/http.html Mark

Re: AW: AW: AW: AW: maxConnections behaving unexpected - no connection gets ever refused

2021-05-20 Thread Mark Thomas
On 20/05/2021 07:24, Paul P Wolf wrote: OK, that looks like clients with a connection timeout of 5s. Correct. I think I forgot to mention, that I set the connection timeout of the curl instances to 5s. I didn't set the max timeout Connection refusal is entirely under the control of the OS

Re: Fwd: [Community] try to add an community growth graph to the website

2021-05-20 Thread Mark Thomas
On 19/05/2021 22:13, Shuyang Wu wrote: # michaelo, 2018-08-21 04:16:42 -0400 EDT woonsan, 2019-01-08 00:01:45 -0500 EST I'm not familiar with svn at all :( so I'm not sure if I did it correctly. Also, I failed to understand how to search with "provided by ()". I'll appreciate it if you could

Re: Tomcat SSL stops working after an undetermined amount of time

2021-05-20 Thread Mark Thomas
On 19/05/2021 20:42, Ezsra McDonald wrote: Environment: OS: CentOS 7 Apache: apache-tomcat-8.5.65 Java: jdk1.8.0_281 Greetings, I recently enabled SSL on my Tomcat server HTTP connectors. Something odd is happening. After some undetermined amount of time the connector stops responding

Re: #tomcat on Freenode?

2021-05-20 Thread Mark Thomas
On 19/05/2021 20:28, Coty Sutherland wrote: Hi all, I was just notified about some mess going on with Freenode which has seemingly resulted in a mass exodus of users from the freenode servers. There are some updates available at https://gist.github.com/joepie91/df80d8d36cd9d1bde46ba018af497409/

Re: JEP 411: Deprecate the Security Manager for Removal

2021-05-19 Thread Mark Thomas
On 19/05/2021 17:37, Robert Hicks wrote: Is that the "same" security manager we flip on for Tomcat or just an unfortunate naming coincidence? It is the same one. If you need the security manager I'd expect, based on typical lifetimes of Tomcat major versions, that you'd have a supported

Re: Reload rewrite rules

2021-05-19 Thread Mark Thomas
On 19/05/2021 15:50, Chris Cheshire wrote: Tomcat 9.0.45 - is there a way to reload the config for the rewrite valve at runtime without reloading the web app entirely? JMX operation perhaps? Nor cleanly, no. You stop and start the Valve via JMX but you might see odd redirects while that is

Re: AW: AW: AW: maxConnections behaving unexpected - no connection gets ever refused

2021-05-19 Thread Mark Thomas
On 19/05/2021 13:32, Paul P Wolf wrote: So we have: maxThreads=4 maxConnections=10 acceptCount=20 The processing time of each request is 10s (thanks to a 10s sleep, which blocks the Thread). So here is what I see instead (note I don't guess the response time, but do actually

Re: AW: AW: maxConnections behaving unexpected - no connection gets ever refused

2021-05-19 Thread Mark Thomas
On 19/05/2021 12:24, Paul P Wolf wrote: Thank you Thomas. I carefully read your explanation. It makes sense to me and is completely different from what I understood up until this point. With this new understanding, the problem still persists. Please let me rephrase my issues in the light of

Re: AW: maxConnections behaving unexpected - no connection gets ever refused

2021-05-19 Thread Mark Thomas
On 19/05/2021 09:28, Paul P Wolf wrote: In regards to point 5 and 6, let me try to point out my issues with the documentation and your explanations: - "Each incoming request requires a thread for the duration of that request. If more simultaneous requests are received than can be handled by

Re: ISAPI redirector for Microsoft IIS, Jboss EAP 7.2 - sticky session issue

2021-05-18 Thread Mark Thomas
On 18/05/2021 19:53, Mathiazhagan, Saravanakumar TPC wrote: Can you please let me know if the above 32-bit isapi_redirect.dll file can be used with Jboss EAP 7.2.7 server? If so, please guide me on what could be causing the sticky session issue. I can't think of any reason why not. I

Re: Regarding : Bug 62273

2021-05-18 Thread Mark Thomas
On 17/05/2021 22:01, Venkata Rajesh Kotha wrote: Tomcat version - 9.0.24 OS - RHEL 8.3 , 64 bit This is regarding Bug 62273 RFC 7230 and RFC 3986 Your suggestion is to add relaxedPathChars and relaxedQueryChars to overcome invalid special characters (i.e, [ , ] , { etc) issue in URL. Do we

Re: Tomcat JSP error message: Syntax error on token ";"

2021-05-17 Thread Mark Thomas
solution is to test eliminate this line > >from my source code. It was for test purposes only anyway. > > >Jim > > >On 5/17/21 12:19 PM, Mark Thomas wrote: >> Bringing this back on-list after it accidentality went off-list. >> >> >> On 17/05/2021 16:

Re: [Community] try to add an community growth graph to the website

2021-05-17 Thread Mark Thomas
On 17/05/2021 03:55, Shuyang Wu wrote: Hi Mark, I've updated the "anonymous" contributors, and currently there are around 20 contributors in early 2012, and 90 for now (compared to 10/~60 separately before). Would those data be more reasonable? I am afraid these figures are still very

Re: Tomcat JSP error message: Syntax error on token ";"

2021-05-17 Thread Mark Thomas
I ran my test cases, the typical time to run each iteration was 4 to 5 minutes, with two exceptions when the test case ran in under 2 seconds, and my guess is that it was under 1 second. The reduction process probably took about 50 test runs, but I did not count. I hope this helps. Jim* * On

Re: [EXT] Re: JSP file not found in parent directory

2021-05-17 Thread Mark Thomas
On 17/05/2021 11:33, Hans Schou wrote: The normalises to: "https://example.org/am_databaseopen.jsp; Yes, and that URL is working (I don't get a 404 page not found) Assuming that "https://example.org/interfaceparts/mainframenotlogged.jsp; is located at

Re: JSP file not found in parent directory

2021-05-17 Thread Mark Thomas
On 17/05/2021 06:24, Hans Schou wrote: Hi I got this error when accessing my site: org.apache.jasper.JasperException: /mainframenotlogged.jsp (line: [1], column: [2]) JSP file [../am_databaseopen.jsp] not found The URL I'm accssing is like

Re: Tomcat JSP error message: Syntax error on token ";"

2021-05-16 Thread Mark Thomas
On 15/05/2021 22:34, Jim Anderson wrote: I'm using Tomcat 8.5.63 and in the last few days I started getting an error message in a few of my JSP files. The error message is: START ERROR Type Exception Report Message Unable to compile class

Re: Tomcat 10 and import org.apache.commons.fileupload.FileItem problem

2021-05-15 Thread Mark Thomas
On 14/05/2021 23:17, Orendt, John wrote: Hi I found sample code for an UploadServlet with these imports import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; This worked

[ANN] Apache Tomcat 8.5.66 available

2021-05-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.66. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.46 available

2021-05-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.46. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.46 is a bugfix and

[ANN] Apache Tomcat 10.0.6 available

2021-05-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.6. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

Re: Managing Tomcat Webapps Traffic Access

2021-05-12 Thread Mark Thomas
for the original deployment when Tomcat starts and for when the WAR is updated? Mark Kind Regards, On Tue, 11 May 2021 at 19:59, Mark Thomas wrote: On 11/05/2021 17:09, Mar Sil wrote: Hi Mark, We replace the war file while tomcat is running. We can't stop tomcat service while we deploy

Re: Managing Tomcat Webapps Traffic Access

2021-05-11 Thread Mark Thomas
the Manager app? And what is the unpackWARs setting for the host? Mark Thanks On Tue, 11 May 2021 at 16:50, Mark Thomas wrote: How do you do the redploy? Do you simply replace the WAR? While Tomcat is running or while it is shutdown? Mark On 11/05/2021 16:40, Mar Sil wrote: Hello Mark, Thanks

Re: Managing Tomcat Webapps Traffic Access

2021-05-11 Thread Mark Thomas
, 10 May 2021 at 18:07, Mark Thomas wrote: On 10/05/2021 17:32, Christopher Schultz wrote: CidinhaDev, On 5/10/21 09:46, Mar Sil wrote: Hello, I am using Apache Tomcat 9.0.45, running on CentOS 7 server. On this server I have a couple of applications (apis mostly) that need to have the access

Re: [Community] try to add an community growth graph to the website

2021-05-10 Thread Mark Thomas
On 10/05/2021 21:47, Christopher Schultz wrote: Shuyang, On 5/10/21 13:21, Shuyang Wu wrote: Thanks for the information! I'll try to see if we could make some improvements on the compatibility with svn I understand you are more focused on commits than anything else, here, but the community

Re: Tomcat 9: Client Certificate verification setting with optional is not working

2021-05-10 Thread Mark Thomas
On 08/05/2021 18:26, Palod, Manish wrote: Hi, We further debugged the issue and narrowed down the issue to dynamic update of Truststore. We add certificate into TrustStore dynamically. We have to restart the server to use the newly added certificate. This was working fine with Tomcat 7. I'm

Re: [Community] try to add an community growth graph to the website

2021-05-10 Thread Mark Thomas
On 09/05/2021 21:35, Shuyang Wu wrote: Don't hesitate to tell us if there is a better place to present this graph other than README, or there are some other worries or other features you would like to have~ I'm all for encouraging community growth but I think this graph gives a rather

Re: Managing Tomcat Webapps Traffic Access

2021-05-10 Thread Mark Thomas
On 10/05/2021 17:32, Christopher Schultz wrote: CidinhaDev, On 5/10/21 09:46, Mar Sil wrote: Hello, I am using Apache Tomcat 9.0.45, running on CentOS 7 server. On this server I have a couple of applications (apis mostly) that need to have the access restricted to 2 specific servers. SERVER A 

Re: temp folder?

2021-05-08 Thread Mark Thomas
On 07/05/2021 21:09, Christopher Schultz wrote: Cris, On 5/7/21 14:29, Berneburg, Cris J. - US wrote: Hi Mark Thanks for getting back with me.  :-) markt> What is the setting for unpackWARs for Host? These are the host settings in server.xml: name="localhost" appBase="webapps"

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.0

2021-05-08 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.0 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE

Re: BUG-64671

2021-05-07 Thread Mark Thomas
On 07/05/2021 11:56, Deepti Sharma S wrote: Hello Team, We would like to know if, https://bz.apache.org/bugzilla/show_bug.cgi?id=64671 this BUG has some workaround instead of upgrading the version of tomcat. Short of disabling HTTP/2, no. Mark

Re: Tomcat (catalina.jar) Security Question

2021-05-06 Thread Mark Thomas
On 06/05/2021 14:09, Robert Hicks wrote: We are getting evaluated and one of the items that I need to do is change the "ServerInfo.properties" in the catalina.jar to set "server.info" and "server.version" to nonsense (really). I have the following Valve setup as well: At what point would the

Re: Firefox triggers HTTP2 overhead protection - known issue?

2021-05-06 Thread Mark Thomas
On 06/05/2021 13:33, Christopher Schultz wrote: Leon, On 5/6/21 06:25, Leon Atherton wrote: We are seeing that Firefox triggers the HTTP2 overhead protection with multipart file uploads. About 1MB is uploaded before overhead protection is triggered. I believe a few weeks ago Chrome was

Re: temp folder?

2021-05-06 Thread Mark Thomas
What is the setting for unpackWARs for Host? Running directly from a WAR (with unpackWARs="false" file will impact performance. It looks as if something is unpacking the WAR to the temp directory. Tomcat does provide the org.apache.catalina.webresources.ExtractingRoot resources

Re: Tomcat 9: Client Certificate verification setting with optional is not working

2021-05-04 Thread Mark Thomas
On 04/05/2021 18:17, Palod, Manish wrote: Hi, We are in process of migrating from Tomcat 7 to Tomcat 9. We use cert-based client authentication in our application, support password-based and cert-based authentication. For this purpose, we are setting certificateVerification="optional"

Re: Troubleshoot with registered libraries after startup

2021-04-27 Thread Mark Thomas
fig files etc are removed from the WAR. Mark > >Robert > >-Ursprüngliche Nachricht- >Von: Mark Thomas >Gesendet: Dienstag, 27. April 2021 10:24 >An: users@tomcat.apache.org >Betreff: Re: Troubleshoot with registered libraries after startup > >Have you converted th

Re: Troubleshoot with registered libraries after startup

2021-04-27 Thread Mark Thomas
Have you converted the WAR file for Jakarta EE? If not, put it in the webapps-javaee directory rather than webapps and Tomcat will convert your WAR file for you. Mark On 27/04/2021 09:12, Glorius, R. (RPD) wrote: Hello, I've got a question for a troubleshoot with my Tomcat (10.0.5): My

Re: JEP 411 Deprecate the Security Manager for removal

2021-04-15 Thread Mark Thomas
On 15/04/2021 21:03, Me Self wrote: Hi All It appears the security manager is going to be removed from a future release of java according to https://openjdk.java.net/jeps/411. That will be quite a chunk of code we could remove / would have to remove from Tomcat. When running Tomcat on

Re: tomcat timeout

2021-04-15 Thread Mark Thomas
On 15/04/2021 19:23, Mohamed Eliyas Abdul Kadar wrote: I am using tomcat 9.0.41. In my web application, when executing a query to fetch data for reporting it is taking time more than 2 minutes. The request is getting time out after 50s. Please let me know how to increase the data base

Re: Defining environment variables for a webapp ?

2021-04-14 Thread Mark Thomas
On 14/04/2021 12:22, Rony G. Flatscher (Apache) wrote: Not finding any pointers, asking here: is it possible to define environment variables for a webapp? If so, how? You can only set them globally, for the Java process - not per web application. CGI creates a new process so can have a

Re: Memory vs. Heap Space

2021-04-13 Thread Mark Thomas
On 13/04/2021 00:11, Jerry Malcolm wrote: I'm getting TC crashes (ver 8.5) with "out of memory" errors. What is the exact error message? There are multiple different problems that all get reported with an OutOfMemoryException and the detail of the exception will tell you (and us) which it

Re: Again with the missing headers

2021-04-12 Thread Mark Thomas
maxHttpHeaderSize only applies to Tomcat reading requests from clients. It has no impact on the headers Tomcat sends to the client. Given that the issue is size dependent and the the header is missing only on the larger responses, I would guess that the Servlet is writing the header after the

Re: Understanding issues with connection refused when redirecting internally

2021-04-12 Thread Mark Thomas
On 11/04/2021 11:03, Peter Chamberlain wrote: I've been investigating this some more, as I'm not convinced nio2 isn't behaving strangely in this case. I think there may of been some sort of reversion as it is much less likely to refuse connections for nio2 in tomcat 9.0.13 when compared to

Re: Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Mark Thomas
On 09/04/2021 11:53, Peter Chamberlain wrote: Hello, I've been trying to understand the behaviour of tomcat when handling internal redirects. I'm testing using tomcat 9.0.38. I'm testing using jdk8 1.8.0_265. My main test cases have been 2 forwards to the same servlet, and then a response. Or 2

[ANN] Apache Tomcat 8.5.65 available

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.65. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.45 available

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.45. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.45 is a bugfix and

[ANN] Apache Tomcat 10.0.5 available

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.5. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat Native 1.2.28 released

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.28 stable. The key features of this release are: - Windows binaries built using 1.1.1k - Correct a regression in the fix for 65181 that prevented an error message from being displayed if an invalid key file

Re: Tomcat seems to accept all characters in a URL

2021-03-23 Thread Mark Thomas
On 23/03/2021 16:09, Boris Petrov wrote: Hi all, I'm trying to figure out why Tomcat 9.0.44 seems to accept this URL: https://some-domain.com/[foo: "bar@asd/qwe%25rty'zzzqqq{rrr|ttt] Even when I haven't specified any "relaxedPathChars" (or when I explicitly set it to an empty string). Note

Re: Realm issue with Tomcat 9

2021-03-23 Thread Mark Thomas
On 23/03/2021 10:05, Ravi Kumar wrote: Hello, I am migrating my application which is using tomcat 7 currently to tomcat 9. As there are a lot of changes in the API, with tomcat 7 we were setting the Realm for this engine by // set the Realm for this engine //tomcatServer.setDefaultRealm(new

Re: AJAX value %27 results in 403 forbidden

2021-03-22 Thread Mark Thomas
On 20/03/2021 15:59, Michael Duffy wrote: I need help from the very capable and experienced IT professionals on this list. Can you help solve this problem: https://stackoverflow.com/questions/66715576/ajax-value-27-results-in-403-forbidden This is nothing to do with Tomcat. Tomcat will

Re: small error in log documentation

2021-03-16 Thread Mark Thomas
On 16/03/2021 02:48, Rob Sargent wrote: Last sentence of Introduction on https://tomcat.apache.org/tomcat-9.0-doc/logging.html    If it used directly or indirectly by your logging library then    elements of it will be shared across web applications because it is    loaded by the system

Re: module muddle

2021-03-16 Thread Mark Thomas
in responding to Mark's questions.  Been on a  short walk-about. On 3/11/21 12:17 PM, Mark Thomas wrote: On 11/03/2021 19:08, Rob Sargent wrote: I've started getting this error, though I've been running fine since days of "localhost" issue help.     class org.apache.tomcat.

Re: Embedded Tomcat 9.0.43 : WINDOW_UPDATE not sent when receiving http2 requests over unknown url

2021-03-15 Thread Mark Thomas
On 11/03/2021 20:01, Doug Whitfield wrote: I am working on a fix which I expect to be in the releases due out in ~1 month's time. Thanks Mark! Is there any chance of a patch being available before then that we might be able to backport locally? It is fixed in 10.0.x, 9.0.x and 8.5.x now.

Re: Does Tomcat JDBC Connection Pool reset autocommit on closed connections?

2021-03-11 Thread Mark Thomas
On 12/03/2021 03:57, My Subs wrote: Hello, I'm using Tomcat 10.0.0. Suppose I call setAutoCommit(false) on a connection obtained from a Tomcat JDBC Connection Pool. Then I do some stuff with the connection, call commit() or rollback() and finally call close() on it without ever calling

Re: Unable to read the orginal url when host header is specified.

2021-03-11 Thread Mark Thomas
On 12/03/2021 01:50, Anurag Sharma wrote: My code is running on local host and i am hitting one of my urls as below curl -k -vv --http1.1 "https://localhost:8443/versa/login; -H 'Host: google.com' Now i m a trying to read the url in my code using following StringBuffer url =

Re: Embedded Tomcat 9.0.43 : WINDOW_UPDATE not sent when receiving http2 requests over unknown url

2021-03-11 Thread Mark Thomas
On 11/03/2021 19:09, Doug Whitfield wrote: Just FYI: I was able to reproduce this issue on 8.5.64 and 9.0.44. I’m going to start doing some testing in earlier versions of 8.5 to see if the issue exist there as well as far as regressions. It exists in all 8.5.x, 9.0.x and 10.0.x versions.

Re: module muddle

2021-03-11 Thread Mark Thomas
On 11/03/2021 19:08, Rob Sargent wrote: I've started getting this error, though I've been running fine since days of "localhost" issue help.    class org.apache.tomcat.dbcp.dbcp2.BasicDataSource cannot be cast to    class org.apache.tomcat.jdbc.pool.DataSource   

[ANN] Apache Tomcat 8.5.64 available

2021-03-11 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.64. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.44 available

2021-03-11 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.44. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.44 is a bugfix and

[ANN] Apache Tomcat 10.0.4 available

2021-03-11 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.4. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

Re: Possible to refer to the contextPath in a Resource database url ?

2021-03-11 Thread Mark Thomas
On 10/03/2021 19:44, Rony G. Flatscher (Apache) wrote: For a little nutshell example I would like to use SQLite as the JDBC driver includes the native code for all the major operating systems already (this way a user does not really need to install SQLite just place its JDBC driver in the lib

Re: Is there a way to know/infer that a JSP got freshly compiled from a taglib library ?

2021-03-11 Thread Mark Thomas
On 10/03/2021 15:14, Rony G. Flatscher (Apache) wrote: Is there a way to know/infer that a JSP got freshly compiled from e.g. a taglib library? For caching purposes it would be necessary to learn whether a JSP got recompiled as the cache should be purged in that case. Is there a way to find

Re: JSP: question: how to make tld-files part of the taglib library like STL is able to do?

2021-03-10 Thread Mark Thomas
On 10/03/2021 13:19, Rony G. Flatscher (Apache) wrote: The STL (standard tag library) jstl-1.2_1.jar is able to have its tags processed without requiring the user to place its tld-files into the webapps WEB-INF directory. Rather jstl-1.2_1.jar stores the tld files in its META-INF directory and

Re: Embedded Tomcat 9.0.43 : WINDOW_UPDATE not sent when receiving http2 requests over unknown url

2021-03-10 Thread Mark Thomas
On 10/03/2021 05:26, Arshiya Shariff wrote: Hi All, We are using embedded tomcat version 9.0.43 in our application to transport http/2 packets between 2 systems (h2c connection). All parameters used are the tomcat defaults. We are facing the below issue : 1. Tomcat is not sending

Re: CloseNowException: This stream is not writable

2021-03-10 Thread Mark Thomas
On 09/03/2021 20:57, DevNull wrote: Apache Tomcat Version 9.0.43 Hello In an application showing hundreds of thumbnail images at the same time, about a hundred thumbnails are loaded but the rest are not. Some posts claim it may be due to the http2 connection closing due to too much

Re: application deploy error

2021-03-07 Thread Mark Thomas
On 07/03/2021 02:30, Rajendra Popuri wrote: The complete error is as follows. No, that is not the complete error message. The stack trace that follows that message, including all the "caused by..." elements, is part of the error message and contains the information required to diagnose the

Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

2021-03-05 Thread Mark Thomas
Regards, Teemu Kursu -Original Message- From: Mark Thomas Sent: maanantai 1. maaliskuuta 2021 13.05 To: Tomcat Users List Cc: annou...@tomcat.apache.org; annou...@apache.org; Tomcat Developers List Subject: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up CVE-2021-25122 h2c

Re: Reg: caching allowed setting in tomcat

2021-03-02 Thread Mark Thomas
share some insight on the OS level caching ? Primarily where would OS be caching it ? I'd expect there to be some form of read cache for disk access. The split between OS and hardware will be system dependent. Mark Regards Jalaj -Original Message- From: Mark Thomas Sent: Tuesday

Re: AWS health check problems

2021-03-01 Thread Mark Thomas
On 01/03/2021 22:35, Jake Orel wrote: Hi All, I'm working on deploying tomcat through aws with the use of an elastic load balancer connected to an auto scaling group. I'm running into an issue where the health checks associated with the target group are being sent to my server via IP address and

  1   2   3   4   5   6   7   8   9   10   >