Hi All,
We are using Tomcat version 8.5.31 we have observed below vulnerability
Title: Remote Web Server Apache Tomcat Contains Default Files
Issue: The default error page, default index page, example JSPs, /example
servlets are installed on the remote Apache Tomcat server. These files should
On 22/05/2020 10:06, Reddy, Tippana Krishnanandan wrote:
> Hi All,
>
> We are using Tomcat version 8.5.31 we have observed below vulnerability
>
> Title: Remote Web Server Apache Tomcat Contains Default Files
>
> Issue: The default error page, default index page, example JSPs, /example
> servle
On 22/05/2020 04:46, Prateek Kohli wrote:
> Thanks Mark.
>
> Do we need to raise a bug for this?
Generally, if the committers know about a bug it will get fixed. Having
a Bugzilla issue is not a requirement for a bug to get fixed. This is on
my TODO list for today unless someone beats me to it.
Hi,
I am trying to move to HTTP2 based APR connector from my HTTP1 based
connector because of some customer requirements.
I am trying to form some sort of throughput benchmark for HTTP2 in
comparison to HTTP1. I have a simple Jersey service that accepts a JSON
request and sends 200 with some head
On 22/05/2020 11:23, Chirag Dewan wrote:
> Hi,
>
> I am trying to move to HTTP2 based APR connector from my HTTP1 based
> connector because of some customer requirements.
>
> I am trying to form some sort of throughput benchmark for HTTP2 in
> comparison to HTTP1. I haveĀ a simple Jersey service t
On 22/05/2020 07:39, Arshiya Shariff wrote:
> Hi Mark ,
>
> 1.Currently we have configured max http2 threads as 40 , but tomcat is
> allowing more than 300 connections , is there a way to check how many http2
> connections tomcat will allow ?
>
> 2. Is maxThreads the maxConnections Or is there
On 21/05/2020 23:30, Osipov, Michael wrote:
> Output will be sent privately.
Got it. Tx.
Looking at the direct case.
It looks like you have debug logging enabled for everything. You only
need it for the org.apache.coyote.http2 package.
grep "http2" catalina.2020-05-21.log | less
gives a nic
Thanks for the quick response Mark.
I agree 1024 concurrent streams are a bit far fetched and may cause an
overhead. But at the same time, I have tried the same test with the Jetty
Multiplexed connection pool with 100 concurrent streams(that is actually
updated from the initial Settings frame).
An
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/20/20 10:55, Jonathan Yom-Tov wrote:
> I implemented my own Store which uses Redis to persist sessions
> (I'm using Jedis as the interface library). I copied most of the
> load()/save() code from FileStore. When my Store loads the ses
On 22/05/2020 16:01, Chirag Dewan wrote:
> Thanks for the quick response Mark.
> I agree 1024 concurrent streams are a bit far fetched and may cause an
> overhead. But at the same time, I have tried the same test with the Jetty
> Multiplexed connection pool with 100 concurrent streams(that is actua
Am 2020-05-22 um 13:26 schrieb Mark Thomas:
On 21/05/2020 23:30, Osipov, Michael wrote:
Output will be sent privately.
Got it. Tx.
Looking at the direct case.
It looks like you have debug logging enabled for everything. You only
need it for the org.apache.coyote.http2 package.
grep "htt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Praveen,
On 5/20/20 12:27, Praveen Kumar K S wrote:
> Hello,
>
> I'm not sure if this is the right forum to ask this question. Since
> this is a bigger community, I hope someone might have faced this
> issue and hope I will get some help.
>
> I'm se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I've been writing a utility to scan a bunch of arbitrary files for
certificates that are nearing expiration. It's written in Java and it
currently works with PEM-encoded DER files (aka OpenSSL files) and
PKCS12 keystores. I'm sure it would also
Please see here:
https://github.com/Bill-Stewart/ApacheTomcatSetup
The Setup executable is available on the Releases tab.
Bill
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 5/22/20 17:01, Christopher Schultz wrote:
> All,
>
> I've been writing a utility to scan a bunch of arbitrary files for
> certificates that are nearing expiration. It's written in Java and
> it currently works with PEM-encoded DER files (aka
Am 2020-05-22 um 18:51 schrieb [ext] Osipov, Michael:
Am 2020-05-22 um 13:26 schrieb Mark Thomas:
On 21/05/2020 23:30, Osipov, Michael wrote:
Output will be sent privately.
Got it. Tx.
Looking at the direct case.
It looks like you have debug logging enabled for everything. You only
n
16 matches
Mail list logo
