[ANN] Apache Tomcat 7.0.109 released

2021-04-27 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.109.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.108.


*** IMPORTANT ***

Tomcat 7.0.x has reached the end of life. It is extremely unlikely that
there
will be any further releases of the 7.0.x series.

All users of Tomcat 7.0.x should upgrade to a supported version.

 *** IMPORTANT ***


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.108 released

2021-02-08 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.108.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.107. The notable changes since 7.0.107 include:


- Fix a potential file descriptor leak when WebSocket connections are
  attempted and fail. Patch provided by Maurizio Adami.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.107 released

2020-11-24 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.107.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.106. The notable changes since 7.0.106 include:


- Ensure that none of the methods on a ServletContext instance always
  fail when running under a SecurityManager. Pull request provided by
  Kyle Stiemann.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.106 released

2020-09-22 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.106.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.105. The notable changes since 7.0.105 include:


- Add support for a read idle timeout and a write idle timeout to the
  WebSocket session via custom properties in the user properties
  instance associated with the session. Based on a pull request by
  sakshamverma.

- Update the packaged version of the Tomcat Native Library to 1.2.25


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.105 released

2020-07-09 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.105.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.104. The notable changes since 7.0.104 include:


- Add support for the CATALINA_OUT_CMD environment variable that defines
  a command to which captured stdout and stderr will be redirected. For
  use with, for example, rotatelogs. Patch provided by Harald Dunkel.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Apache Tomcat 7.0.104 released

2020-05-18 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.104.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.103. The notable changes since 7.0.103 include:


- Add support for default values when using ${...} property replacement
  in configuration files. Based on a pull request provided by Bernd
  Bohmann.

- When configuring an HTTP Connector, warn if the encoding specified for
  URIEncoding is not a superset of US-ASCII as required by RFC7230.

- Replace the system property
  org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
  Connector attribute encodedSolidusHandling that adds an additional
  option to pass the %2f sequence through to the application without
  decoding it in addition to rejecting such sequences and decoding such
  sequences.

- Change default value separator for property replacement to ":-"
  due to possible conflicts. The syntax is now "${name:-default}".

- Update the packaged version of the Tomcat Native Library to 1.2.24


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.103 released

2020-03-20 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.103.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.100. The notable changes since 7.0.100 include:


- Add new attribute persistAuthentication to both StandardManager and
  PersistentManager to support authentication persistence.
  Patch provided by Carsten Klein

- A zero length AJP secret will now behave as if it has not been
  specified.

- Add the TLS request attributes used by IIS to the attributes that
  an AJP Connector will always accept.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.100 released

2020-02-14 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.100.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.99. The notable changes since 7.0.99 include:


- AJP defaults changed to listen the loopback address, require a secret
  and to be disabled in the sample server.xml

- The JmxRemoteLifecycleListener is now deprecated

- The HTTP Connector attribute rejectIllegalHeaderName is renamed to
  rejectIllegalHeader and expanded to include header values as well as
  names


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.99 released

2019-12-18 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.99.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.96.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.96 released

2019-08-01 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.96.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.94.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.93 released

2019-02-22 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.93.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.92. The notable changes since 7.0.92 include:


- Update the packaged version of the Tomcat Native Library to 1.2.21 to pick
  up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a.
  and to pick up the memory leak fixes when using NIO/NIO2 with OpenSSL.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.92 released

2018-11-18 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.92.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.91. The notable changes since 7.0.91 include:


- Support for TLSv1.3 when used with a JRE or OpenSSL version that
  supports it


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.91 released

2018-09-20 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.91.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.90.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.90 released

2018-07-07 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.90.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.88. The notable changes since 7.0.88 include:


- Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to
  allow/deny requests based on IPv4 and/or IPv6 client address where the
  IP ranges are defined using CIDR notation.
  Based on a patch by Francis Galiegue.

- Update the packaged version of the Tomcat Native Library to 1.2.17 to
  pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL
  1.0.2o.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 8.0.53 released

2018-07-06 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.53.


Please note that Apache Tomcat 8.0.x has reached end of life!


Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.53 includes fixes for issues identified in 8.0.52 as
well as other enhancements and changes. The notable changes since
8.0.52 include:


- Update the packaged version of the Tomcat Native Library to 1.2.17 to
  pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL
  1.0.2o.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.88 released

2018-05-12 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.88.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.86. The notable changes since 7.0.86 include:


- Correct a regression in handling of DataSource resources that do not
  specify a factory.

- Implement configuration options to work-around specification
  non-compliant user agents (including all the major browsers) that do
  not correctly %nn encode URI paths and query strings as required by
  RFC 7230 and RFC 3986

- Enable the CrawlerSessionManagerValve to correctly handle bots that
  crawl multiple hosts and/or web applications when the Valve is
  configured on a Host or an Engine.

- Add support for annotation scanning of classes built with Java 11 EA


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: ErrorReportValve styling (CSS) not included when both showReport and showServerInfo set to false

2018-05-10 Thread Violeta Georgieva
2018-05-10 19:04 GMT+03:00 Violeta Georgieva <violet...@apache.org>:
>
> Hi,
>
> 2018-05-10 19:00 GMT+03:00 Mark Thomas <ma...@apache.org>:
> >
> > On 10/05/18 16:27, John Palmer wrote:
> >
> > 
> >
> > > or am I missing (or just ignorant of ) something?
> >
> > Seems reasonable to me looking at the code. Give me a few minutes to
> > test it and - assuming all is well - I'll make the change.
>
> Isn't it intentional to not have a css?
> We do not want to expose the Tomcat version, right?

https://bz.apache.org/bugzilla/show_bug.cgi?id=56383

> Regards,
> Violeta
>
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>


Re: ErrorReportValve styling (CSS) not included when both showReport and showServerInfo set to false

2018-05-10 Thread Violeta Georgieva
Hi,

2018-05-10 19:00 GMT+03:00 Mark Thomas :
>
> On 10/05/18 16:27, John Palmer wrote:
>
> 
>
> > or am I missing (or just ignorant of ) something?
>
> Seems reasonable to me looking at the code. Give me a few minutes to
> test it and - assuming all is well - I'll make the change.

Isn't it intentional to not have a css?
We do not want to expose the Tomcat version, right?

Regards,
Violeta

> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


[ANN] Apache Tomcat 8.0.52 released

2018-05-09 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.52.

Please note that Apache Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.52 includes fixes for issues identified in 8.0.51 as
well as other enhancements and changes. The notable changes since
8.0.51 include:


- Implement configuration options to work-around specification
  non-compliant user agents (including all the major browsers) that do
  not correctly %nn encode URI paths and query strings as required by
  RFC 7230 and RFC 3986

- Enable the CrawlerSessionManagerValve to correctly handle bots that
  crawl multiple hosts and/or web applications when the Valve is
  configured on a Host or an Engine.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.86 released

2018-04-16 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.86.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.85. The notable changes since 7.0.85 include:

- Add support for the maxDays attribute to the AccessLogValve and
  ExtendedAccessLogValve. This allows the maximum number of days for
  which rotated access logs should be retained before deletion to be
  defined.

- Avoid infinite recursion, when trying to validate a session while
  loading it with PersistentManager.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 8.0.51 released

2018-04-16 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.51.

Please note that Apache Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.51 includes fixes for issues identified in 8.0.50 as
well as other enhancements and changes. The notable changes since
8.0.50 include:

- Avoid infinite recursion, when trying to validate a session while
  loading it with PersistentManager.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.85 released

2018-02-14 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.85.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.84.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 8.0.50 released

2018-02-14 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.50.

Please note that Apache Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.50 includes fixes for issues identified in 8.0.49 as
well as other enhancements and changes.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Apache Tomcat website:
http://tomcat.apache.org

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.84 released

2018-01-25 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.84.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.82. The notable changes since 7.0.82 include:


- Java 9 is fully supported

- Update the packaged version of the Tomcat Native Library to
  1.2.16 to pick up the latest Windows binaries built with
  APR 1.6.3 and OpenSSL 1.0.2m

- Add a new system property
  (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the
  size of the buffer used by Jasper when buffering tag bodies.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 8.0.49 released

2018-01-25 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.49.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.49 includes fixes for issues identified in 8.0.48 as
well as other enhancements and changes. The notable changes since
8.0.48 include:


- Add a new system property
  (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the
  size of the buffer used by Jasper when buffering tag bodies.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: release plan for tomcat 7.x for java9

2018-01-19 Thread Violeta Georgieva
Hi,

2018-01-19 14:18 GMT+02:00 Mukarram Baig :
>
> Thanks for the update, Mark.
>
> On 19/01/18 00:06, Mukarram Baig wrote:
> > Hey Mark
> >
> > Just wanted to see if there was an update to getting a new release.
>
> 9.0.x and 8.5.x are happening now. Best guess is 8.0.x and 7.0.x will
> follow.

We are currently voting Tomcat 7.0.84.
You may take a look at the proposed release, test it and provide feedback.

Here is a link to the voting
https://marc.info/?l=tomcat-dev=151637649125895=2

Regards,
Violeta

> Mark


Re: Tomcat release for java9

2018-01-19 Thread Violeta Georgieva
2018-01-19 18:45 GMT+02:00 Violeta Georgieva <violet...@apache.org>:
>
> Hi,
>
> 2018-01-19 15:17 GMT+02:00 Gupta, Shaina <shaina.gu...@arcesium.com>:
> >
> > Hello,
> >
> > Could you please let me know when can we expect a new release for
tomcat which would support java9.
> >
> > I can see that the endorsed directory related issue in tomcat 7.x for
running in java9 has been fixed in
https://github.com/apache/tomcat70/commit/e7ae8664922cd54fabe847527bad614bcd5ce301#diff-da184cf589a25174c11dc3f4dbaeb0b4
> >
>
> We are currently voting Tomcat 7.0.84.
> You may take a look at the proposed release, test it and provide feedback.
>

Here is a link to the voting
https://marc.info/?l=tomcat-dev=151637649125895=2

> Thanks,
> Violeta
>
> > Thanks,
> > Shaina
> >
> >
> >
> >   
> >
> > This message may contain confidential information protected by law. The
contents of this email are to be viewed only by the intended recipient. If
you received this message in error, notify the sender immediately and
delete the original message without printing. Product descriptions, pricing
and similar content is for information only and does not constitute an
offer, warranty or guarantee. Contracts with Arcesium are formed only by
written documents bearing the signature of its authorized representative.


Re: Tomcat release for java9

2018-01-19 Thread Violeta Georgieva
Hi,

2018-01-19 15:17 GMT+02:00 Gupta, Shaina :
>
> Hello,
>
> Could you please let me know when can we expect a new release for tomcat
which would support java9.
>
> I can see that the endorsed directory related issue in tomcat 7.x for
running in java9 has been fixed in
https://github.com/apache/tomcat70/commit/e7ae8664922cd54fabe847527bad614bcd5ce301#diff-da184cf589a25174c11dc3f4dbaeb0b4
>

We are currently voting Tomcat 7.0.84.
You may take a look at the proposed release, test it and provide feedback.

Thanks,
Violeta

> Thanks,
> Shaina
>
>
>
>   
>
> This message may contain confidential information protected by law. The
contents of this email are to be viewed only by the intended recipient. If
you received this message in error, notify the sender immediately and
delete the original message without printing. Product descriptions, pricing
and similar content is for information only and does not constitute an
offer, warranty or guarantee. Contracts with Arcesium are formed only by
written documents bearing the signature of its authorized representative.


[ANN] Apache Tomcat 8.0.48 released

2017-12-15 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.48.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.48 includes fixes for issues identified in 8.0.47 as
well as other enhancements and changes. The notable changes since
8.0.47 include:


- Java 9 is fully supported

- Update the packaged version of the Tomcat Native Library to
  1.2.16 to pick up the latest Windows binaries built with
  APR 1.6.3 and OpenSSL 1.0.2m


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload

2017-10-04 Thread Violeta Georgieva
Hello,

2017-10-04 4:52 GMT+03:00 Caldarale, Charles R :
>
> > From: Baron Fujimoto [mailto:ba...@hawaii.edu]
> > Subject: Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code
Execution
> via JSP upload
>
> > I haven't seen an announcement for 8.0.47, nor does the Apache Tomcat
> > website seem to reference it yet, but it appears to be available in the
> > distribution archive(s). E.g.:
>
> > 
>
> > Is this 8.0.47 blessed for use?
>
> Pretty much - the voting process completed over the weekend (it passed),
but
> the announcement isn't made until the mirrors all catch up.  Should be
fine
> to use from the archive.

The Tomcat site was updated with information about version 8.0.47.
Announcement also was sent.

Regards,
Violeta


[ANN] Apache Tomcat 7.0.82 released

2017-10-04 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.82.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.81. The notable changes since 7.0.81 include:


- A fix for CVE-2017-12617.

- Update the packaged version of the Tomcat Native Library to 1.2.14 to pick
  up the latest Windows binaries built with APR 1.6.2 and OpenSSL 1.0.2l.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 8.0.47 released

2017-10-04 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.47.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.47 includes fixes for issues identified in 8.0.46 as
well as other enhancements and changes. The notable changes since
8.0.46 include:


- Fix CVE-2017-12617

- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
  JARs to the work directory for improved performance when deploying
  packed WAR files.

- Update the packaged version of the Tomcat Native Library to 1.2.14 to pick
  up the latest Windows binaries built with APR 1.6.2 and OpenSSL 1.0.2l.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: Need help on Tomcat 9.0.x release

2017-09-21 Thread Violeta Georgieva
2017-09-21 16:17 GMT+03:00 Rémy Maucherat :
>
> On Thu, Sep 21, 2017 at 3:12 PM, Mark Thomas  wrote:
>
> > On 21/09/17 10:35, Inderjeet Banwait wrote:
> > > Hi Mark,
> > >
> > > Java EE 8 is already released .Can we expect a stable release by the
end
> > of September 2017?
> >
> > Servlet 4.0 was released on 5 September 2017.
> > Java EE 8 platform was released on 18 September 2017.
> >
> > It would have been helpful if Oracle had mentioned either of those
> > releases to the Servlet EG members.
> >
> > I've taken a very quick look and the relevant specifications for Tomcat
> > are:
> > - Java 8(complete)
> > - Servlet 4.0   (should be complete but need to check for last minute
> >  changes)
> > - JSP 2.3   (no change from Java EE 7 / Tomcat 8.x)
> > - EL 3.0(no change from Java EE 7 / Tomcat 8.x)
> > - WebSocket 1.1 (no change from Tomcat 8.x)
> > - JASPIC 1.1(no change from Java EE 7 / Tomcat 8.x)
> >
> >
> > The Tomcat team is a little busy elsewhere at the moment. A stable
> > Tomcat 9 release in September is highly unlikely.
> >
> > Releases are typically on a monthly basis with the process starting at
> > the beginning of the month. The September releases are complete for
> > 9.0.x and 8.5.x and would have been announced if it wasn't for
> > CVE-2017-12617.
> >
>
> Since we'll revote, we could include the option to vote the new 9.0 build
> as beta. Since it's very close to 8.5, I don't see any problem with that.


+1

Regards, Violeta


[ANN] Apache Tomcat 8.0.46 released

2017-08-20 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.46.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.46 includes fixes for issues identified in 8.0.45 as
well as other enhancements and changes. The notable changes since
8.0.45 include:


- Add the ability to set the defaults used by the Windows installer from
  a configuration file. Patch provided by Sandra Madden.

- Add support to the WebSocket client for following redirects when
  attempting to establish a WebSocket connection. Patch provided by J
  Fernandez.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.81 released

2017-08-17 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.81.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.79. The notable changes since 7.0.79 include:


- Add the ability to set the defaults used by the Windows installer from
  a configuration file. Patch provided by Sandra Madden.

- Add support to the WebSocket client for following redirects when
  attempting to establish a WebSocket connection. Patch provided by J
  Fernandez.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: "End of life for Apache Tomcat 8.0.x" page title

2017-07-05 Thread Violeta Georgieva
Hi,

2017-07-05 1:30 GMT+03:00 Adam Rauch :
>
> I noticed that the current  element for the new EOL page is:
"Apache Tomcat® - End of life for Apache Tomcat 6.0.x". You may want to
adjust the version to "8.0.x."

Thanks for spotting this.
It should be Ok now.

Regards,
Violeta

> Thanks,
> Adam
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


[ANN] Apache Tomcat 8.0.45 released

2017-07-03 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.45.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases. The Apache Tomcat team
announced that support for Apache Tomcat 8.0.x will end on
30 June 2018.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.45 includes fixes for issues identified in 8.0.44 as
well as other enhancements and changes. The notable changes since
8.0.44 include:


- Add a new JULI FileHandler configuration for specifying the maximum
  number of days to keep the log files. By default the log files will be
  kept indefinitely.

- Improvements to enable the Manager and HostManager to work in the
  default configuration when working under a security manager


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.79 released

2017-07-03 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.79.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.78. The notable changes since 7.0.78 include:


- Add a new JULI FileHandler configuration for specifying the maximum
  number of days to keep the log files. By default the log files will be
  kept indefinitely.

- Improvements to enable the Manager and HostManager to work in the
  default configuration when working under a security manager


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: Extra logging by unknown source logger

2017-06-11 Thread Violeta Georgieva
Hi,

2017-06-11 18:07 GMT+03:00 Hoa Phan :
>
> Hi I noticed when I set:
>
> org.apache.tomcat.util.scan.StandardJarScanner = SEVERE

it should be org.apache.tomcat.util.scan.StandardJarScanner.level = SEVERE
Note the '.level' at the end of the fully qualified class name

Regards,
Violeta

>
> I still get similar msg from a strange logger(no "org.apache" in the
logger
> name):
>
> build 11-Jun-2017 13:37:24 localhost-startStop-1 WARN
>  [tomcat.util.scan.StandardJarScanner] Failed to scan
> [file:/.../common/lib/p6psy.jar (No such file or directory)
>
> Anyone know where this comes from? How can I configure it?
>
> Thanks.
>
> Hoa Phan.


Re: Tomcat 8/NIO performance discrepancies

2017-06-06 Thread Violeta Georgieva
Hi,

2017-06-06 11:10 GMT+03:00 Piyush Kumar Nayak :
>
> Thanks, Mark.
>
> Here are some additional details.
>
> I am using Apache JMeter to inject load. I am using a simple hello-world
JSP.
>
> The test JMX simulates 100 concurrent user threads with a ramp-up of 5
secs and uses an HTTP Cookie Manager, that reuses cookies for each user
thread.

Do you specify "Loop Count" for the number of iterations or you specify
time duration?

Thanks,
Violeta

>
> I have disabled access log in tomcat. All the other server.xml settings
are the default.
>
>
> The BIO with Executor configuration we are using is:
>  maxThreads="150" minSpareThreads="4"/>
>
> connectionTimeout="2"
>redirectPort="8443" />
>
>
>
> It's the same for NIO. Just the protocol changes.
>
>
>
> The client(jMeter) and server (Tomcat) are on 2 separate physical
machines with the same configuration:
>
> RHEL 7.1 x64
>
> 16 core CPU;
>
> 32 GB RAM;
>
> 1Gbps NIC
>
>
>
> - JSP test
page 
>
> <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
>
> pageEncoding="ISO-8859-1"%>
>
> http://www.w3.org/TR/html4/loose.dtd;>
>
> 
>
> 
>
> 
>
> Hello World - JSP tomcat test
>
> 
>
> 
>
> <%= "Hello World! - JSP on Tomcat 8.15" %>
>
> 
>
> 
>
> -  JSP test
page -
>
>
>
> Test result:
> helloWorld.JSP
>
>
>
> BIO
>
> NIO
>
> BIO w/ Exec
>
> NIO w/ Exec
>
> Throughput
>
> ART
>
> Throughput
>
> ART
>
> Throughput
>
> ART
>
> Throughput
>
> ART
>
> Tomcat 7.077
>
> 38600
>
> 2
>
> 42664
>
> 2
>
> 57104
>
> 1
>
> 43660
>
> 2
>
> Tomcat 8.0.44
>
> 38585
>
> 2
>
> 44752
>
> 2
>
> 63000
>
> 1
>
> 44341
>
> 2
>
> Tomcat 8.0.32
>
>
>
>
>
>
>
>
>
> 41211
>
>
>
>
>
>
>
> Tomcat 8.5.14
>
> N/A
>
> 45600
>
> 1.67
>
> N/A
>
> 46000
>
> 1.67
>
>
>
>
>
>
> Regards,
>
> Piyush.
>
>
>
> -Original Message-
>
> From: Mark Thomas [mailto:ma...@apache.org]
>
> Sent: Tuesday, June 06, 2017 12:50 PM
>
> To: Tomcat Users List 
>
> Subject: Re: Tomcat 8/NIO performance discrepancies
>
>
>
> On 06/06/17 07:30, Piyush Kumar Nayak wrote:
>
> > We have been testing different connectors of tomcat for performance.
>
> > We have tested the following server versions:
>
> >
>
> > -  Tomcat 7.077
>
> >
>
> > -  Tomcat 8.0.44
>
> >
>
> > -  Tomcat 8.0.32
>
> >
>
> > -  Tomcat 8.5.14
>
> >
>
> > with the following HTTP connectors:
>
> >
>
> > -  BIO
>
> >
>
> > -  BIO with Executor
>
> >
>
> > -  NIO
>
> >
>
> > -  NIO with Executor
>
> >
>
> > Our observation is that NIO is up to 15% faster than BIO. But BIO with
Executor is up to 65% faster than BIO. Using a shared executor thread pool
with NIO does not improve the performance. We have tried some variations of
connector attribute with Tomcat 8 (maxThreads, acceptorThreadCount), but
nothing brings us close to the performance that we can get with BIO with
Executor.
>
> >
>
> > We have upgraded to Tomcat 8.5, and can't seem to get it to perform as
well as Tomcat 7 using BIO with Executor, which is what we were using
earlier.
>
> >
>
> > I would appreciate any help with the following:
>
> >
>
> > -  Why is the executor not boosting the performance for NIO, as
it is for BIO?
>
>
>
> Without knowing the details of your tests - no idea. The numbers are a
long way from what I'd expect.
>
>
>
> >
>
> > -  BIO is not available as an option with Tomcat 8.5. Why has
it been removed? Is there any way to get it back ?
>
>
>
> Because it can't support the non-blocking requirements of the WebSocket
API or the Servlet API and while you can fake non-blocking support, the
result is liable to enter a deadlock.
>
>
>
> > I'd be happy to share any other details from my testing for any
clarification.
>
>
>
> You'll need to explain your testing methodology - in detail - before
anyone can provide any useful input.
>
>
>
> Mark
>
>
>
> -
>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: Custom Webapp loading..

2017-06-02 Thread Violeta Georgieva
Hi,

2017-06-01 18:26 GMT+03:00 Hassan Khan :
>
> Any pointers to the problem .. pls... Have extended webapploader and use

Instead of extending the class loader you might consider the new Web
Application Resources feature:
http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html

Regards,
Violeta

> the below function for adding jar in tomcat 6... for tomcat 8.5 the jar
are
> loading but not getting included in the classpath somehow...
> /**
>  * reflectively add a jar to the classloader. This only works when
> called after super.start() has completed.
>  */
> private void addJar(final File jarRealFile) {
> try {
> final String jarPath = getFilePathRelativeToBase(jarRealFile);
> final JarFile jarFile = new JarFile(jarRealFile);
> final ClassLoader cl = getClassLoader();
> if (cl instanceof WebappClassLoader) {
> final WebappClassLoader wcl = (WebappClassLoader) cl;
> final Class clazz = WebappClassLoader.class;
> final Method addJar = clazz.getDeclaredMethod("addJar",
new
> Class[]{String.class, JarFile.class, File.class});
> addJar.setAccessible(true);
> addJar.invoke(wcl, jarPath, jarFile, jarRealFile);
> }
> log("added jar " + jarRealFile.getCanonicalPath());
> }
> catch (IOException e) {
> log("Exception accessing jar file: " + jarRealFile + ": " +
> e.getMessage());
> }
> catch (SecurityException e) {
> log("Exception finding method in WebappClassLoader to add jar
> file: " + jarRealFile + ": " + e.getMessage());
> }
> catch (NoSuchMethodException e) {
> log("Exception finding method in WebappClassLoader to add jar
> file: " + jarRealFile + ": " + e.getMessage());
> }
> catch (IllegalArgumentException e) {
> log("Exception calling method in WebappClassLoader to add jar
> file: " + jarRealFile + ": " + e.getMessage());
> }
> catch (IllegalAccessException e) {
> log("Exception calling method in WebappClassLoader to add jar
> file: " + jarRealFile + ": " + e.getMessage());
> }
> catch (InvocationTargetException e) {
> log("Exception calling method in WebappClassLoader to add jar
> file: " + jarRealFile + ": " + e.getMessage());
> }
> }
>
> Thanks
>
>
>
>
> On Wed, May 31, 2017 at 5:13 PM, Hassan Khan 
> wrote:
>
> > So the precise exception is Only a type can be imported. ABC resolves
to a
> > package..
> >
> > Stacktrace is :
> > at org.apache.jasper.compiler.DefaultErrorHandler.javacError(
> > DefaultErrorHandler.java:102)
> > at org.apache.jasper.compiler.ErrorDispatcher.javacError(
> > ErrorDispatcher.java:212)
> > at org.apache.jasper.compiler.JDTCompiler.generateClass(
> > JDTCompiler.java:457)
> > at org.apache.jasper.compiler.Compiler.compile(Compiler.java:377)
> > at org.apache.jasper.compiler.Compiler.compile(Compiler.java:349)
> > at org.apache.jasper.compiler.Compiler.compile(Compiler.java:333)
> > at org.apache.jasper.JspCompilationContext.compile(
> > JspCompilationContext.java:600)
> > at org.apache.jasper.servlet.JspServletWrapper.service(
> > JspServletWrapper.java:368)
> > at org.apache.jasper.servlet.JspServlet.serviceJspFile(
> > JspServlet.java:385)
> > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> > ApplicationFilterChain.java:231)
> > at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> > ApplicationFilterChain.java:166)
> > at org.apache.catalina.core.ApplicationDispatcher.invoke(
> > ApplicationDispatcher.java:728)
> > at org.apache.catalina.core.ApplicationDispatcher.doInclude(
> > ApplicationDispatcher.java:590)
> > at org.apache.catalina.core.ApplicationDispatcher.include(
> > ApplicationDispatcher.java:524)
> > at org.apache.jasper.runtime.JspRuntimeLibrary.include(
> > JspRuntimeLibrary.java:895)
> > at org.apache.jsp.iNexx.common._005fshinglesTop_jsp._
> > jspService(_005fshinglesTop_jsp.java:385) ==> JSP page called from the
> > main webapp referencing the modular apps
> >
> >
> >
> > On Wed, May 31, 2017 at 5:05 PM, Hassan Khan 
> > wrote:
> >
> >> Hi,
> >>
> >> We have a main webapp (Tomcat\Webapp) that has many modular webapps (
> >> (Tomcat\Webapp\app\) under it that can be removed and added by the
user.
> >> The main webapp has the service and connectors , but the modular
webapps
> >> do not need it.
> >>
> >> The problem is currently when the main webapp tries to access a jar in
> >> the modular webapps lib dir... we have a class not found exception..
that
> >> is why we need to load the jars from 

Re: Security Headers Implementation in Tomcat 6.x version

2017-05-31 Thread Violeta Georgieva
Hi,

2017-05-31 13:37 GMT+03:00 Shaik, Mohammad N. <
mohammad.n.sh...@accenture.com>:
>
> Hi Chris,
>
> Can I simply use the JAR files from Tomcat 7 that contains executable
code of filter classes (security headers), and put them into corresponding
location in Tomcat 6?

I would not recommend that. You might easily hit variety of class loading
problems.
Just grab the java files and compile them against Tomcat/lib.

Regards,
Violeta

>
> Regards,
> Mohammad
>
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: 30 May 2017 21:06
> To: users@tomcat.apache.org
> Subject: Re: Security Headers Implementation in Tomcat 6.x version
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mohammad,
>
> On 5/30/17 2:13 AM, Shaik, Mohammad N. wrote:
> > Thanks for the valuable input, that helps!! We shall go with getting
> > the source package of Tomcat 7, put them in Tomcat 6 and use the
> > filters of Tomcat 7 in Tomcat 6.
> >
> > Can you please let me know from where I can get/download the source
> > package of Tomcat 7? Also can you please share the location of the
> > source package in Tomcat 6 so that we can replace it with the one from
> > Tomcat 7?
>
> The source download for Tomcat 7 is in the same place all the other
downloads are.
>
> You will not need the source for Tomcat 6, nor will you need to build the
complete source-to-binary for Tomcat 7. Just grab the source, take the
classes you need, and compile them against the servlet JAR you already have
for Tomcat 6. Feel free to re-name the packages if they are awkward for you
to compile/install and then just reference the new class names in your
application/server.
>
> Remember to watch for patches to those source files in Tomcat 7 in case
they include e.g. security updates -- you'll want to apply those same
updates to the code you have taken from Tomcat 7.
>
> A longer-term goal should be to upgrade to Tomcat 8 or 8.5. Tomcat is
backward-compatible with all spec-compliant applications, though it does
behave differently sometimes as the Servlet Experts Group has clarified
certain questions or added new capabilities (like annotation-processing). I
recommend a long period of testing with a new version of Tomcat, but I also
recommend that you begin that testing as soon as possible. Tomcat 6 will
probably receive *no further updates, security or otherwise*, even if a
vulnerability is foun d.
>
> - -chris
>
> > -Original Message- From: Christopher Schultz
> > [mailto:ch...@christopherschultz.net] Sent: 29 May 2017 20:57 To:
> > users@tomcat.apache.org Subject: Re: Security Headers Implementation
> > in Tomcat 6.x version
> >
> > Mohammad,
> >
> > On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote:
> >> Based on your inputs, we are thinking to put Apache httpd in front of
> >> Tomcat 6 server, since our header configuration is going to be
> >> static.
> >
> > This might not be a bad idea for a number of reasons, but it is by no
> > means required.
> >
> > You can download the Tomcat 7 source package and use the security
> > filters from Tomcat 7[1] in Tomcat 6: there is nothing in there that
> > actually requires Tomcat 7 to run.
> >
> >> Can you please help us in identifying which version of Apache HTTP
> >> Server we can use for Tomcat 6 version? Also, it will be great if you
> >> can share some guidelines on how to implement Apache in front of
> >> Tomcat.
> > All supported versions of Apache web server work with app supported
> > versions of Tomcat (as well as Tomcat 6). You have several choices for
> > how to connect them together, but the most straightforward is to use
> > mod_proxy_http from httpd to Tomcat.
> > Tomcat behaves exactly as it did before and requires no additional
> > configuration unless you are moving TLS termination from Tomcat to
> > httpd. If that's the case, there are many guides on the web as well as
> > on Tomcat's Presentations Page[2] that document how to do that.
> >
> > Hope that helps, -chris
> >
> > [1] http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html [2]
> > http://tomcat.apache.org/presentations.html
> >
> > -
> >
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> > 
> >
> > This message is for the designated recipient only and may contain
> > privileged, proprietary, or otherwise confidential information. If you
> > have received it in error, please notify the sender immediately and
> > delete the original. Any other use of the e-mail by you is prohibited.
> > Where allowed by local law, electronic communications with Accenture
> > and its affiliates, including e-mail and instant messaging (including
> > content), may be scanned by our systems for the purposes of
> > information security and assessment of internal compliance with
> > Accenture policy.
> > 

Re: Security Headers Implementation in Tomcat 6.x version

2017-05-31 Thread Violeta Georgieva
Hi,

2017-05-31 13:34 GMT+03:00 Shaik, Mohammad N. <
mohammad.n.sh...@accenture.com>:
>
> Hi Chris,
>
> I got the source files (.java) of the filter classes that I was looking
for.
>
> Should we compile the source file against the servlet jar file(s) present
in "[Tomcat]\lib\"

Yes.
Compile them against the jar files located in Tomcat/lib.
The servlet API classes will be loaded from Tomcat/lib a.k.a. common
loader. More you can find here:

http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html#Class_Loader_Definitions
- Common — This class loader contains additional classes that are made
visible to both Tomcat internal classes and to all web applications.
- WebappX — A class loader is created for each web application that is
deployed in a single Tomcat instance.


> or "[Tomcat]\webapps\ApplicationName\WEB-INF\lib"? I see there are
multiple JAR files in both these locations. How to locate the exact JAR
file which should be used to compile source files?
>
> My understanding is that as long as you have your code (.class files) in
any of the JAR files under "lib" folder, system would get it. You don’t
need to have specific code in specific JAR file. Code from all the jar
files under lib folder is considered as one big code, and based on the
class invoked its corresponding code gets executed from that one big code.
Please correct me if this is not right.
>
> Also, should we include the filters in web.xml file under
"[Tomcat]\conf\" folder or under "WEB-INF" folder of my application?

The web.xml located in Tomcat/conf is the "global" one. The configurations
there will be applied to every web application deployed on the Tomcat
instance. So if you need to apply this filter to all web apps then place
the definition and configurations there. Otherwise you can provide the
filter definition and configurations in the WEB-INF/web.xml for a
particular web app.

Regards,
Violeta

>
>
> Regards,
> Mohammad
>
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: 30 May 2017 21:06
> To: users@tomcat.apache.org
> Subject: Re: Security Headers Implementation in Tomcat 6.x version
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mohammad,
>
> On 5/30/17 2:13 AM, Shaik, Mohammad N. wrote:
> > Thanks for the valuable input, that helps!! We shall go with getting
> > the source package of Tomcat 7, put them in Tomcat 6 and use the
> > filters of Tomcat 7 in Tomcat 6.
> >
> > Can you please let me know from where I can get/download the source
> > package of Tomcat 7? Also can you please share the location of the
> > source package in Tomcat 6 so that we can replace it with the one from
> > Tomcat 7?
>
> The source download for Tomcat 7 is in the same place all the other
downloads are.
>
> You will not need the source for Tomcat 6, nor will you need to build the
complete source-to-binary for Tomcat 7. Just grab the source, take the
classes you need, and compile them against the servlet JAR you already have
for Tomcat 6. Feel free to re-name the packages if they are awkward for you
to compile/install and then just reference the new class names in your
application/server.
>
> Remember to watch for patches to those source files in Tomcat 7 in case
they include e.g. security updates -- you'll want to apply those same
updates to the code you have taken from Tomcat 7.
>
> A longer-term goal should be to upgrade to Tomcat 8 or 8.5. Tomcat is
backward-compatible with all spec-compliant applications, though it does
behave differently sometimes as the Servlet Experts Group has clarified
certain questions or added new capabilities (like annotation-processing). I
recommend a long period of testing with a new version of Tomcat, but I also
recommend that you begin that testing as soon as possible. Tomcat 6 will
probably receive *no further updates, security or otherwise*, even if a
vulnerability is foun d.
>
> - -chris
>
> > -Original Message- From: Christopher Schultz
> > [mailto:ch...@christopherschultz.net] Sent: 29 May 2017 20:57 To:
> > users@tomcat.apache.org Subject: Re: Security Headers Implementation
> > in Tomcat 6.x version
> >
> > Mohammad,
> >
> > On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote:
> >> Based on your inputs, we are thinking to put Apache httpd in front of
> >> Tomcat 6 server, since our header configuration is going to be
> >> static.
> >
> > This might not be a bad idea for a number of reasons, but it is by no
> > means required.
> >
> > You can download the Tomcat 7 source package and use the security
> > filters from Tomcat 7[1] in Tomcat 6: there is nothing in there that
> > actually requires Tomcat 7 to run.
> >
> >> Can you please help us in identifying which version of Apache HTTP
> >> Server we can use for Tomcat 6 version? Also, it will be great if you
> >> can share some guidelines on how to implement Apache in front of
> >> Tomcat.
> > All supported versions of Apache web server work with app supported
> > versions of Tomcat (as well as 

[ANN] Apache Tomcat 8.0.44 released

2017-05-17 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.44.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.44 includes fixes for issues identified in 8.0.43 as
well as other enhancements and changes. The notable changes since
8.0.43 include:


- Various improvements to the handling of static custom error pages

- Update to Eclipse JDT Compiler 4.6.3

- Review those places where Tomcat re-encodes a URI or URI component
  and ensure that the correct encoding is consistently applied.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.78 released

2017-05-17 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.78.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.77. The notable changes since 7.0.77 include:


- Various improvements to the handling of static custom error pages

- Review those places where Tomcat re-encodes a URI or URI component
  and ensure that the correct encoding is consistently applied.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: [ANN] Apache Tomcat 8.5.15 available

2017-05-16 Thread Violeta Georgieva
Hi,

2017-05-16 13:59 GMT+03:00 Tobias Brennecke :
>
> Hi everyone,
> will there also be a release of Tomcat 7.78?

Tomcat 7.0.78 will be available in the next days.

Regards,
Violeta

>
> > The Apache Tomcat team announces the immediate availability of Apache
> > Tomcat 8.5.15.
> >
> > - Review those places where Tomcat re-encodes a URI or URI component
> >   and ensure that the correct encoding is consistently applied.
> >
> I would appreciate to have the URI encoding fix available in Tomcat 7,
too.
>
>
> Regards,
>
> Tobias
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: Tomcat 8.5.15 Released?

2017-05-16 Thread Violeta Georgieva
Hi,

2017-05-16 6:58 GMT+03:00 Adam Rauch :
>
> Is Tomcat 8.5.15 officially released?

Yes it is released. The home page was corrected.
You should receive also an announcement mail.

Regards,
Violeta

> The home page
> (http://tomcat.apache.org/index.html) seems to indicate that it was
released
> 2017-05-10. however, the text of the section references the "release of
> version 8.5.14" and "notable changes compared to 8.5.13." And the
changelog
> link hits the 8.5.14 anchor. Also, the archives show no 8.5.15 post to the
> tomcat-announce list.
>
>
>
> Perhaps the release is still in progress, but the page has been in this
> state for a few days.
>
>
>
> Thanks,
>
> Adam
>


[ANN] Apache Tomcat 8.5.15 available

2017-05-16 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.15.

Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.

Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
features pulled forward from the 9.0.x branch. The notable changes since
8.5.14 include:


- Various improvements to the handling of static custom error pages

- Update to Eclipse JDT Compiler 4.6.3

- Review those places where Tomcat re-encodes a URI or URI component
  and ensure that the correct encoding is consistently applied.



Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.x, 6.x, 7.x and 8.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team


Re: Security question

2017-05-11 Thread Violeta Georgieva
2017-05-11 17:21 GMT+03:00 Pesonen, Harri :
>
> Hello,
>
> the following lists Tomcat versions 8.5.0 – 8.5.12, does it mean that the
problem has been fixed in 8.5.13 and later?

yes
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.13

Regards,
Violeta

>
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2017-5651
>
>
>
> I assume that it has been fixed, as 8.5.13 readme has:
>
>
>
>  60918: Fix sendfile processing error that could lead to subsequent
requests experiencing an IllegalStateException. (markt)
>  Improve sendfile handling when requests are pipelined. (markt)
>
>
>
> -Harri


Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Violeta Georgieva
2017-05-08 11:08 GMT+03:00 Mark Thomas :
>
> On behalf of the Tomcat committers I am pleased to announce that
> Michael Osipov (michaelo) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.

Welcome!

Regards,
Violeta

> Regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>


Re: Skip resource path in TLD scanner?

2017-04-28 Thread Violeta Georgieva
Hi,

2017-04-27 23:17 GMT+03:00 Matt Cosentino :
>
> I need to skip some of the resource paths within WEB-INF. I know there's
a property for skipping jar files, but I couldn't find one for resource
paths. I reported this as a bug and was told that the property exists.
Where is it?

Check this wiki https://wiki.apache.org/tomcat/HowTo/FasterStartUp

Regards,
Violeta

> - Matt
>


Re: Identifying 64k size violation for __jspService methods loaded by Tomcat

2017-04-26 Thread Violeta Georgieva
Hi,

2017-04-26 11:06 GMT+03:00 Mohammed Manna :
>
> -- Forwarded message --
> From: Mohammed Manna 
> Date: 25 April 2017 at 21:50
> Subject: Identifying 64k size violation for __jspService methods loaded by
> Tomcat
> To: users@tomcat.apache.org
>
>
> Hello,
>
> I have emailed and posted a few questions over the web about this, but
> haven't received any helpful response. Since the upgrade to 8.0.39, my web
> application is failing in various places since the Jasper compiler has now
> got more debug information (and inturn __jspService method is now bigger
> than 64k). I have done the following so far:

We have changes related to that issue.[1]
So update your Tomcat instance to the latest Tomcat 8.0 (8.0.43)

Regards,
Violeta

[1] http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

>
> 1) Kept mappedFile = TRUE
> 2) Kept suppressSMAP = FALSE
>
> This removes the failure, but now I have lost the JSP debugging
capability.
> Since Apache is not going to provide any support for this, could you
kindly
> assist me with the following:
>
> 1) How can I identify my JSP pages which are going to have this issue?
> 2) I have tried using ANT build and compiled my JSPs. It simply passes the
> build, but doesn't report any method size violation. Do you have any
> development mode support that can expose these affected methods.
>
> I appreciate that these are too specific questions, but Tomcat 8.0.39
> upgrade clearly didn't consider legacy systems and has left a massive
> refactoring job to the developers. So, it would be great if you could
> proactively extend "Known Issues" section with these.
>
> KR,


[ANN] Apache Tomcat 6.0.53 available

2017-04-08 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.53.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.

This release contains a number of bug fixes compared to version 6.0.51.

 *** IMPORTANT ***

Tomcat 6.0.x has reached end of life. It is extremely unlikely that there
will be any further releases of the 6.0.x series.

All users of Tomcat 6.0.x and earlier should upgrade to a supported version.

 *** IMPORTANT ***

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

Note: This version has 3 zip binaries: a generic one and
  two bundled with Tomcat native binaries for Windows
  operating systems running on different CPU architectures.

Downloads:
http://tomcat.apache.org/download-60.cgi

Migration guides from Apache Tomcat 5.5.x:
http://tomcat.apache.org/migration.html

- The Apache Tomcat team


[ANN] Apache Tomcat 8.0.43 available

2017-04-03 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.43.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.43 includes fixes for issues identified in 8.0.42 as
well as other enhancements and changes.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


[ANN] Apache Tomcat 7.0.77 released

2017-04-03 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.77.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.76.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: Tomcat 8.5.12 - NPE when using RequestDispatcher

2017-03-23 Thread Violeta Georgieva
Hi,

2017-03-23 22:47 GMT+02:00 Thomas DELHOMENIE :
>
> Hi,
>
> With Tomcat 8.5.12 I hit a NPE when I use RequestDispatcher to redirect
> from a servlet to another one in the case of the mapping of this second
> servlet ends with /*. An error 500 is returned because of a
> NullPointerException :

Most probably you are facing this issue [1].
The fix will be available in 8.5.13.

Regards,
Violeta

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=60882

>  java.lang.NullPointerException
> at
>
org.apache.catalina.core.ApplicationMapping.getServletMapping(ApplicationMapping.java:62)
> at
>
org.apache.catalina.core.ApplicationContext.getRequestDispatcher(ApplicationContext.java:486)
> at
>
org.apache.catalina.core.ApplicationContextFacade.getRequestDispatcher(ApplicationContextFacade.java:222)
> at org.exoplatform.RedirectServlet.doGet(RedirectServlet.java:19)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> at
>
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
> at
>
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
>
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
> at
>
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
> at
>
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> at
>
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at
>
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> at
>
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
> at
>
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
> at
>
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at
>
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
> at
>
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at
>
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
> at
>
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441)
> at
>
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
>
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1161)
> at
>
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> at
>
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.base/java.lang.Thread.run(Thread.java:844)
>
> To reproduce this issue I created a simple war with the following web.xml
:
>
> http://xmlns.jcp.org/xml/ns/javaee;
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>   xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
>   http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd;
>   version="3.1"
>   metadata-complete="true">
>
> 
>   Servlet and JSP Examples.
> 
> Servlet and JSP Examples
>
> 
>   HelloWorldExample
>   org.sample.HelloWorldServlet
> 
> 
> RedirectServlet
> org.sample.RedirectServlet
> 
>
> 
> HelloWorldExample
> /HelloWorldExample/*
> 
> 
> RedirectServlet
> /RedirectServlet
> 
> 
>
> The class RedirectServlet is :
>
> package org.sample;
>
> import javax.servlet.RequestDispatcher;
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import java.io.IOException;
>
> public class RedirectServlet extends HttpServlet {
>   @Override
>   public void doGet(HttpServletRequest request,
> HttpServletResponse response)
>   throws IOException, ServletException
>   {
> RequestDispatcher requestDispatcher =
> request.getServletContext().getRequestDispatcher("/HelloWorldExample");
> requestDispatcher.forward(request, response);
>   }
> }
>
> And the class HelloWorldServlet is :
>
> package org.sample;
>
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import java.io.IOException;
> import java.io.PrintWriter;
>
> public class HelloWorldServlet extends HttpServlet {
>   @Override
>   public void 

Re: Tomcat 8.5.12 Not Responding

2017-03-22 Thread Violeta Georgieva
Hi,

2017-03-22 17:50 GMT+02:00 Igal @ Lucee.org :
>
> I am running an application on Tomcat 8.5.12 on Windows 2008R2 64bit with
Server JRE 1.8.0u121. Right now the process is still running but no
requests are being processed, or take a very long time to process.

Please provide information for your Connector configuration (server.xml)

Regards,
Violeta

> For example, I created a simple test.html file with one line of html and
it took several minutes to serve it.
>
> This application has been running on Tomcat 8.5.11 for a while with no
issue, so I suspect some bug may have been introduced in 8.5.12.
>
> STDERR shows the following possibly related entries:
>
> Exception in thread "http-nio-8181-exec-1"
java.lang.IllegalMonitorStateException
> at
java.util.concurrent.locks.ReentrantLock$Sync.tryRelease(ReentrantLock.java:151)
> at
java.util.concurrent.locks.AbstractQueuedSynchronizer.release(AbstractQueuedSynchronizer.java:1261)
> at
java.util.concurrent.locks.ReentrantLock.unlock(ReentrantLock.java:457)
> at
java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:449)
> at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:103)
> at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:31)
> at
java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Exception in thread "http-nio-8181-exec-6"
java.lang.IllegalMonitorStateException
> at
java.util.concurrent.locks.ReentrantLock$Sync.tryRelease(ReentrantLock.java:151)
> at
java.util.concurrent.locks.AbstractQueuedSynchronizer.release(AbstractQueuedSynchronizer.java:1261)
> at
java.util.concurrent.locks.ReentrantLock.unlock(ReentrantLock.java:457)
> at
java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:449)
> at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:103)
> at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:31)
> at
java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
>
> Thread dump is attached.
>
> Any ideas?
>
> Thank you,
>
>
> Igal Sapir
> Lucee Core Developer
> Lucee.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


Re: ArrayIndexOutOfBoundsException in ServletInputStream.readLine

2017-02-16 Thread Violeta Georgieva
Hi,

2017-02-16 5:10 GMT+02:00 水野謙 :
>
> Dear Sirs,
>
> I'm using Apache Tomcat/6.0.48 on Linux and I sometimes see the
> following exception.
>
> java.lang.ArrayIndexOutOfBoundsException: 8192
> at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:391)
> at
org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:318)
> at
org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:105)
> at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:94)
> at
org.apache.catalina.connector.CoyoteInputStream.readLine(CoyoteInputStream.java:199)
> at
jp.co.interfactory.framework.MultiPartParser.retrieveParts(MultiPartParser.java:79)

Can you post here the Connectors configuration?

Regards,
Violeta

>
> "MultiPartParser.retrieveParts" is my application and calls readLine
> method as follows:
> (The actual program is more complicated and I extracted the code
> related to the input stream)
>
> byte[] buf = new byte[8 * 1024];
> ServletInputStream istream = request.getInputStream();
> while ((ret = istream.readLine(buf, 0, buf.length)) > -1) {
> // ...
> }
>
> I cannot reproduce this exception but I observe it every couple of
> months in our production servers.
> I saw the similar exception when I used Apache Tomcat/6.0.44 and the
> stacktrace was as follows:
>
> java.lang.ArrayIndexOutOfBoundsException: 8192
> at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:391)
> at
org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:317)
> at
org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:105)
> at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:94)
> at
org.apache.catalina.connector.CoyoteInputStream.readLine(CoyoteInputStream.java:199)
> at
jp.co.interfactory.framework.MultiPartParser.retrieveParts(MultiPartParser.java:79)
>
>
> Best Regards
>
> Ken Mizuno
> mizuno@interfactory.co.jp
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


[ANN] Apache Tomcat 8.0.41 available

2017-01-25 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.41.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.41 includes fixes for issues identified in 8.0.39 as
well as other enhancements and changes. The notable changes since 8.0.39
include:


- Improve handling of varargs in UEL expressions

- Ensure that the endpoint is able to unlock the acceptor thread during
  shutdown if the endpoint is configured to listen to any local address of
  a specific type such as 0.0.0.0 or ::


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team


[ANN] Apache Tomcat 7.0.75 released

2017-01-25 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.75.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.73. The notable changes since 7.0.73 include:


- Add support for varargs in UEL expressions

- Ensure that the endpoint is able to unlock the acceptor thread during
  shutdown if the endpoint is configured to listen to any local address of
  a specific type such as 0.0.0.0 or ::


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: web-fragment.xml in embedded containers

2017-01-23 Thread Violeta Georgieva
Hi,

2017-01-24 5:20 GMT+02:00 John D. Ament :
>
> Hi,
>
> I was wondering if there was some configuration option that I could enable
> in an embedded Tomcat container to have it process web-fragment.xml files?

What is the case where an embedded Tomcat does not process web-fragment.xml
files?

Regards,
Violeta

> John


Re: [ANN] New committer: Emmanuel Bourg

2017-01-20 Thread Violeta Georgieva
2017-01-20 19:12 GMT+02:00 Mark Thomas :
>
> On behalf of the Tomcat committers I am pleased to announce that
> Emmanuel Bourg (ebourg) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.

Welcome!

Regards,
Violeta

> Regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>


Re: TomcatCon @ ApacheCon

2017-01-16 Thread Violeta Georgieva
Hi,

2017-01-09 13:57 GMT+02:00 Mark Thomas :
>
> All,
>
> There is the opportunity (if we can pull it together as a community) to
> run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
> are May 16 to 18.
>
> The call for papers closes on Feb 11 so we have around a month to get
> organised. We'll also need to convince the conference organisers that a)
> there is a demand for this and b) we have a plan.
>
> Getting the right content is going to be critical to success. I've been
> thinking about this for a while and I think we can identify the right
> content if as many folks as possible on this list answer the following
> question:
>
> "What topic(s) need to be covered in a Tomcat conference to make it as
> easy as possible to get your employer to pay for you to attend?"
>
> We have up to three days and potentially multiple tracks so even if you
> think you have a niche requirement, please speak up. We typically have a
> number of Tomcat committers speaking at ApacheCon so finding someone to
> cover a particular topic shouldn't be too tricky. Equally, if you have a
> topic you could present on that you think others would find useful,
> speak up.
>
> Do feel free to add your +1 if someone else mentions a topic your are
> interested first. Having an idea of how popular the topics are would
> also be helpful.
>
> Also, we don't have to stick to the standard "Sit and listen to someone
> present for 40 mins" format. Discussions, workshops, hackathons are all
> possible.
>
> Some topic ideas to get the ball rolling.
>
> Hands-on workshop: Configuring TLS with Apache Tomcat
> Reverse Proxying to Apache Tomcat
> Load-balancing with Apache Tomcat
> Clustering  with Apache Tomcat
> Tomcat Clinic (like the users list but with everyone in the same room)
>
> I look forward to hearing your topic ideas.

What do you think about following topic: Reactive Streams with Apache
Tomcat?

Regards,
Violeta

> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: Need Help on Tomcat 8.1.1 SSL Public Facing URL !!

2016-11-17 Thread Violeta Georgieva
Hi,

2016-11-17 7:51 GMT+02:00 :
>
> Hi Group,
>
> Please help in resolving the issue with Public Facing URL of Tomcat
server.  Currently the existing configuration is as follows :
>
>
> 1)  Tomcat 8.1.1 is installed on Red-Hat Linux OS along with Jdk1.7

There isn't a version Tomcat 8.1.1
Please verify your Tomcat version.
More information about Tomcat versions can be found here
http://tomcat.apache.org/whichversion.html

Regards,
Violeta

> 2)  Tomcat is enabled with SSL and able to access with https with the
IP Address in the internal network
>
> 3)  Public IP address is assigned where this tomcat installed
>
> 4)  Firewall rules are relaxed for both Http and Https ports
>
> 5)  Tomcat server.xml is modified (Host Element) with the public
facing host name instead of localhost
>
> But still Tomcat is not getting accessed in the internet either with Http
or Https. Could you please throw some light where I am missing here ?
>
> I appreciate your quick help on this.
>
> Thanks & Regs,
> Ramagopala Chaturvedula (Ram)
>
> The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s) and
may contain proprietary, confidential or privileged information. If you are
not the intended recipient, you should not disseminate, distribute or copy
this e-mail. Please notify the sender immediately and destroy all copies of
this message and any attachments. WARNING: Computer viruses can be
transmitted via email. The recipient should check this email and any
attachments for the presence of viruses. The company accepts no liability
for any damage caused by any virus transmitted by this email. www.wipro.com


[ANN] Apache Tomcat 6.0.48 available

2016-11-16 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.48.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.

This release contains a number of bug fixes and improvements compared to
version 6.0.47.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

Note: This version has 3 zip binaries: a generic one and
  two bundled with Tomcat native binaries for Windows
  operating systems running on different CPU architectures.

Downloads:
http://tomcat.apache.org/download-60.cgi

Migration guides from Apache Tomcat 5.5.x:
http://tomcat.apache.org/migration.html

- The Apache Tomcat team


[ANN] Apache Tomcat 8.0.39 available

2016-11-15 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.39.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.39 includes fixes for issues identified in 8.0.38 as
well as other enhancements and changes. The notable changes since 8.0.38
include:

- Improve handling of I/O errors with async processing

- Fail earlier on invalid HTTP requests


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team


[ANN] Apache Tomcat 7.0.73 released

2016-11-15 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.73.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.72. The notable changes since 7.0.72 include:


- Improve handling of I/O errors with async processing
- Fail earlier on invalid HTTP requests


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: Allow Customization of service.bat

2016-11-07 Thread Violeta Georgieva
Hi,

2016-11-02 19:27 GMT+02:00 Igal @ Lucee.org <i...@lucee.org>:
>
> Violeta,
>
> On 10/20/2016 11:10 PM, Violeta Georgieva wrote:
>>
>> Here [1] it is described how you can report a bug. Attach the patch to
the
>> bug. When you attaching the file there is a checkbox "patch".
>> We also accept PRs from GitHub [2].
>>
>> [1] http://tomcat.apache.org/bugreport.html#Reporting_Apache_Tomcat_bugs
>> [2] https://github.com/apache/tomcat
>
> Are you sure about the GitHub PRs?  I submitted this one almost a couple
of weeks ago:
> https://github.com/apache/tomcat/pull/36

Thanks for the patch.
The fix is available in:
- trunk for 9.0.0.M14 onwards
- 8.5.x for 8.5.9 onwards

Regards,
Violeta

> Thanks,
>
>
>
> Igal
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: jasper

2016-11-04 Thread Violeta Georgieva
Hi,

2016-11-04 19:40 GMT+02:00 Jason Hall :
>
> Possible issue with generated source from jsp(s).
>
> I current installed Tomcat 8.5.6 and use it with netbeans.
>
> On one of my JSP files, it is creating a source file with a try/catch
block that is MUCH greater than the 64K limit set by the JVM.   On
glassfish and websphere, this does not occur.
>
> I haven't checked the size of the method in websphere, but did save the
generated source on glassfish and the method is 57K (still under the 64K
limit).  The tomcat one was almost 800K I think.
>
> The older netbeans 8.0 version of tomcat that is bundeled with it does
not have this problem (version 8.0.9.0)

Check this https://bz.apache.org/bugzilla/show_bug.cgi?id=60126

Regards,
Violeta

>thanks,
>   Jason
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: Question about ServletOutputStream.setWriteListener

2016-10-21 Thread Violeta Georgieva
2016-10-20 21:47 GMT+03:00 Mark Thomas <ma...@apache.org>:
>
> On 20/10/2016 14:08, Violeta Georgieva wrote:
> > Hi,
> >
> > I have a question about ServletOutputStream.setWriteListener.
> >
> > I have the following scenario:
> > - Request 1 - in the servlet service method it starts async operation
and
> > starts waiting for a particular notification
> > - Request 2  - in the servlet service method it starts async operation
and
> > notifies the Request 1 to write to the response
> > - During this notification Request 1 sets WriteListener. This happens
while
> > we are still in the service method of the servlet for Request 2 i.e.
this
> > happens in the thread that processes Request 2.
> > - Request 1 starts waiting for onWritePossible but the event is never
sent.
> >
> > So the question is whether it is allowed to set the WriteListener from
the
> > thread that is processing another request?
>
> Yes, but we don't handle that very well. That looks like a bug to me.
>
> > I can see that when setWriteListener is invoked [1] we add to the
> > dispatches - NON_BLOCKING_WRITE - this is a result of the DISPATCH_WRITE
> > action.
> > But I think that we have to invoke DISPATCH_EXECUTE.
> >
> > I tried to extract one very simple example [2] that shows the scenario.
>
> Can you turn that into a unit test for the AsyncContext?

http://svn.apache.org/viewvc?view=revision=1765995
I added a test. It is marked with @Ignore as it will fail with the current
implementation.

Thanks,
Violeta

> Mark
>
>
> >
> > What do you think?
> >
> > Thanks,
> > Violeta
> >
> > [1]
> >
https://github.com/apache/tomcat/blob/trunk/java/org/apache/coyote/Response.java#L607
> > [2] https://github.com/violetagg/test-write-listener
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: Allow Customization of service.bat

2016-10-21 Thread Violeta Georgieva
Hi,

2016-10-21 1:23 GMT+03:00 Igal @ Lucee.org :
>
> Hi Mark,
>
> On 10/20/2016 1:19 PM, Mark Thomas wrote:
>>
>>
>>> Can I submit a patch for that?
>>
>> Sure. Got for it.
>
>
> I'm not very familiar with SVN (hopefully Apache will move to GIT soon),
so I wasn't sure where to submit the patch.
>
> The Apache Contributors Guide suggests the bug tracking platform. Should
I create a ticket in Bugzilla and add the patch there?
>
> I also attached the patch file here for convenience.
>
> Thank you,

Here [1] it is described how you can report a bug. Attach the patch to the
bug. When you attaching the file there is a checkbox "patch".
We also accept PRs from GitHub [2].

[1] http://tomcat.apache.org/bugreport.html#Reporting_Apache_Tomcat_bugs
[2] https://github.com/apache/tomcat

Regards,
Violeta

>
> Igal
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


Question about ServletOutputStream.setWriteListener

2016-10-20 Thread Violeta Georgieva
Hi,

I have a question about ServletOutputStream.setWriteListener.

I have the following scenario:
- Request 1 - in the servlet service method it starts async operation and
starts waiting for a particular notification
- Request 2  - in the servlet service method it starts async operation and
notifies the Request 1 to write to the response
- During this notification Request 1 sets WriteListener. This happens while
we are still in the service method of the servlet for Request 2 i.e. this
happens in the thread that processes Request 2.
- Request 1 starts waiting for onWritePossible but the event is never sent.

So the question is whether it is allowed to set the WriteListener from the
thread that is processing another request?

I can see that when setWriteListener is invoked [1] we add to the
dispatches - NON_BLOCKING_WRITE - this is a result of the DISPATCH_WRITE
action.
But I think that we have to invoke DISPATCH_EXECUTE.

I tried to extract one very simple example [2] that shows the scenario.

What do you think?

Thanks,
Violeta

[1]
https://github.com/apache/tomcat/blob/trunk/java/org/apache/coyote/Response.java#L607
[2] https://github.com/violetagg/test-write-listener


[ANN] Apache Tomcat 6.0.47 available

2016-10-17 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.47.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.

This release contains a number of bug fixes and improvements compared to
version 6.0.45. The notable changes since 6.0.45 include:
- Update to Tomcat Native Library version 1.2.10.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

Note: This version has 3 zip binaries: a generic one and
  two bundled with Tomcat native binaries for Windows
  operating systems running on different CPU architectures.

Downloads:
http://tomcat.apache.org/download-60.cgi

Migration guides from Apache Tomcat 5.5.x:
http://tomcat.apache.org/migration.html

- The Apache Tomcat team


Re: Is there a 6.0.x patch for CVE-2016-5388?

2016-10-07 Thread Violeta Georgieva
Hi,

2016-10-04 9:35 GMT+03:00 Vamsavardhana Reddy :
>
> Hi,
>
> Thanks for your reply.  I meant to ask if Tomcat will be releasing a 6.0.x
> version (say 6.0.46?) addressing this CVE.  If yes, what time frame may I
> expect this version out?

For Tomcat 6.0.46 you can follow this [1].

Regards,
Violeta

[1] http://marc.info/?l=tomcat-dev=147584952203449=2

>
> Best regards,
> Vamsi


Re: Async servlet and request recycling

2016-09-29 Thread Violeta Georgieva
Hi,

2016-09-29 10:14 GMT+03:00 Thomas Boniface :
>
> The tomcat version is 7.0.64.

I would recommend you to verify the behaviour against the latest Tomcat 7
(7.0.72).
We have changes in the async processing since 7.0.64.
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Regards,
Violeta

> Thomas
>
> 2016-09-28 22:43 GMT+02:00 Christopher Schultz <
ch...@christopherschultz.net
> >:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Thomas,
> >
> > On 9/28/16 11:55 AM, Thomas Boniface wrote:
> > > Hi,
> > >
> > > When a client calls an asynchronous servlet and closes the
> > > connection a java.io.IOException: Broken pipe is catched by Tomcat
> > > level when the webapp tries to write to the socket.
> > >
> > > This exception is not transmited to the webapp level but it seems
> > > the request has been recycled (all content is reinitialised), in
> > > such a case it impossible for the webapp to retrieve the
> > > AsyncContext from the HttpServletRequest making the AsyncContext
> > > complete call impossible.
> > >
> > > Activating the tomcat logging for AsyncContext
> > > (org.apache.catalina.core.AsyncContextImpl.level = FINE) shows the
> > > recycle method is called but not the complete method, what seems to
> > > confirm my assumption. In a use case were the client waits for the
> > > response, I can see both complete and recycle are called.
> > >
> > > My question is, what is the impact of the complete not being called
> > > on the AsyncContext, is the socket cleaned up properly ?
> >
> > Tomcat version?
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: GPGTools - http://gpgtools.org
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> >
> > iQIcBAEBCAAGBQJX7CtcAAoJEBzwKT+lPKRYwekP/R1wirv0g7wJ3uR1Xk4mYIQo
> > jPUYBirzVcewTWrDUpOe4BdXUBzgk7zDVrOsWU9PGlc0Prwik9YHeFWlG9ItxeEs
> > 0ZJ0vJ1z6Od0KsxN6E8KobsE3rQu+td1Mh7d0g76zbHQKiLmrJNb8/hGuHVQr9Fd
> > M597bec0JYiQSXU+8/SMErx/bdoA8HcApaeJpnl/RuCLfYwQ5ZSS/e0SCuSqMi1W
> > bEU0vj0pBfK6h1WuweCRoBL5Shxa2XBpbc8nlPgb7IHNlQ15dwlD10nnuYDLb7DR
> > VmOYEx2fmynZ/fOajfTsHoWUpoHjK47vMjtLUpIXARN8LY6tR2A2iUqJ6gXlM+QL
> > gNRkucxkI3RSV3U7ipx7y5IJTglFC7uAyFlJpPLx8gLhGWSUz+q46lDr+332kF5x
> > VU7rKLY/3RcSJG0ZLfIzPly5tz8wssMvwu94nI8lQb4SweEJDa6cT5Z8aUUTFaf6
> > kjy34jSgsi6QyN+NK9WKapdDNzvIo1X18zK2CqfDSeyBsgprU62o1P8R/BxIiM9f
> > YAnK98kPtmmKyJHcS7+fBngO1/TZvsdGlYj+cXcnCNi0Fnp50WKlHOPb6wcZo5q5
> > lcpLkwj4izmdgW8rONjMDAZj3gal7OKw0WQ/srU6XIfUa1kgR0NAtb7YQGvHJA5g
> > ljFdLIuRnMu+43OsbSKC
> > =zrQ5
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >


[ANN] Apache Tomcat 7.0.72 released

2016-09-20 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.72.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.70. The notable changes since 7.0.70 include:


- Update the packaged version of the Tomcat Native Library to 1.2.8
- Treat paths used to obtain a request dispatcher as encoded (configurable)


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter for app specific web.xml under Tomcat 8.0.9 (bundled with Netbeans)

2016-09-08 Thread Violeta Georgieva
Hi Mladen,

2016-09-08 13:04 GMT+03:00 Mladen Adamović :
>
> Hi Mark,
>
> It seems that in Tomcat 8 it was added in
> Tomcat 8.0.23 (merged from Tomcat 7 I guess)

Typically we back port features to previous versions and not vice versa.

That feature was first developed in Tomcat 9 branch and then back ported.

Regards,
Violeta

>
>- [image: Add:] 54618
>: Add a new
>HttpHeaderSecurityFilter that adds the Strict-Transport-Security,
>X-Frame-Options and X-Content-Type-Options HTTP headers to the
response.
>(markt)
>
> And Netbeans embedded version I was using was 8.0.9, I guess that was the
> problem.
>
>
> On Thu, Sep 8, 2016 at 11:43 AM, Mark Thomas  wrote:
>
> > On 08/09/2016 10:12, Mladen Adamović wrote:
> > > I want in some specific apps to enable HttpHeaderSecurityFilter (I
might
> > > have some insecure applications at the same server).
> >
> > 
> >
> > > But I've got the error message when running from Tomcat 8.0.9.0. This
> > > happened in a development environment, this Tomcat was installed with
> > > Netbeans 8.0.1.
> > >
> > > 08-Sep-2016 09:35:37.108 SEVERE [http-nio-8084-exec-7]
> > > org.apache.catalina.core.StandardContext.filterStart Exception
starting
> > > filter httpHeaderSecurity
> > >  java.lang.ClassNotFoundException: org.apache.catalina.filters.
> > > HttpHeaderSecurityFilter
> >
> > 
> >
> > > What could be the reason Tomcat is displaying ClassNotFoundExpceiotn
for
> > > org.apache.catalina.filters.HttpHeaderSecurityFilter, since this
exists
> > > since Tomcat 7?
> >
> > Read this:
> > http://svn.us.apache.org/repos/asf/tomcat/tc7.0.x/
> > trunk/webapps/docs/changelog.xml
> >
> > and this:
> > http://svn.us.apache.org/repos/asf/tomcat/tc8.0.x/
> > trunk/webapps/docs/changelog.xml
> >
> > Search for "HttpHeaderSecurityFilter" and read all the matching
> > changelog entries.
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >


Re: A way for user to specify DH parameter to tomcat !

2016-08-17 Thread Violeta Georgieva
Hi,

2016-08-17 11:29 GMT+03:00 Utkarsh Dave :
>
> Hi All,
>
> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
> We have been using BIO connectors.
> 1. I need help to find out how to provide user specified DH parameter to
> tomcat.
> 2. What all ciphers are categorized under modern ciphers ?

Look at these pages
http://wiki.apache.org/tomcat/Security/Ciphers
http://wiki.apache.org/tomcat/HowTo/SSLCiphers

Regards,
Violeta

>
> Thanks for your time in advance.
>
> -Utkarsh


Re: org.apache.catalina.startup.Bootstrap.getCatalinaHomeFile()Ljava/io/File;

2016-08-12 Thread Violeta Georgieva
Hi,

2016-08-12 15:01 GMT+03:00 leonidprokopets :
>
> Does anyone know which version of tomcat-catalina.jar contains a
Bootstrap class with getCatalinaHomeFile() method?
>
> I'm using Tomcat 8.0 and Eclipse Neon 4.6.0
>
> I'm getting an error
> java.lang.NoSuchMethodError:
org.apache.catalina.startup.Bootstrap.getCatalinaHomeFile()Ljava/io/File;
> So obviously the Bootstrap class does not have the method.

Check carefully your dependencies. This method is available in Tomcat 8.0
and above, but it is not available in Tomcat 7.


http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/startup/Bootstrap.java?view=markup#l534
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/startup/Bootstrap.java?view=markup#l547
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java?view=markup#l547

Regards,
Violeta

> Thanks in advance for any hint.


Re: Release Dates

2016-08-05 Thread Violeta Georgieva
Hi,

The date for the latest release is just above the change log. For 7.0.70
it is June 15, 2016.

Regards,
Violeta

On Friday, 5 August 2016, Salvatore Bellassai <
sbellas...@foxguardsolutions.com> wrote:

> Violeta,
>
> I did find that before I posted in the mailing list, but there is no
> release
> date for 7.0.70. 70.069 and previous all appear to have release dates, but
> there was no date for 7.0.70.
>
> Was this just an error?
>
> Thank you for your help.
>
> > -Original Message-
> > From: Violeta Georgieva [mailto:violet...@apache.org <javascript:;>]
> > Sent: Friday, August 5, 2016 11:13 AM
> > To: Tomcat Users List <users@tomcat.apache.org <javascript:;>>
> > Subject: Re: Release Dates
> >
> > Hi,
> >
> > Check the change log [1].
> > There you can find the release dates.
> >
> > Regards,
> > Violeta
> >
> > [1] http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
> >
> > On Friday, 5 August 2016, Salvatore Bellassai <
> > sbellas...@foxguardsolutions.com <javascript:;>> wrote:
> >
> > > Hello,
> > >
> > > I was hoping someone could tell me where Release Dates can be obtained
> > > for Tomcat 7.0?
> > >
> > > Thank you.
> > >
> > > Salvatore "Trace" Bellassai
> > > Security Technician, FoxGuard Solutions, Inc.
> > > (O) (540) 382-4234 x222
> > > sbellas...@foxguardsolutions.com <javascript:;> <javascript:;>
> > > 105 Industrial Drive, Christiansburg, VA 24073
> > >
> > > www.FoxGuardSolutions.com
> > > Cyber Security | Compliance | Industrial Computing
> > >
> > >
>


Re: Release Dates

2016-08-05 Thread Violeta Georgieva
Hi,

Check the change log [1].
There you can find the release dates.

Regards,
Violeta

[1] http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

On Friday, 5 August 2016, Salvatore Bellassai <
sbellas...@foxguardsolutions.com> wrote:

> Hello,
>
> I was hoping someone could tell me where Release Dates can be obtained for
> Tomcat 7.0?
>
> Thank you.
>
> Salvatore "Trace" Bellassai
> Security Technician, FoxGuard Solutions, Inc.
> (O) (540) 382-4234 x222
> sbellas...@foxguardsolutions.com 
> 105 Industrial Drive, Christiansburg, VA 24073
>
> www.FoxGuardSolutions.com
> Cyber Security | Compliance | Industrial Computing
>
>


Re: Tomcat 8.0 : Custom server.xml path

2016-07-13 Thread Violeta Georgieva
Hi,

2016-07-12 12:03 GMT+03:00 Amit Pande :
>
> Any thoughts on this ?

You may try using catalina.base
https://github.com/apache/tomcat/blob/trunk/RUNNING.txt#L84
https://github.com/apache/tomcat/blob/trunk/RUNNING.txt#L230

Regards,
Violeta

>
> On 11/07/16 1:15 pm, "Amit Pande"  wrote:
>
> >Hello all,
> >
> >
> >We have a custom cluster deployment scenario which requires to put config
> >files on a shared disk.
> >
> >With reference to above requirement, we need to put server.xml (and
> >possibly other files from TOMCAT_DIR\conf) on the shared disk.
> >
> >Is there any way to do this ? Possible to do in catalina.properties like:
> >
> >
> >Conf.dir = 
> >
> >
> >Appreciate your help here.
> >
> >Thanks,
> >Amit
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: Tomcat Embedded and Web Fragments

2016-07-13 Thread Violeta Georgieva
Hi,

2016-07-07 15:07 GMT+03:00 l.pe...@senat.fr :
>
> Hi.
>
> I am using Tomcat embedded, for integration tests.
>
> I do not find how to let it take in account web-fragments of included
jars. Is there a specific config ? Does anyone have a working example ?


Take a look at the Tomcat's tests
https://github.com/apache/tomcat/blob/trunk/test/org/apache/catalina/startup/TestContextConfig.java

Regards,
Violeta


> I am using version 8.0.36.
>
> Thanks in advance,
>
> Ludovic
>
>
> |
> | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
> |
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: need latest tomcat stable versions

2016-07-05 Thread Violeta Georgieva
Hi

2016-07-05 13:30 GMT+03:00 Vijay Kumar :
>
> Hi Team,
>
> We have a Product in Production which we are using Tomcat as web-server.
>
> Now we want to upgrade Tomcat to the latest version where we have
> identified below two versions as the latest one.
>
> Tomcat 8.0.36
> Tomcat 8.5.3
>
> Could you please update whether these are stable enough to use or please
> suggest which one is the stable one to use in Production.
>

Check the links below:
http://tomcat.apache.org/whichversion.html
http://wiki.apache.org/tomcat/TomcatVersions

Regards,
Violeta

>
> Thanks,
> Vijay G


[ANN] Apache Tomcat 7.0.70 released

2016-06-21 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.70.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.69. The notable changes since 7.0.69 include:


- Update the packaged version of the Tomcat Native Library to 1.2.7 to pick
  up the Windows binaries that are based on OpenSSL 1.0.2h and APR 1.5.2

- Remove native code (Windows Service Wrapper, APR/native connector)
  support for Windows Itanium.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: Tomcat 8.0.33 not seeing JSP extracted from zip during context deploy.

2016-05-27 Thread Violeta Georgieva
Hi,

2016-05-27 13:21 GMT+03:00 Gavin Donald :
>
> Hello,
>
> I recently upgraded from */Tomcat 8.0.9/***to */8.0.33/*.
>
> I have a zip file that contains JSPs. When the context starts a custom
/ThemeManager /class looks at a /theme.jar/ file and extracts some SiteMesh
decorators to /WEB-INF/decorator-template/.
>
> Since I upgraded to 8.0.33, Tomcat does not seem to be able to detect
that those files have been extracted. The error I am seeing in the console
is:
>
> */javax.servlet.ServletException: File
[/WEB-INF/decorator-template/decorator-default.jsp] not found/*
>
> The error is quite obviously not finding the file, but it is in that
location. No changes have been made to the ThemeManager class and
everything still works fine in 8.0.9.
>
> Currently I need to restart Tomcat 8.0.33 a second time to see the
extracted files. After that I can happily make changes to the /theme.jar/,
the /ThemeManager /will redeploy it and Tomcat will serve the new version
of the file. It is as if Tomcat 8.0.33 does not know those files have been
extracted from the /theme.zip/ and requires a restart before it will
recognise they exist. *Does anyone know why this may be (has there been a
change in the way Tomcat manages JSPs recently?), and better yet - does
anyone have a solution?*
>
> I tried to set */development/* to */true/* in */conf/web.xml/*//but it
didn't help and I'm not sure that would be suitable for live/./ I have
checked my web-apps log files between 8.0.9 and 8.0.33 and can't see any
differences. It seems that Tomcat 8.0.33 is behaving differently to 8.0.9.
> /

I made very basic app based on your description but I do not observe such
behaviour.
Can you provide some simple example that shows the problem? (e.g. on github)

Regards,
Violeta

> /Thanks
>
> Gavin./
> /


Re: Failed to read schema document 'classpath:/schema/shibboleth-2.0-services.xsd'

2016-05-16 Thread Violeta Georgieva
2016-05-16 18:35 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com>:
>
>
>
> On 5/16/16, 10:49 AM, "Violeta Georgieva" <miles...@gmail.com> wrote:
>
> >2016-05-16 17:45 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com>:
> >>
> >> Hello,
> >>
> >> On 5/5/16, 3:55 PM, "Violeta Georgieva" <miles...@gmail.com> wrote:
> >>
> >> >Hi,
> >> >
> >> >
> >> >2016-05-05 20:51 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com
>:
> >> >>
> >> >> Hi,
> >> >>
> >> >> On 5/5/16, 1:48 PM, "Hilbert, Colin" <colin.hilb...@teradata.com>
> >wrote:
> >> >>
> >> >> >Hello,
> >> >> >
> >> >> >Thank you for checking up on this.  In the meantime, is there a
> >> >>different
> >> >> >way you recommend I add these to the class path other than moving
> >>the
> >> >> >jars?
> >> >> >
> >> >> >Colin
> >> >> >
> >> >> >
> >> >> >On 4/27/16, 4:06 AM, "Violeta Georgieva" <miles...@gmail.com>
wrote:
> >> >> >
> >> >> >>Hi,
> >> >> >>
> >> >> >>
> >> >> >>2016-04-26 22:49 GMT+03:00 Hilbert, Colin
> >> >><colin.hilb...@teradata.com>:
> >> >> >>>
> >> >> >>> Tomcat version 7.0.69
> >> >> >>> Also happens on 7.0.68 and 7.0.67
> >> >> >>>
> >> >> >>> I don¹t get this error on 7.0.65
> >> >> >>>
> >> >> >>> I have deployed an idp.war on tomcat
> >> >> >>> The idp.war has a service.xml file that looks like this at the
> >> >> >>>beginning:
> >> >> >>>
> >> >> >>>
> >> >> >>>  >> >> >>>   xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
> >> >> >>>
> >> >>
> >>
>
>>>>>xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority
> >>>>>"
> >> >> >>>
> >> >>xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
> >> >> >>>
> >> >>xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler"
> >> >> >>>
> >xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
> >> >> >>>   xmlns:resource="urn:mace:shibboleth:2.0:resource"
> >> >> >>>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> >> >> >>>   xsi:schemaLocation="urn:mace:shibboleth:2.0:services
> >> >> >>classpath:/schema/shibboleth-2.0-services.xsd
> >> >> >>>   urn:mace:shibboleth:2.0:afp
> >> >> >>classpath:/schema/shibboleth-2.0-afp.xsd
> >> >> >>>
> >> >> >>>urn:mace:shibboleth:2.0:attribute:authority
> >> >> >>classpath:/schema/shibboleth-2.0-attribute-authority.xsd
> >> >> >>>   urn:mace:shibboleth:2.0:resolver
> >> >> >>classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
> >> >> >>>
> >> >> >>>urn:mace:shibboleth:2.0:idp:profile-handler
> >> >> >>classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
> >> >> >>>
> >>urn:mace:shibboleth:2.0:relying-party
> >> >> >>classpath:/schema/shibboleth-2.0-relying-party.xsd
> >> >> >>>   urn:mace:shibboleth:2.0:resource
> >> >> >>classpath:/schema/shibboleth-2.0-resource.xsd²>
> >> >> >>>
> >> >> >>> The stack complains that it cannot find the first schemaLocation
> >> >listed
> >> >> >>but if I go to the deployed idp folder in tomcat idp/WEB-INF/lib/
> >> >>there
> >> >> >>are
> >> >> >>jars there, one of which is shibboleth-common-1.2.1.jar
> >> >> >>>
> >> >> >>> Which has the path /schema/ containing all those listed
> >> >schemaLocations
> >> >> >>from the service.xml
> >> >> >>>
> >> >> >>> I can move all the jars from idp/WE-INF/lib/ to
tomcat7.0.69/lib/
> >> >>and
> >> >> >>>the
> >> >> >>exception goes away but I haven¹t had to do this prior to .67
> >> >> >>>
> >> >> >>> Can anyone shed some light on this?
> >> >> >>
> >> >> >>
> >> >> >>I think that this is related to the following feature [1].
> >> >> >>I'll check that.
> >> >> >>
> >> >> >>Regards,
> >> >> >>Violeta
> >> >> >>
> >> >> >>[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=56777
> >> >> >
> >> >> >
> >> >>
> >>>-
> >> >> >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> >> >For additional commands, e-mail: users-h...@tomcat.apache.org
> >> >> >
> >> >>
> >> >> Sorry for the top post.  I didn’t understand what I was doing.
> >> >
> >> >Please follow the discussion [1] on the dev list.
> >> >
> >> >Regards,
> >> >Violeta
> >> >
> >> >[1] http://marc.info/?t=14617548634=1=2
> >> >
> >> >> Colin.
> >> >>
> >>
> >> Is there a bugzilla ticket that I can follow on this?
> >
> >No there isn't.
> >You can open one and point to the mail thread.
> >
> >Regards,
> >Violeta
> >
> >> Colin
> >>
>
> How does one link the email thread in the ticket, would I just save this
> outlook message and attach it as a file or do I provide that link for the
> discussion you gave me previousy?


Use this http://marc.info/?t=14617548634=1=2


Regards,
Violeta


> Colin
>


Re: Failed to read schema document 'classpath:/schema/shibboleth-2.0-services.xsd'

2016-05-16 Thread Violeta Georgieva
2016-05-16 17:45 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com>:
>
> Hello,
>
> On 5/5/16, 3:55 PM, "Violeta Georgieva" <miles...@gmail.com> wrote:
>
> >Hi,
> >
> >
> >2016-05-05 20:51 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com>:
> >>
> >> Hi,
> >>
> >> On 5/5/16, 1:48 PM, "Hilbert, Colin" <colin.hilb...@teradata.com>
wrote:
> >>
> >> >Hello,
> >> >
> >> >Thank you for checking up on this.  In the meantime, is there a
> >>different
> >> >way you recommend I add these to the class path other than moving the
> >> >jars?
> >> >
> >> >Colin
> >> >
> >> >
> >> >On 4/27/16, 4:06 AM, "Violeta Georgieva" <miles...@gmail.com> wrote:
> >> >
> >> >>Hi,
> >> >>
> >> >>
> >> >>2016-04-26 22:49 GMT+03:00 Hilbert, Colin
> >><colin.hilb...@teradata.com>:
> >> >>>
> >> >>> Tomcat version 7.0.69
> >> >>> Also happens on 7.0.68 and 7.0.67
> >> >>>
> >> >>> I don¹t get this error on 7.0.65
> >> >>>
> >> >>> I have deployed an idp.war on tomcat
> >> >>> The idp.war has a service.xml file that looks like this at the
> >> >>>beginning:
> >> >>>
> >> >>>
> >> >>>  >> >>>   xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
> >> >>>
> >>
>
>>>>xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority"
> >> >>>
> >>xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
> >> >>>
> >>xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler"
> >> >>>
xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
> >> >>>   xmlns:resource="urn:mace:shibboleth:2.0:resource"
> >> >>>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> >> >>>   xsi:schemaLocation="urn:mace:shibboleth:2.0:services
> >> >>classpath:/schema/shibboleth-2.0-services.xsd
> >> >>>   urn:mace:shibboleth:2.0:afp
> >> >>classpath:/schema/shibboleth-2.0-afp.xsd
> >> >>>
> >> >>>urn:mace:shibboleth:2.0:attribute:authority
> >> >>classpath:/schema/shibboleth-2.0-attribute-authority.xsd
> >> >>>   urn:mace:shibboleth:2.0:resolver
> >> >>classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
> >> >>>
> >> >>>urn:mace:shibboleth:2.0:idp:profile-handler
> >> >>classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
> >> >>>   urn:mace:shibboleth:2.0:relying-party
> >> >>classpath:/schema/shibboleth-2.0-relying-party.xsd
> >> >>>   urn:mace:shibboleth:2.0:resource
> >> >>classpath:/schema/shibboleth-2.0-resource.xsd²>
> >> >>>
> >> >>> The stack complains that it cannot find the first schemaLocation
> >listed
> >> >>but if I go to the deployed idp folder in tomcat idp/WEB-INF/lib/
> >>there
> >> >>are
> >> >>jars there, one of which is shibboleth-common-1.2.1.jar
> >> >>>
> >> >>> Which has the path /schema/ containing all those listed
> >schemaLocations
> >> >>from the service.xml
> >> >>>
> >> >>> I can move all the jars from idp/WE-INF/lib/ to tomcat7.0.69/lib/
> >>and
> >> >>>the
> >> >>exception goes away but I haven¹t had to do this prior to .67
> >> >>>
> >> >>> Can anyone shed some light on this?
> >> >>
> >> >>
> >> >>I think that this is related to the following feature [1].
> >> >>I'll check that.
> >> >>
> >> >>Regards,
> >> >>Violeta
> >> >>
> >> >>[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=56777
> >> >
> >> >
> >> >-
> >> >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> >For additional commands, e-mail: users-h...@tomcat.apache.org
> >> >
> >>
> >> Sorry for the top post.  I didn’t understand what I was doing.
> >
> >Please follow the discussion [1] on the dev list.
> >
> >Regards,
> >Violeta
> >
> >[1] http://marc.info/?t=14617548634=1=2
> >
> >> Colin.
> >>
>
> Is there a bugzilla ticket that I can follow on this?

No there isn't.
You can open one and point to the mail thread.

Regards,
Violeta

> Colin
>


Re: Enabling Tomcat to be FIPS compliant.

2016-05-16 Thread Violeta Georgieva
Hi,

2016-05-16 7:42 GMT+03:00 Nikitha Benny :
>
> Hello Everyone,
>
>
> I am using JRE 1.8.060 and tomcat 7.00.068 ,after enabling the FIPS mode
> and performing the steps to create a certificate(PKCS12 format). I was
able
> to access the tomcat home page using HTTPS
>
>
> But when I was using the same JRE 1.8.060 with tomcat 7.00.069 and then
> enabling the FIPS and performing the steps to create a certificate I am
> unable to access the tomcat home page using HTTPS.I got an error saying :
“This
> site can’t provide a secure connection,uses an unsupported protocol,
> ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.
>
> Later I added Ciphers in server.xml.ovtemplate and try loading the page
> using Https and the page loaded successfully.
>
>
>
> May I know why I should add ciphers to server.xml.ovtemplate for tomcat
> 7.00.069 but not for 7.00.068 to open in HTTPS ?

Check Tomcat 7.0.69 changelog
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Regards,
Violeta


Re: Request for documentation

2016-05-16 Thread Violeta Georgieva
Hi,

2016-05-14 15:06 GMT+03:00 Lyallex :
>
> I'm trying to find some documentation that details the request lifecycle
> I've looked in the obvious places ... and some not so obvious ones
>
> That is: NOT the servlet lifecycle documentation, this is a different
> thing entirely.
>
> I need some documentation that details exactly what happens when the
> fist bit of a request arrives at the server all the way through to
> when the last bit of the response leaves the server. Does any such
> documentation exit?

Check this one
http://tomcat.apache.org/tomcat-8.0-doc/architecture/requestProcess/request-process.png


Regards,
Violeta

> Presumably the version of Tomcat is important
>
> 7.0.42
>
>
> Thanks in advance
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: antiClickJackingUri syntax in HTTP header security filter definition

2016-05-09 Thread Violeta Georgieva
Hi,

2016-05-05 13:58 GMT+03:00 Ruan van Tonder :
>
> Good day
>
> We are running Apache Tomcat 7.0.64 on Windows Server 2012 R2. Currently
we have an issue where an application page which we are using is being
framed by another and due to the default settings in the HTTP header
security filter is not being allowed to be displayed in Internet Explorer/
>
> I have attempted to add the referring URI into the HTTP header security
config via the antiClickJackingUri parameter in the web.xml file located in
Tomcat\conf\ e.g:
>
> 
> httpHeaderSecurity
>
org.apache.catalina.filters.HttpHeaderSecurityFilter
> true
> 
> antiClickJackingEnabled
> true
> 
> 
> antiClickJackingOption
> ALLOW-FROM
> 
> 
> antiClickJackingUri
> http://savanttools.com/test-frame/*

> 
> 
> blockContentTypeSniffingEnabled
> false
> 
> 
>

This configuration is OK

> I wanted to confirm the syntax to be used for the URI as I am not able to
find any specification in the documentation. Using the above syntax does
not work.

There was an issue in
the org.apache.catalina.filters.HttpHeaderSecurityFilter
I fixed it.

If you can test against Tomcat 7 trunk it will be very helpful.

The fix will be available in Tomcat 7.0.70 onwards.

Regards,
Violeta

> Interestingly when using ALLOW-FROM
http://savanttools.com/test-frame/  in the application
specific web.xml it does seem to work (at least when disabling the HTTP
header security at the top level web.xml.
>
> Does anybody please have any advice or experience in this regard?
>
> Thanks in advance
> Ruan van Tonder
>


Re: Failed to read schema document 'classpath:/schema/shibboleth-2.0-services.xsd'

2016-05-05 Thread Violeta Georgieva
Hi,


2016-05-05 20:51 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com>:
>
> Hi,
>
> On 5/5/16, 1:48 PM, "Hilbert, Colin" <colin.hilb...@teradata.com> wrote:
>
> >Hello,
> >
> >Thank you for checking up on this.  In the meantime, is there a different
> >way you recommend I add these to the class path other than moving the
> >jars?
> >
> >Colin
> >
> >
> >On 4/27/16, 4:06 AM, "Violeta Georgieva" <miles...@gmail.com> wrote:
> >
> >>Hi,
> >>
> >>
> >>2016-04-26 22:49 GMT+03:00 Hilbert, Colin <colin.hilb...@teradata.com>:
> >>>
> >>> Tomcat version 7.0.69
> >>> Also happens on 7.0.68 and 7.0.67
> >>>
> >>> I don¹t get this error on 7.0.65
> >>>
> >>> I have deployed an idp.war on tomcat
> >>> The idp.war has a service.xml file that looks like this at the
> >>>beginning:
> >>>
> >>>
> >>>  >>>   xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
> >>>
> >>xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority"
> >>>   xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
> >>>   xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler"
> >>>   xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
> >>>   xmlns:resource="urn:mace:shibboleth:2.0:resource"
> >>>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> >>>   xsi:schemaLocation="urn:mace:shibboleth:2.0:services
> >>classpath:/schema/shibboleth-2.0-services.xsd
> >>>   urn:mace:shibboleth:2.0:afp
> >>classpath:/schema/shibboleth-2.0-afp.xsd
> >>>
> >>>urn:mace:shibboleth:2.0:attribute:authority
> >>classpath:/schema/shibboleth-2.0-attribute-authority.xsd
> >>>   urn:mace:shibboleth:2.0:resolver
> >>classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
> >>>
> >>>urn:mace:shibboleth:2.0:idp:profile-handler
> >>classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
> >>>   urn:mace:shibboleth:2.0:relying-party
> >>classpath:/schema/shibboleth-2.0-relying-party.xsd
> >>>   urn:mace:shibboleth:2.0:resource
> >>classpath:/schema/shibboleth-2.0-resource.xsd²>
> >>>
> >>> The stack complains that it cannot find the first schemaLocation
listed
> >>but if I go to the deployed idp folder in tomcat idp/WEB-INF/lib/ there
> >>are
> >>jars there, one of which is shibboleth-common-1.2.1.jar
> >>>
> >>> Which has the path /schema/ containing all those listed
schemaLocations
> >>from the service.xml
> >>>
> >>> I can move all the jars from idp/WE-INF/lib/ to tomcat7.0.69/lib/ and
> >>>the
> >>exception goes away but I haven¹t had to do this prior to .67
> >>>
> >>> Can anyone shed some light on this?
> >>
> >>
> >>I think that this is related to the following feature [1].
> >>I'll check that.
> >>
> >>Regards,
> >>Violeta
> >>
> >>[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=56777
> >
> >
> >-
> >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> Sorry for the top post.  I didn’t understand what I was doing.

Please follow the discussion [1] on the dev list.

Regards,
Violeta

[1] http://marc.info/?t=14617548634=1=2

> Colin.
>


Re: Failed to read schema document 'classpath:/schema/shibboleth-2.0-services.xsd'

2016-04-27 Thread Violeta Georgieva
Hi,


2016-04-26 22:49 GMT+03:00 Hilbert, Colin :
>
> Tomcat version 7.0.69
> Also happens on 7.0.68 and 7.0.67
>
> I don’t get this error on 7.0.65
>
> I have deployed an idp.war on tomcat
> The idp.war has a service.xml file that looks like this at the beginning:
>
>
>xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
>
xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority"
>   xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
>   xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler"
>   xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
>   xmlns:resource="urn:mace:shibboleth:2.0:resource"
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>   xsi:schemaLocation="urn:mace:shibboleth:2.0:services
classpath:/schema/shibboleth-2.0-services.xsd
>   urn:mace:shibboleth:2.0:afp
classpath:/schema/shibboleth-2.0-afp.xsd
>   urn:mace:shibboleth:2.0:attribute:authority
classpath:/schema/shibboleth-2.0-attribute-authority.xsd
>   urn:mace:shibboleth:2.0:resolver
classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
>   urn:mace:shibboleth:2.0:idp:profile-handler
classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
>   urn:mace:shibboleth:2.0:relying-party
classpath:/schema/shibboleth-2.0-relying-party.xsd
>   urn:mace:shibboleth:2.0:resource
classpath:/schema/shibboleth-2.0-resource.xsd”>
>
> The stack complains that it cannot find the first schemaLocation listed
but if I go to the deployed idp folder in tomcat idp/WEB-INF/lib/ there are
jars there, one of which is shibboleth-common-1.2.1.jar
>
> Which has the path /schema/ containing all those listed schemaLocations
from the service.xml
>
> I can move all the jars from idp/WE-INF/lib/ to tomcat7.0.69/lib/ and the
exception goes away but I haven’t had to do this prior to .67
>
> Can anyone shed some light on this?


I think that this is related to the following feature [1].
I'll check that.

Regards,
Violeta

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=56777


Re: [ANN] Apache Tomcat 7.0.69 released

2016-04-20 Thread Violeta Georgieva
Hi,

2016-04-20 10:11 GMT+03:00 Utkarsh Dave <utkarshkd...@gmail.com>:
>
> Hi Violeta,
> I receive a compilation error with new tomcat
> java.lang.NoClassDefFoundError: org/apache/tomcat/util/buf/UriUtil
>

This class is located in tomcat-coyote.jar file

Regards,
Violeta

> When i compared 7.0.69\lib\tomcat-util\org\apache\tomcat\util
> I found buf package and all its classes missing.
> Do i have to add something to my class path to resolve this error
>
> On Tue, Apr 19, 2016 at 11:47 AM, Utkarsh Dave <utkarshkd...@gmail.com>
> wrote:
>
> > Thank You
> >
> > On Mon, Apr 18, 2016 at 5:45 PM, Violeta Georgieva <violet...@apache.org
>
> > wrote:
> >
> >> The Apache Tomcat team announces the immediate availability of Apache
> >> Tomcat 7.0.69.
> >>
> >> Apache Tomcat is an open source software implementation of the Java
> >> Servlet, JavaServer Pages, Java Expression Language and Java
> >> WebSocket technologies.
> >>
> >> This release contains a number of bug fixes and improvements compared
to
> >> version 7.0.68. The notable changes since 7.0.68 include:
> >>
> >>
> >> - Correct a false positive warning for ThreadLocal related memory leaks
> >>   when the key class but not the value class has been loaded by the web
> >>   application class loader.
> >>
> >>
> >> Please refer to the change log for the complete list of changes:
> >> http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
> >>
> >> Note: This version has 4 zip binaries: a generic one and
> >>   three bundled with Tomcat native binaries for Windows
operating
> >>   systems running on different CPU architectures.
> >>
> >> Note: Use of the Java WebSocket 1.1 implementation requires Java 7.
> >>
> >> Note: If you use the APR/native AJP or HTTP connector you *must*
upgrade
> >>   to version 1.1.33 or later of the APR/native library.
> >>
> >> Downloads:
> >> http://tomcat.apache.org/download-70.cgi
> >>
> >> Migration guides from Apache Tomcat 5.5.x and 6.0.x:
> >> http://tomcat.apache.org/migration.html
> >>
> >> Enjoy
> >>
> >> The Apache Tomcat team
> >>
> >
> >


[ANN] Apache Tomcat 7.0.69 released

2016-04-18 Thread Violeta Georgieva
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.69.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.68. The notable changes since 7.0.68 include:


- Correct a false positive warning for ThreadLocal related memory leaks
  when the key class but not the value class has been loaded by the web
  application class loader.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Note: This version has 4 zip binaries: a generic one and
  three bundled with Tomcat native binaries for Windows operating
  systems running on different CPU architectures.

Note: Use of the Java WebSocket 1.1 implementation requires Java 7.

Note: If you use the APR/native AJP or HTTP connector you *must* upgrade
  to version 1.1.33 or later of the APR/native library.

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team


Re: Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error

2016-04-08 Thread Violeta Georgieva
Hi,

2016-04-08 14:28 GMT+03:00 Lyallex :
>
> Apache Tomcat 7.0.42 running under jsvc against jdk1.7.0.45
> on 64 bit Ubuntu Linux 12.10 built and deployed with Ant in Eclipse
> JUNO set to 1.7 compliance
>
> Please don't moan at me for using JSP scriptlets, I'm just doing some
> throwaway prototyping so save the bandwidth. Thank You
>
> I have been switching on Strings in 1.7 projects for a while now, I
> use it in application classes running on the above with no problems at
> all.
>
> This morning I tried switching on Strings in jsp and got the following
> compiler error
>
> org.apache.jasper.JasperException Unable to compile class for JSP
> etc etc
> Cannot switch on a value of type String for source level below 1.7 ...
>
> Hmm, interesting
>
> Configured Jasper to compile against 1.7 and it all worked fine
>
> It seems a little strange that running Tomcat against 1.7 wouldn't
> automatically configure Jasper to compile against 1.7 ... doesn't it ?
>
> Or does it?
>
> I'm sure there is a good reason, I just can't think of it :-(
>

This behavior is correct. Check this
http://tomcat.apache.org/tomcat-7.0-doc/jasper-howto.html

compilerSourceVM - What JDK version are the source files compatible with?
(Default value: 1.6)
compilerTargetVM - What JDK version are the generated files compatible
with? (Default value: 1.6)

Regards,
Violeta

> Lyallex
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


Re: When is 7.0.69 expected !

2016-04-07 Thread Violeta Georgieva
Hi,

2016-04-07 8:54 GMT+03:00 Utkarsh Dave :
>
> Hi Tomcat team,
>
> I am looking for below fix
>
> http://svn.apache.org/viewvc?view=revision=1734262
>
> The fix will be available in 7.0.69.
>
>
> Is there a date for the new release yet...

You can follow this discussion.
http://marc.info/?t=14599302701=1=2

Regards,
Violeta

> -Thanks
> Utkarsh


Re: Exception Both the UrlPattern and value attribute were set for the WebServlet annotation on class ...

2016-04-05 Thread Violeta Georgieva
2016-04-05 9:10 GMT+03:00 basilk <bas...@obninsk.com>:
>
> Hi.
>
> Thanks for the answer.  But i didn't quite catch, what i should do?
> Eclipse refused to start Tomcat. I don't have any annotations i my
application.
>

Check the settings for the project. In Eclipse the web app is executed
directly from the project so it may appear that you linked some additional
sources.

Regards,
Violeta

> Basil.
>
>
> From: Violeta Georgieva
> Sent: Monday, April 04, 2016 10:30 AM
> To: Tomcat Users List
> Subject: Re: Exception Both the UrlPattern and value attribute were set
for the WebServlet annotation on class ...
>
>
> Hi,
>
> 2016-04-04 9:53 GMT+03:00 basilk <bas...@obninsk.com>:
>>
>>
>> Hi.
>>
>> I try to start tomcat 8.0.33 in debug mode under Eclipse Mars.2.
>> I get the following errors:
>>
>> SEVERE: A child container failed during start
>> java.util.concurrent.ExecutionException:
>
> org.apache.catalina.LifecycleException: Failed to start component
>
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/isogdquery]]
>>
>> at java.util.concurrent.FutureTask.report(FutureTask.java:122)
>> at java.util.concurrent.FutureTask.get(FutureTask.java:192)
>> at
>
>
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
>>
>> at
>
> org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:871)
>>
>> at
>
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>>
>> at
>
>
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
>>
>> at
>
>
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
>>
>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>> at
>
>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>
>> at
>
>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: org.apache.catalina.LifecycleException: Failed to start
>
> component
>
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/isogdquery]]
>>
>> at
>
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:153)
>>
>> ... 6 more
>> Caused by: java.lang.IllegalArgumentException: Both the UrlPattern and
>
> value attribute were set for the WebServlet annotation on class
> [test.org.apache.catalina.startup.DuplicateMappingParamFilter]
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationWebFilter(ContextConfig.java:2426)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2057)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1940)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1147)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:779)
>>
>> at
>
>
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:306)
>>
>> at
>
>
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
>>
>> at
>
>
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
>>
>> at
>
>
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5150)
>>
>> at
>
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>>
>> ... 6 more
>
>
> This exception means that the filter with
> class test.org.apache.catalina.startup.DuplicateMappingParamFilter has
> wrong annotation i.e. the @WebFilter annotation is used with both "value"
> and "urlPatterns&quo

Re: Tomcat does not log exceptions thrown by the valve chain

2016-04-04 Thread Violeta Georgieva
Hi,

2016-04-01 16:28 GMT+03:00 Svetlin Zarev :
>
> Hello,
>
>
>
> I have a custom authenticator valve which failed with an exception  that
> never got logged by tomcat.
>
> After a little bit of digging in tomcat’s source it turned out that there
> is no valve responsible for logging
>
> exceptions thrown by valves later in the chain. The closest error handling
> mechanism to what I’m looking
>
> for, is StandardHostValve’s try-catch around the valve chain, which
> unfortunately logs the exceptions
>
> only if someone has called setError() on the  response.  To be more clear
–
> StandardHostValve either
>
> sets the RequestDispatcher.ERROR_EXCEPTION or logs the exception.
>
>
>
> That logic was introduced with the fix for
> https://bz.apache.org/bugzilla/show_bug.cgi?id=54123 with
>
> (git) commit id: *cf4fae533cb303c97031b68ec652d6624207df21 *
>
> And was later modified a bit with the fix for
> https://bz.apache.org/bugzilla/show_bug.cgi?id=57252 with
>
> (git) commit id: *9807122abe9b95e1766d992314e661d9f9ed3634 *
>
>
>
> What do you think about always logging the caught throwable  (the rest of
> the logic remains unchanged) ?
>

Thanks for the report and the patch.
The fix will be available from 9.0.0.M5, 8.5.1, 8.0.34 and 7.0.69 onwards.

Regards,
Violeta

>
>
> diff --git a/java/org/apache/catalina/core/StandardHostValve.java
> b/java/org/apache/catalina/core/StandardHostValve.java
>
> index 48683f5..17f2dc5 100644
>
> --- a/java/org/apache/catalina/core/StandardHostValve.java
>
> +++ b/java/org/apache/catalina/core/StandardHostValve.java
>
> @@ -176,13 +176,12 @@ final class StandardHostValve extends ValveBase {
>
>  }
>
>  } catch (Throwable t) {
>
>  ExceptionUtils.handleThrowable(t);
>
> +container.getLogger().error("Exception Processing " +
>
> +request.getRequestURI(), t);
>
> +
>
>  // If a new error occurred while trying to report a
> previous
>
> -// error simply log the new error and allow the original
> error
>
> -// to be reported.
>
> -if (response.isErrorReportRequired()) {
>
> -container.getLogger().error("Exception Processing " +
>
> -request.getRequestURI(), t);
>
> -} else {
>
> +// error allow the original error to be reported.
>
> +if (!response.isErrorReportRequired()) {
>
>
 request.setAttribute(RequestDispatcher.ERROR_EXCEPTION,
> t);
>
>  throwable(request, response, t);
>
>  }
>
>
>
> Best regards,
>
> Svetlin


Re: Exception Both the UrlPattern and value attribute were set for the WebServlet annotation on class ...

2016-04-04 Thread Violeta Georgieva
Hi,

2016-04-04 9:53 GMT+03:00 basilk :
>
> Hi.
>
> I try to start tomcat 8.0.33 in debug mode under Eclipse Mars.2.
> I get the following errors:
>
> SEVERE: A child container failed during start
> java.util.concurrent.ExecutionException:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/isogdquery]]
> at java.util.concurrent.FutureTask.report(FutureTask.java:122)
> at java.util.concurrent.FutureTask.get(FutureTask.java:192)
> at
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
> at
org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:871)
> at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
> at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.catalina.LifecycleException: Failed to start
component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/isogdquery]]
> at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:153)
> ... 6 more
> Caused by: java.lang.IllegalArgumentException: Both the UrlPattern and
value attribute were set for the WebServlet annotation on class
[test.org.apache.catalina.startup.DuplicateMappingParamFilter]
> at
org.apache.catalina.startup.ContextConfig.processAnnotationWebFilter(ContextConfig.java:2426)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2057)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1940)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
> at
org.apache.catalina.startup.ContextConfig.processAnnotationsWebResource(ContextConfig.java:1934)
> at
org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1147)
> at
org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:779)
> at
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:306)
> at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
> at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
> at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5150)
> at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> ... 6 more

This exception means that the filter with
class test.org.apache.catalina.startup.DuplicateMappingParamFilter has
wrong annotation i.e. the @WebFilter annotation is used with both "value"
and "urlPatterns" which is wrong.
If this filter is the one from Tomcat tests sources it is stated clearly in
the javadoc that this class is used for testing wrong annotations.

About the message itself, it needs some rewording because the problem is
not with @WebServlet but with @WebFilter.
I'll fix that.

Regards,
Violeta


> When i start tomcat as service in Windows everything is ok.
>
> What seems to be a problem?
>
> Thank you.
>
> Basil.
>
>
>
> ---
> Это сообщение проверено на вирусы антивирусом Avast.
> https://www.avast.com/antivirus


  1   2   3   >