Re: Question about your recent security (CVE-2015-5345) fix in 7.0.68 build

2016-03-15 Thread Harish Krishnan
Hello There, I am kind of blocked here in my project while applying your CVE fix in our product & verify the fix. Any guidelines on what i am doing (mentioned in my previous email) wrong is highly appreciated. All i am trying to do is, disable the redirect for the root (Ex: /manager & /examples

Apache Tomcat Native 1.2.5 on CentOS 7?

2016-03-15 Thread Bjørn T Johansen
Just tried to configure and compile the native libs under CentOS 7 and I get this while configuring: Found OPENSSL_VERSION_NUMBER 0x1000105f (OpenSSL 1.0.1e 11 Feb 2013) Require OPENSSL_VERSION_NUMBER 0x1000200f or greater (1.0.2) It this something I should worry about or can I just ignore

Re: Starting and stopping contexts programmatically

2016-03-15 Thread Mark Thomas
On 15/03/2016 00:25, James H. H. Lampert wrote: > The only ways I know of to start and stop individual webapp contexts is > to (1) start and stop them from the manager, or (2) start and stop > Tomcat itself. > > Is there a way, from the back end, to start and stop individual contexts? You could

Re: Starting and stopping contexts programmatically

2016-03-15 Thread Theo Sweeny
Hi James, From: Mark Thomas Sent: 15 March 2016 09:21 To: Tomcat Users List Subject: Re: Starting and stopping contexts programmatically On 15/03/2016 00:25, James H. H. Lampert wrote: > The only ways I know of to start and stop

Re: Apache Tomcat Native 1.2.5 on CentOS 7?

2016-03-15 Thread Bjørn T Johansen
On Tue, 15 Mar 2016 09:20:24 + Mark Thomas wrote: > On 15/03/2016 08:04, Bjørn T Johansen wrote: > > Just tried to configure and compile the native libs under CentOS 7 and I > > get this while configuring: > > > > Found OPENSSL_VERSION_NUMBER 0x1000105f (OpenSSL 1.0.1e

Re: How can I fix deserialization vulnerability?

2016-03-15 Thread Mark Thomas
On 14/03/2016 21:01, Christopher Schultz wrote: > On 3/11/16 4:10 AM, Mark Thomas wrote: >> On 11/03/2016 01:43, Christopher Schultz wrote: >>> If you don't have any applications that have known problematic >>> classes in them (such as the famous commons-collections bug), >>> then you aren't

Re: Apache Tomcat Native 1.2.5 on CentOS 7?

2016-03-15 Thread Mark Thomas
On 15/03/2016 08:04, Bjørn T Johansen wrote: > Just tried to configure and compile the native libs under CentOS 7 and I get > this while configuring: > > Found OPENSSL_VERSION_NUMBER 0x1000105f (OpenSSL 1.0.1e 11 Feb 2013) > Require OPENSSL_VERSION_NUMBER 0x1000200f or greater (1.0.2) > > It

Re: Apache Tomcat Native 1.2.5 on CentOS 7?

2016-03-15 Thread Mark Thomas
On 15/03/2016 09:47, Bjørn T Johansen wrote: > On Tue, 15 Mar 2016 09:20:24 + > Mark Thomas wrote: > >> On 15/03/2016 08:04, Bjørn T Johansen wrote: >>> Just tried to configure and compile the native libs under CentOS 7 and I >>> get this while configuring: >>> >>> Found

Re: Apache Tomcat Native 1.2.5 on CentOS 7?

2016-03-15 Thread Bjørn T Johansen
On Tue, 15 Mar 2016 10:35:38 + Mark Thomas wrote: > On 15/03/2016 09:47, Bjørn T Johansen wrote: > > On Tue, 15 Mar 2016 09:20:24 + > > Mark Thomas wrote: > > > >> On 15/03/2016 08:04, Bjørn T Johansen wrote: > >>> Just tried to configure and

Re: How can I fix deserialization vulnerability?

2016-03-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 3/15/16 5:19 AM, Mark Thomas wrote: > This comes down to the threat scenarios in which Tomcat is intended > to be secure. A vulnerability is, essentially, when an attacker is > able to bypass that security in some way. > > Tomcat is not

RE: Intermittent ClassNotFoundException in Jasper EL evaluation

2016-03-15 Thread jimi.hullegard
On Friday, March 11, 2016 10:03 PM, ma...@apache.org wrote: > > Monday works. I might try experimenting with some ideas between now and then > anyway. Hi again, A bit shorter reply this time, because of time shortage. I preferred to focus the little time I managed to "break free" on testing

RE: [COMMERCIAL] Re: [COMMERCIAL] Re: Need Help: - jk doesn't work after upgrade to1.2.40 from 1.2.23

2016-03-15 Thread ZHAO Eric
Andre, Martin, Thanks for your reply: Answer to your previous question: 1). since the loadbalance haven't been triggered, so I think we can ignore it now. 2). You are right "missing uri map" is a debug information, but in the above code I pasted, it will return DECLINED, which is actually an

Re: Tomcat 6.x 32bit-- becomes non responsive state / crash/hang

2016-03-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mahudeswaran, On 3/14/16 2:21 PM, Mahudeswaran A wrote: > We are working in different time zone. & We will try the thread > dump meantime...Would you like to share any check points in thread > dump or share some troubleshooting steps/tools to

Re: How to comply with http://www.sitemaps.org/protocol.html#location

2016-03-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terence, On 3/14/16 6:34 AM, Terence M. Bandoian wrote: > On 3/13/2016 10:23 AM, Lyallex wrote: >> CentOS 5.2 jdk1.7.0_45 apache-tomcat-7.0.42 no httpd, tomcat >> only, one webapp ROOT.war >> >> According to the documentation at >> >>