Kaushal,
On 8/7/23 22:23, Kaushal Shriyan wrote:
Hi,
I have gone through https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
10.0.27?
Please guide me.
Thanks in Advance.
I see you have "gone through" the SSL How
Chuck,
On 8/9/23 13:58, SCHWING, CHUCK wrote:
I've looked for the answer to this online and maybe I didn't read closely
enough.
I'm running tomcat 10.1 with JDK17.0.6 and have defined a jvm startup option of
"-Djdk.tls.client.protocols=TLSv1.2" in my copy of catalina.sh and the same TLS
versi
Joel,
On 8/11/23 11:16, Joel Werginz wrote:
Version: 8.5.64
maxHttpHeaderSize=³6553600²
Are you able to try with 8.5.91? Your version is more than 2 years old
and many fixes have been made to h2 stream handling in that time.
-chris
10-Aug-2023 16:36:21.530 FINE [https-openssl-apr-443-ex
ses?
That *would* be handy if ::1 would bind to "all local [IPv4 and IPv6, as
appropriate] addresses" just like APR does. Can you please file a BZ
ticket for that? I'm surprised it doesn't already work like that,
honestly, because it seems completely obvious to me that's h
Andy,
On 8/13/23 04:24, Andy Pont wrote:
I wrote...
Progress of sorts! The request is now returning 302 instead of 404!
Looking in the log files for the backend, it has a message that says
“Robot requests must be rejected” and the 302 response is due to a
redirect to a permission denied pa
Andy,
On 8/15/23 03:32, Andy Pont wrote:
Chris wrote…
The .forward() should keep all request headers (and many other things)
in-tact. You might want to log some things in plugins/whatever to see
what is being done.
You should be using the *same objects* your servlet got for the
request and
Ivano,
On 8/18/23 10:18, Ivano Luberti wrote:
Hello eveybody, in one of my use case, when upgrading a web application
it coult happen that on startup the application has to perform some
database operation that could require some time, even some minutes.
This happens typically when deploying t
end.
I'm just guessing at what timeout you are talking about, here. I may be
totally off.
You said that Eclipse had a configurable timeout. What is that for /
what is it called / what does it do?
-chris
Il 18/08/2023 22:57, Christopher Schultz ha scritto:
Ivano,
On 8/18/23 10:18
Daniel,
On 8/23/23 13:03, Daniel Savard wrote:
I didn't specify the actual Tomcat version because the problem occurs under
all versions. We are running a commercial web application and all of sudden
after a while Tomcat is crashing without issuing any message. It is very
likely due to the applic
Tim,
On 8/25/23 10:48, Scott,Tim wrote:
Hi John,
Why does your app need 20 connections just to start up? That's a
bit of a rhetorical question, but needing so many connections to
start up seems odd to me.
It doesn't. It only needs 1-2 at a time, but it makes 100s of queries
in loops, each ti
Ivano,
On 8/25/23 10:50, Ivano Luberti wrote:
Hi, I understand that this question can be OT but I don't know where to
search for.
Looking into tomcat manager sessions I see this cookie set in each session
javax.servlet.jsp.jstl.fmt.request.charset ISO-8859-1
The value ISO-8859-1 i s
Daniel,
On 8/28/23 14:37, Daniel Savard wrote:
Le jeu. 24 août 2023 à 13:06, Christopher Schultz <
ch...@christopherschultz.net> a écrit :
Daniel,
On 8/23/23 13:03, Daniel Savard wrote:
I didn't specify the actual Tomcat version because the problem occurs
under
all versi
Tim,
On 8/29/23 10:33, Scott,Tim wrote:
Hi all,
Thanks for your responses. I think I've found the problem.
My wrapping class which detects the invocation of the close() method to
decrement its count is no longer decrementing its count because
method.getDeclaringClass() has changed from java.
Tim,
On 8/31/23 04:03, Scott,Tim wrote:
Hi Chris,
Hi all,
Thanks for your responses. I think I've found the problem.
My wrapping class which detects the invocation of the close() method to
decrement its count is no longer decrementing its count because
method.getDeclaringClass() has change
patch to
discuss...
Keep in mind that any committer can veto a change.
My sense is that it should be possible to implement this feature while
addressing any concerns that may be raised but it is not guaranteed.
Mark
Thanks,
Amit
-Original Message-
From: Christopher Schultz
Sent: Thursday
All,
I have some questions about Virtual Threads and their use within Tomcat.
Note that only Tomcat 11 currently has support for Virtual Threads when
running on a version 19 or later JVM.
My (admittedly limited) understanding is that the use of Virtual
Threads, specifically within Tomcat, wi
Mark, Robert, et al,
On 9/5/23 11:26, Mark Thomas wrote:
I spoke to some CIS representatives at a recent conference given that I
have concerns about the quality of some of the recommendations.
It appears that these benchmarks are effectively crowdsourced. My
primary concern is that there is n
Mark,
On 9/5/23 15:55, Mark Thomas wrote:
On 05/09/2023 20:38, Christopher Schultz wrote:
All,
I have some questions about Virtual Threads and their use within
Tomcat. Note that only Tomcat 11 currently has support for Virtual
Threads when running on a version 19 or later JVM.
Not quite
William,
On 8/24/23 09:50, William Crowell wrote:
I did some performance testing with virtual threads on Apache Tomcat
11.0.0-M10 and JDK 21 (21+35-2513). I have a simple REST service
using Spring 6.0.11 that does an insert into MySQL 8.0.32.
I have 3 separate boxes all running Rocky Linux 9.2
William,
On 9/5/23 17:41, William Crowell wrote:
Great post earlier today! This is a super interesting topic to me.
You can find the performance testing results located here:
http://ec2-18-188-185-212.us-east-2.compute.amazonaws.com:8080/web-report/
I did 10 runs with 1000 threads with a ram
Mark,
On 9/6/23 03:29, Mark Thomas wrote:
On 05/09/2023 22:02, Christopher Schultz wrote:
Mark,
On 9/5/23 15:55, Mark Thomas wrote:
On 05/09/2023 20:38, Christopher Schultz wrote:
All,
I have some questions about Virtual Threads and their use within
Tomcat. Note that only Tomcat 11
Mark,
On 9/6/23 16:29, Mark Thomas wrote:
On 06/09/2023 21:24, Christopher Schultz wrote:
On 9/6/23 03:29, Mark Thomas wrote:
On 05/09/2023 22:02, Christopher Schultz wrote:
Thanks for the correction. I just did a quick docs[1] search for
"virtual" in Tomcat 10.x for example an
William,
On 9/7/23 08:04, William Crowell wrote:
When I set -Djdk.tracePinnedThreads=short, then I see this:
…
Thread[#41,ForkJoinPool-1-worker-4,5,CarrierThreads]
com.mysql.cj.jdbc.ConnectionImpl.isValid(ConnectionImpl.java:2516) <==
monitors:1
Thread[#39,ForkJoinPool-1-worker-2,5,Carrie
Ivano,
On 9/8/23 11:17, Ivano Luberti wrote:
Hi, looking at Server Status and Complete Server Status Page
I can see the following line:
Max threads: 200 Current thread count: 11 Current threads busy: 1 Keep
alive sockets count: 1
But looking at the thread list under the line I can count 24
Jon,
On 9/8/23 14:21, Mcalexander, Jon J. wrote:
In seeing the latest messages about the manager application, something that I and my team
would LOVE to have is just a Status app that provides all the items status wise that the
Manager app does, without any of the "Application Management" like
g to be available that reports
healthiness of your own service and application, you should probably
build-to-suit.
-chris
-----Original Message-
From: Christopher Schultz
Sent: Friday, September 8, 2023 3:46 PM
To: users@tomcat.apache.org
Subject: Re: Enhancement request?
Jon,
On 9/8/23 14:21,
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
On 09/09/2023 11:52, Aryeh Friedman wrote:
Every other jsp in my webapp (and other webapps on the same tomcat
instance [9.0.75]) works and I am using a the default container but as
curl/catalina.o
Aryeh,
On 9/11/23 10:05, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
wrote:
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
On 09/09/2023 11:52, Aryeh Friedman wrote:
Every other jsp in my webapp (and other
Aryeh,
On 9/12/23 12:42, Aryeh Friedman wrote:
On Tue, Sep 12, 2023 at 11:42 AM Christopher Schultz
wrote:
Aryeh,
On 9/11/23 10:05, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
wrote:
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1
Aryeh,
On 9/12/23 17:50, Aryeh Friedman wrote:
On Tue, Sep 12, 2023 at 1:51 PM Christopher Schultz
wrote:
Aryeh,
On 9/12/23 12:42, Aryeh Friedman wrote:
On Tue, Sep 12, 2023 at 11:42 AM Christopher Schultz
wrote:
Aryeh,
On 9/11/23 10:05, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9
Shawn and Mark,
On 9/13/23 09:30, Mark Thomas wrote:
On 13/09/2023 14:00, Shawn Heisey wrote:
On 9/12/23 01:06, Thomas Hoffmann (Speed4Trade GmbH) wrote:
I moved away from using the proprietary java keystore format.
I switched to using Base64 PEM format. This is usually also the
format you ge
Brian,
On 9/13/23 23:25, Brian Wolfe wrote:
The PKCS12 is the industry standard keystore format. Your mac should be
creating it in that version. You should get familiar using the pkcs12. Its
not difficult to set it up. keytool and openssl support pkcs12 and have for
some time now. Its possible y
Thomas,
Please start a new thread next time.
On 9/14/23 02:20, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it complain
Thomas,
On 9/14/23 10:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello Chris,
-Ursprüngliche Nachricht-
Von: Christopher Schultz
Gesendet: Donnerstag, 14. September 2023 15:26
An: users@tomcat.apache.org
Betreff: Re: HSTS on 401 / error pages
Thomas,
Please start a new thread
Martin,
On 9/15/23 14:48, Martin Moore wrote:
I have a situation where I want to call an Tomcat deployed Spring
application remotely without adding the port number (8080), I had tried to
use 80 in Connector but wasn't able to connect to it when outside the LAN.
What's the motivation, here? It
All,
Please join us in Halifax in 2½ weeks for Community Over Code, the ASF
Conference.
The Tomcat and httpd tracks are combined for this conference, being held
on the second of the four-day conference featuring a wide variety of
presentations and panel-led discussions about wide-ranging top
Bill,
On 9/22/23 13:25, Bill wrote:
Hello All,
I may have started my SSL Cert install & config at step 2 instead of
step 1... :-(
Most mistakes are recoverable :)
Basically I have created my key store, my p12 file and have my cert all in
a sub directory of the conf directory.
All of
James,
On 9/25/23 12:17, James H. H. Lampert wrote:
I probably asked the question before, but does Tomcat have any problems
with not having a ROOT context?
I always run with a ROOT context just to be able to do things like
provide custom responses with clients request
/no-such-app/applicatio
Jon,
On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat.
In the section, if the SSL Certificate is in a
Windows PFS Keystore, is it appropriate to add
certificateKeystoreType="PFX"
or
certificateKeystore="path to pfx file" type="
Mark,
On 9/26/23 12:54, Mark Thomas wrote:
On 26/09/2023 16:50, Christopher Schultz wrote:
Jon,
On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat.
In the section, if the SSL Certificate is in a
Windows PFS Keystore, is it
ptember 26, 2023 11:54 AM
To: users@tomcat.apache.org
Subject: Re: SSLHostConfig question
On 26/09/2023 16:50, Christopher Schultz wrote:
Jon,
On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat.
In the section, if the SSL Certificate
Chris,
On 9/27/23 10:30, Christopher Bland wrote:
Hi All,
I just deployed Tomcat v10.1.13 on a new machine. When I start Tomcat it says
it has started but I don’t see the daemon running and I don’t have any logs. I
tried running Catalina.sh directly.
# ./catalina.sh start
Using CATALINA_B
CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat Connectors mod_jk Connector 1.2.0 to 1.2.48
Description:
In some circumstances, such as when a configuration included
"JkOptions
CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat Connectors mod_jk Connector 1.2.0 to 1.2.48
Description:
In some circumstances, such as when a configuration included
"JkOptions
Alcides,
On 9/28/23 14:55, Alcides Moraes wrote:
Hello everyone,
I’m new to the list even though I’ve been a Java web developer for many years,
I’ve never had the need to post here, but this time I think I may have stumbled
upon a bug, and nothing turns up online on this issue.
We’re migrati
Thomás,
On 9/29/23 03:03, Tomás García wrote:
I've noticed these stack traces happening in the same row with Tomcat
10.1.12, Java 17 and Spring Boot 3.1.3. I don't have a way to
reproduce them unfortunately. I thought that it could be related to
https://bz.apache.org/bugzilla/show_bug.cgi?id=672
g4j2 as per this documentation:
https://logging.apache.org/log4j/2.x/log4j-appserver.html
With this and the log4j-jul bridge, all logs are now formatted correctly.
Em 29 de set. de 2023, à(s) 08:56, Christopher Schultz
escreveu:
Alcides,
On 9/28/23 14:55, Alcides Moraes wrote:
Hello ever
Jon,
On 10/2/23 13:16, Mcalexander, Jon J. wrote:
A little more info on this. The server rebooted last night and the
auto-startup started the instance correctly, but the Catalina.out
file was not created. It only appears to work properly if you log
onto the server and su to the owner user, then
All,
Does anyone have any experience re-locating a Subversion repo? We are
looking at breaking-up some currently co-hosted services, and we'd like
to *move* our existing Subversion repo to a new hostname. No other
changes, but that means anywhere we have code checked-out will have to
be dealt
Elavarasan,
On 10/6/23 06:32, Elavarasan Pugazhendi wrote:
Hi,
I have a pfx certificate and am trying to import it into a keystore before
configuring it within the tomcat but not able to add the pfx certificate. I
followed the below steps but wasn't able to add the certificate
Tomcat: 9.0.62
O
Ivano,
On 10/9/23 16:05, Ivano Luberti wrote:
I solved my own issue:
In my web.xml
I had two times the same mapping for a servlet
reportservlet
/repinvenduti/reportservlet
But there was no error message in tomcat logs with this regard.
Maybe tomcat logging is not tuned correctl
Mark,
On 10/10/23 06:38, Mark Thomas wrote:
Running multiple instances of Tomcat from the same CATALINA_BASE is
totally unsupported. This isn't one of those "We don't technically
support that but you should be OK situations". This is one of the rare
"You do that and it *will* break and you wil
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.14.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificati
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.94.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.94 is a bugfix and fea
both servers will be affected and that may not be what you want.
Automation is very flexible and disk space is cheap. Do yourself a favor
and just separate things so you don't have unforeseen problems.
-chris
-Original Message-----
From: Christopher Schultz
Sent: Tuesday, October
All,
On 10/11/23 08:06, i...@flyingfischer.ch wrote:
Am 11.10.23 um 14:02 schrieb Alexander Veit:
Caused by: org.apache.http.ConnectionClosedException: Premature end
of Content-Length delimited message body (expected: 4,999; received:
3,040)
at
org.apache.http.impl.io.ContentLengthIn
Brian,
On 10/12/23 16:55, Brian Braun wrote:
Hello,
First of all, I apologize if maybe my issue is not exclusively related to
Tomcat, but I think it is.
I started my website many years ago, using Struts 1.2.4 and since then I
have been using it. Some years after that I had the intention to mig
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.95.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.95 is a bugfix and fea
Anurag,
On 10/15/23 04:48, Anurag Kumar wrote:
Hi, we are experiencing intermittent 404 errors with both GET and POST
calls. These errors are quite rare and have proven difficult to
reproduce in our testing environment. However, on our production system,
we encounter 3-4 cases daily out of 2
Darryl,
On 10/17/23 10:30, Darryl Baker wrote:
We are running 9.0.78 on RHEL 7. During our monthly patch and reboot cycle one
the Tomcat running on one system failed to restart. The error said that there
was a running version of Tomcat with a low PID number. Just rerunning the start
“systemct
Mark and Aditya,
On 10/18/23 04:21, Mark Thomas wrote:
On 17/10/2023 22:47, Aditya Shastri wrote:
Hello,
We have several tomcat instances that use a single CATALINA_HOME which
is a symlink for a specific version. The Tomcat instance we use is
very barebones and doesn't have any of the apps tha
y and happen with very simple GET
requests. There was one instance where I was able to reproduce the issue
in production with a straightforward GET request after making 45,000
calls, but it was never reproduced afterwards through my automation.
:/
Request capture on ALB:-
image.png
Jon,
On 10/18/23 15:39, Mcalexander, Jon J. wrote:
Thanks Mark. I'm sorry if I stated it incorrectly. I meant the issue
with JDBC being broken, etc. the stuff that prompted the immediate
new releases.
I think the word you were looking for was "regression", not "recursion" ;)
-chris
-Orig
Jon,
On 10/19/23 11:33, Mcalexander, Jon J. wrote:
Ding Ding Ding. Chris wins! Yes, that was the word.
https://www.youtube.com/watch?v=NtfVgzXTp7Q
-chris
-Original Message-
From: Christopher Schultz
Sent: Wednesday, October 18, 2023 9:42 PM
To: users@tomcat.apache.org
Subject: Re
Alan,
On 10/19/23 12:44, Alan F wrote:
I am looking at security steps to mitigate issues with a 1.x Struts based app.
Is this from a "Struts 1 is vulnerable" perspective? Because -- on paper
-- it is. Vulnerable that is. But that doesn't necessarily mean that
your application is vulnerable.
and hard-ish-links in
NTFS plus some other hand-wavy things in DOS/Windows land. I don't
pretend to understand them all, but I've been surprised to discover that
various weird combinations of special symbols can be used along with
environment variables to get paths in certain forms
Greg,
On 10/20/23 11:52, Greg Huber wrote:
Remember seeing this, a maintained version of Struts 1. Might be work a
look.
https://github.com/weblegacy/struts1
This is interesting. I knew about this one:
https://github.com/kawasima/struts1-forever
But the weblegacy folks look *serious* about
Chuck,
On 10/22/23 13:55, Chuck Caldarale wrote:
On Oct 22, 2023, at 10:02, Усманов Азат Анварович wrote:
Hi everyone! I'm trying to use CredentialHandler with tomcat to increase
security since our db at $work still has pwd stored as md5 hashes. Some of our
servers still use tomcat 7.092/ I
Channa,
On 10/27/23 00:07, Channa Puchakayala wrote:
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers.
==
yanyizhong and Mark,
On 10/27/23 04:44, Mark Thomas wrote:
On 26/10/2023 11:05, yanyizhong wrote:
Hi Tomcat team,
Version: Tomcat 10.1.15
I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and
found that there is no setKeystorePass(String) method in tomcat 10.1.15.
As we wa
Азат,
On 10/29/23 20:45, Усманов Азат Анварович wrote:
Hi everyone!I'm trying to test CredentialHandeler functionality onour test
server (Tomcat 9.0.64) inside the web-app
I Our realm is defined as follows( excerpt from server.xml
)
Currently pwd column defined as O
James, Mark,
On 11/3/23 12:33, Mark Thomas wrote:
On 03/11/2023 15:45, James H. H. Lampert wrote:
Forgive me if this might be a bit off-topic. But I haven't found a lot
of resources on the subject (and that includes a search of List
archives).
For years now, I've been ignoring the note on th
mcat.apache.org
Тема: RE: Accessing Credential handler inside the web application always
returns null
I did recheck using 9.0.82, unfortunately nothing has changed CredentialHandler
is still null
____
От: Christopher Schultz
Отправлено: 30 октября 2023 г. 18:52
Ком
Amit,
On 11/2/23 21:18, Amit Pande wrote:
Please refer to the link below in case you are interested in configuring FIPS
for Tomcat 9 running on Java 17.
https://github.com/amitlpande/tomcat-9-fips/wiki/Java-11-17-Tomcat-9-FIPS-Configuration-Using-Bouncy-Castle
I have tested steps for Java 11
Jerry,
On 11/4/23 20:17, Jerry Malcolm wrote:
My support team needs to be able to log in to our site as various users
(on behalf of...) to be able to see exactly what they are seeing since
roles, access groups, history is different for different users. I would
like to implement an admin passw
Greg and Mark,
On 11/5/23 09:31, Mark Thomas wrote:
On 05/11/2023 10:18, Greg Huber wrote:
OK thanks, the docs mention "static resource cache" but I could not
find info on what it actually is.
It caches the content of static resources in memory and uses that rather
than accessing disk.
I
直以来,
On 11/6/23 06:25, 一直以来 wrote:
What can I do to see that the request is reused, using what settings?
What problem are you trying to solve?
-chris
-- Original --
From: Mark Thomas
-
To u
All,
On 11/6/23 20:32, James H. H. Lampert wrote:
On 11/6/23 5:21 PM, Nithiyanandam BALASUBRAMANIYAN (Oneberry) wrote:
I am using Tomcat Apache Version 8.5.94 in Windows server 2012.
Recently received following vulnerabilities alert to fix :
Short answer: you're already there. And the latest
Jerry,
On 11/6/23 23:22, Jerry Malcolm wrote:
On 11/5/2023 11:54 AM, Jerry Malcolm wrote:
On 11/5/2023 9:26 AM, Christopher Schultz wrote:
Jerry,
On 11/4/23 20:17, Jerry Malcolm wrote:
My support team needs to be able to log in to our site as various
users (on behalf of...) to be able to
William,
On 11/7/23 05:59, William Crowell wrote:
Olaf and Sevendu,
Thank you for your replies. Correct, I sincerely doubt this is a Tomcat class
loading bug.
I am using Tomcat’s normal class loader (webapp/WAR) to load the classes into
memory, and it is a single class loader.
I am going t
"the JARs". You may
sometimes be able to get away with that, but it's best to leave Tomcat's
installation directory untouched to make sure you have all the resources
Tomcat is expecting to find there.
-chris
-Original Message-----
From: Christopher Schultz
Sent:
Peter,
On 11/10/23 13:27, Peter Otto wrote:
Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current
Steps to reproduce.
Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1
tomcat:UserDatabase:nobueno
tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2c900e0
S
Mark,
On 11/10/23 10:27, Mark Thomas wrote:
On 10/11/2023 14:44, Eduardo Guadalupe wrote:
Thanks Mark,
I found the issue, I assumed OpenSSL was installed because I had seen in
some logs the message “OpenSSL successfully initialized [OpenSSL
3.0.11 19
Sep 2023].”
That may be the OpenSSL ver
Mark,
On 11/10/23 12:53, Mark Foley wrote:
On Fri, 10 Nov 2023 17:11:59 Mark Thomas
On 10/11/2023 16:49, Mark Foley wrote:
I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously upgraded
from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed that
thanks to p
g done when you try to authenticate.
-chris
From: Christopher Schultz
Date: Friday, November 10, 2023 at 12:35 PM
To: users@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
Logging into manager using MD5 works in 9.0.73 but now
All,
On 11/13/23 17:36, Chuck Caldarale wrote:
You may have the wrong mailing list - this one is for Tomcat, but your query
seems to be solely about Apache httpd.
Also, the httpd project has stated that they were never vulnerable to
CVE-2023-44487.
https://github.com/icing/blog/blob/main/h
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.96.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.96 is a bugfix and fea
Christoph,
On 11/15/23 10:32, Christoph Kukulies wrote:
I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
I'm wondering about the following in the logs:
Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source
[file:/var/li
Adam,
On 11/15/23 09:06, Adam Warfield wrote:
The Rfc6265CookieProcessor supports setting the SameSite cookie
attribute but starting in 2024, browsers will begin enforcing the
newer "Partitioned" attribute for third-party cookies.
Is there a way to set this attribute within Tomcat for things li
Mark,
Apologies for not replying earlier; looks like you have made good
progress. See below.
On 11/14/23 12:19, Mark Foley wrote:
Anyway, enough griping! I have gotten it partially working thanks to your
suggested link, and particulary you suggestion to put the servlet info in
web.xml. I've
Peter,
On 11/16/23 14:19, l...@kreuser.name wrote:
Hi Chris*,
Am 16.11.2023 um 20:12 schrieb Christopher Schultz
:
Christoph,
On 11/15/23 10:32, Christoph Kukulies wrote:
I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
I'm wondering about the follow
Brian,
On 11/16/23 15:26, Brian Braun wrote:
First of all, this is my stack:
- Ubuntu 22.04.3 on x86/64 with 2GM of physical RAM that has been enough
for years.
- Java 11.0.20.1+1-post-Ubuntu-0ubuntu122.04 / openjdk 11.0.20.1 2023-08-24
- Tomcat 9.0.58 (JAVA_OPTS="-Djava.awt.headless=true -Xmx9
Peter,
On 11/16/23 13:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi
Mark,
On 11/17/23 03:55, Mark Thomas wrote:
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and
get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm
and get
that working.
3. Then configure DIGEST a
Christoph,
On 11/17/23 03:55, Christoph Kukulies wrote:
Am 16.11.2023 um 20:12 schrieb Christopher Schultz
What is the user-owner of the JVM process?
root 125216 0.0 0.0 0 0 ? I 09:42 0:00
[kworker/0:0-events]
root 125221 0.0 0.0 0 0 ? I
Mark,
On 11/17/23 03:55, Mark Thomas wrote:
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and
get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm
and get
that working.
3. Then configure DIGEST a
Mark,
On 11/18/23 07:52, Mark Thomas wrote:
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256
Lance,
On 11/21/23 11:33, Campbell, Lance wrote:
Tomcat 10.1
Java migration from 8 to 11
Eclipse
I am trying to migrate my thirteen tomcat web applications from java 8 to java
11. And from tomcat 9 to tomcat 10.1 .
I have been using the web.xml file for years with Java 8 and tomcat 9. However
Daniel,
This is obviously a "big" question whose answer likely take months to
really determine. But we can get started :)
On 11/27/23 08:59, Daniel Andres Pelaez Lopez wrote:
We are facing some challenges with performance tunning for embedded
Tomcat using Spring Boot 3 (Tomcat version 10.1.7)
Sai Vamsi,
On 11/28/23 04:29, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote:
Hello team,
I am trying to add Tomcat-JMX Integration to the Datadog Agent, in order
to achieve Remote Monitoring .
I am following the docs
https://docs.datadoghq.com/containers/guide/autodiscovery-with-jmx/
1 - 100 of 13703 matches
Mail list logo