users

Messages by Thread

Community Over Code Conference, October 2026, Glasgow, Scotland, UK Christopher Schultz
Clarification on Tomcat 9.1 Release Timeline and Support Plans somasani nikhil
- Re: Clarification on Tomcat 9.1 Release Timeline and Support Plans Christopher Schultz
Limits on redirect length Stephen Booth
- Re: Limits on redirect length Mark Thomas
Double Slash Conversion to Single Slash in URL Not Working Grackin, Michael A. Mr. (Fed) via users
- Re: Double Slash Conversion to Single Slash in URL Not Working Mark Thomas
- Re: Double Slash Conversion to Single Slash in URL Not Working Christopher Schultz
- RE: [EXTERNAL] Re: Double Slash Conversion to Single Slash in URL Not Working Grackin, Michael A. Mr. (Fed) via users
cgi not found Holger Klawitter
- Re: cgi not found Christopher Schultz
- Re: cgi not found Holger Klawitter
- Re: cgi not found Christopher Schultz
[SECURITY] CVE-2026-34487 Apache Tomcat - Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas
[SECURITY] CVE-2026-34486 Apache Tomcat - Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas
[SECURITY] CVE-2026-34500 Apache Tomcat - OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas
[SECURITY] CVE-2026-34483 Apache Tomcat - Incomplete escaping of JSON access logs Mark Thomas
[SECURITY] CVE-2026-32990 Apache Tomcat - The fix for CVE-2025-66614 is incomplete Mark Thomas
[SECURITY] CVE-2026-29146 Apache Tomcat - EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas
[SECURITY] CVE-2026-29145 Apache Tomcat and Tomcat Native - OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas
[SECURITY] CVE-2026-29129 Apache Tomcat - Configured TLS cipher preference order not preserved Mark Thomas
[SECURITY] CVE-2026-25854 Apache Tomcat - Occasionally open redirect Mark Thomas
[SECURITY] CVE-2026-24880 Apache Tomcat - Request smuggling via invalid chunk extension Mark Thomas
[ANN] Apache Tomcat 11.0.21 Available Mark Thomas
[ANN] Apache Tomcat 9.0.117 available Rémy Maucherat
[ANN] Apache Tomcat 10.1.54 Available Christopher Schultz
[ANN] End Of Support for Tomcat Native 1.x Christopher Schultz
Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request 扛起一片天！✨
- Re: Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request Christopher Schultz
- Re: Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request 扛起一片天！✨
- Re: Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request Christopher Schultz
Tomcat 11.0.18 - java.lang.AssertionError in Mapper#internalMap Torsten Krah
- Re: Tomcat 11.0.18 - java.lang.AssertionError in Mapper#internalMap Christopher Schultz
- Re: Tomcat 11.0.18 - java.lang.AssertionError in Mapper#internalMap Torsten Krah
[ANN] Apache Tomcat 10.1.53 Available Christopher Schultz
- AW: [ANN] Apache Tomcat 10.1.53 Available Döscher, Andreas (ESI) via users
- Re: AW: [ANN] Apache Tomcat 10.1.53 Available Christopher Schultz
[ANN] Apache Tomcat 9.0.116 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.20 Available Mark Thomas
Apache Tomcat 9.0.108 -- Upgrading to 9.1.x and Release Info Jack Haddad
- Re: Apache Tomcat 9.0.108 -- Upgrading to 9.1.x and Release Info Sebastian Trost via users
Tomcat 11 latest release version date Deepti Sharma S via users
- Re: Tomcat 11 latest release version date Mark Thomas
- Re: Tomcat 11 latest release version date Jonathan S. Fisher
- Re: Tomcat 11 latest release version date Christopher Schultz
- Re: Tomcat 11 latest release version date Christopher Schultz
FIPS Mode Mike Brown
- Re: FIPS Mode Amit Pande via users
Run Priority -- Tomcat running on IBM Midrange boxes James H. H. Lampert via users
- Re: Run Priority -- Tomcat running on IBM Midrange boxes Konstantin Kolinko
- Re: Run Priority -- Tomcat running on IBM Midrange boxes James H. H. Lampert via users
- Re: Run Priority -- Tomcat running on IBM Midrange boxes Christopher Schultz
- Re: Run Priority -- Tomcat running on IBM Midrange boxes James H. H. Lampert via users
- Re: Run Priority -- Tomcat running on IBM Midrange boxes Rainer Jung
- Re: Run Priority -- Tomcat running on IBM Midrange boxes Christopher Schultz
[ANN] Apache Tomcat Native 2.0.14 released Mark Thomas
[ANN] Apache Tomcat Native 1.3.7 released Mark Thomas
Recall: Apache Tomcat 10 Issue Mcalexander, Jon J. via users
Re: users Digest 6 Mar 2026 16:12:31 -0000 Issue 15160 Richard Huntrods
Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Dimitris Soumis
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Rob Sargent
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Dimitris Soumis
- Re: Apache Tomcat 10 Issue Dimitris Soumis
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Sebastian Trost via users
- Re: Apache Tomcat 10 Issue Sebastian Trost via users
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Sebastian Trost via users
- Re: Apache Tomcat 10 Issue David Wall
- Re: Apache Tomcat 10 Issue Sebastian Trost via users
- Re: Apache Tomcat 10 Issue Christopher Schultz
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Rob Sargent
- Re: Apache Tomcat 10 Issue Zdeněk Henek
- RE: Apache Tomcat 10 Issue Mcalexander, Jon J. via users
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Zdeněk Henek
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Zdeněk Henek
- RE: Apache Tomcat 10 Issue Short, William J.
- Re: Apache Tomcat 10 Issue Christopher Schultz
Access log Bytes Written when compression is enabled David Cleary
- Re: Access log Bytes Written when compression is enabled Christopher Schultz
- Re: Access log Bytes Written when compression is enabled David Cleary
- Re: Access log Bytes Written when compression is enabled Christopher Schultz
- Re: Access log Bytes Written when compression is enabled Mark Thomas
Order of ciphers is no longer preserved Benny Prange
[SECURITY] CVE-2026-24733 Apache Tomcat - Security constraint bypass with HTTP/0.9 Mark Thomas
[SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Mark Thomas
- Fwd: [SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Ivano Luberti
- Re: Fwd: [SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Christopher Schultz
- Re: Fwd: [SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Ivano Luberti
[SECURITY] CVE-2025-66614 Apache Tomcat - Client certificate verification bypass due to virtual host mapping Mark Thomas
Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Benny Prange
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Rémy Maucherat
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Benny Prange
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Christopher Schultz
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Benny Prange
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Rémy Maucherat
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Benny Prange
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Rémy Maucherat
- Re: Ignored JSSE properties in Tomcat 11.0.12+ and Java21+ Benny Prange
[ANN] End of support for Apache Tomcat Native 1.3.x Mark Thomas
[ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mark Thomas
- RE: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Rathore, Rajendra via users
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Sebastian Trost via users
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Rathore, Rajendra via users
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mark Thomas
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan James H. H. Lampert via users
- RE: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mcalexander, Jon J. via users
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan James H. H. Lampert via users
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Rémy Maucherat
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Christopher Schultz
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan David Wall
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Christopher Schultz
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan David Wall
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan James H. H. Lampert via users
- Re: [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Christopher Schultz
[ANN] Apache Tomcat Native 1.3.6 released Mark Thomas
[ANN] Apache Tomcat Native 2.0.13 released Mark Thomas
[Inquiry] java.lang.IllegalStateException: setAttribute: Session already invalidated during Cluster Replication (Tomcat 9.0.73) 조재현
- Re: [Inquiry] java.lang.IllegalStateException: setAttribute: Session already invalidated during Cluster Replication (Tomcat 9.0.73) Mark Thomas
Set "X-Frame-Options" SAMEORIGIN to ALWAYS ? Baron Fujimoto
- AW: Set "X-Frame-Options" SAMEORIGIN to ALWAYS ? Thomas Hoffmann (Speed4Trade GmbH) via users
- Re: Set "X-Frame-Options" SAMEORIGIN to ALWAYS ? Baron Fujimoto
- Re: Set "X-Frame-Options" SAMEORIGIN to ALWAYS ? Christopher Schultz
- Re: Set "X-Frame-Options" SAMEORIGIN to ALWAYS ? Baron Fujimoto
NoClassDefFoundError of OSGI class SynchronousBundleListener for Tyrus initialization Robert von Burg
Re: Apache Tomcat Server (V 10.1.50) / Cybersecurity risk assessment Christopher Schultz
- Re: Apache Tomcat Server (V 10.1.50) / Cybersecurity risk assessment Mark Thomas
Tomcat config with virtual threads joan.balaguero
- Re: Tomcat config with virtual threads Mark Thomas
- Re: Tomcat config with virtual threads Christopher Schultz
- RE: Tomcat config with virtual threads joan.balaguero
[ANN] Apache Tomcat 11.0.18 Available Mark Thomas
move to tomcat 11, now see a jasper dependency Rob Sargent
- Re: move to tomcat 11, now see a jasper dependency Mark Thomas
- Re: move to tomcat 11, now see a jasper dependency Rob Sargent
[ANN] Apache Tomcat 10.1.52 Available Christopher Schultz
- AW: [ANN] Apache Tomcat 10.1.52 Available Döscher, Andreas (ESI) via users
- Re: AW: [ANN] Apache Tomcat 10.1.52 Available Mark Thomas
[ANN] Apache Tomcat 9.0.115 available Rémy Maucherat
- UNSUBSCRIBE Re: [ANN] Apache Tomcat 9.0.115 available N Patterson-Kling
- Re: [ANN] Apache Tomcat 9.0.115 available Evan Rempel via users
- Re: [ANN] Apache Tomcat 9.0.115 available Mark Thomas
- Re: [ANN] Apache Tomcat 9.0.115 available Evan Rempel via users
- Re: [ANN] Apache Tomcat 9.0.115 available Christopher Schultz
Tomcat 9.0.x securing db credentials in server.xml dineshk via users
- Re: Tomcat 9.0.x securing db credentials in server.xml Mark Thomas
- AW: Tomcat 9.0.x securing db credentials in server.xml Thomas Hoffmann (Speed4Trade GmbH) via users
- Re: Tomcat 9.0.x securing db credentials in server.xml Christopher Schultz
- RE: Tomcat 9.0.x securing db credentials in server.xml Mcalexander, Jon J. via users
- Re: Tomcat 9.0.x securing db credentials in server.xml Christopher Schultz
- Re: Tomcat 9.0.x securing db credentials in server.xml Brian Wolfe
- Re: Tomcat 9.0.x securing db credentials in server.xml Christopher Schultz
- Re: Tomcat 9.0.x securing db credentials in server.xml Brian Wolfe
z17 and z/OS 3.2 compatibility MATHEW THOMAS via users
- Re: z17 and z/OS 3.2 compatibility Zdeněk Henek
- Re: z17 and z/OS 3.2 compatibility Christopher Schultz
OCSP with Tomcat Native 1.3.4 fails logo
- Re: OCSP with Tomcat Native 1.3.4 fails logo
- Re: OCSP with Tomcat Native 1.3.4 fails Mark Thomas
- Re: OCSP with Tomcat Native 1.3.4 fails logo
- Re: OCSP with Tomcat Native 1.3.4 fails Mark Thomas
- Re: OCSP with Tomcat Native 1.3.4 fails Mark Thomas
- Re: OCSP with Tomcat Native 1.3.4 fails logo
- Re: OCSP with Tomcat Native 1.3.4 fails Rémy Maucherat
- Re: OCSP with Tomcat Native 1.3.4 fails logo
conversion tool 9 to 10 Rob Sargent
- Re: conversion tool 9 to 10 Robert Turner
- Re: conversion tool 9 to 10 Rob Sargent
- Re: conversion tool 9 to 10 Rob Sargent
- Re: conversion tool 9 to 10 Robert Turner
- Re: conversion tool 9 to 10 Rob Sargent
- Re: conversion tool 9 to 10 Mark Thomas
- Re: conversion tool 9 to 10 Christopher Schultz
- Re: conversion tool 9 to 10 Rob Sargent
- Re: conversion tool 9 to 10 Christopher Schultz
- Re: conversion tool 9 to 10 Rob Sargent
- Re: conversion tool 9 to 10 Mark Thomas
- Re: conversion tool 9 to 10 Rob Sargent
[ANN] Apache Tomcat Native 2.0.12 released Mark Thomas
[ANN] Apache Tomcat Native 1.3.4 released Mark Thomas
Request.getParameter(String s) doesn't parse parameters Nelson Page via users
- Re: Request.getParameter(String s) doesn't parse parameters Mark Thomas
- Re: Request.getParameter(String s) doesn't parse parameters Rémy Maucherat
- Re: Request.getParameter(String s) doesn't parse parameters Nelson Page via users
- Re: Request.getParameter(String s) doesn't parse parameters Nelson Page via users
- Re: Request.getParameter(String s) doesn't parse parameters Nelson Page via users
- Re: Request.getParameter(String s) doesn't parse parameters Christopher Schultz
It's too quiet Niranjan Rao
- Re: [EXTERNAL] It's too quiet Joey Cochran
- RE: It's too quiet Mcalexander, Jon J. via users
- Re: It's too quiet Jyotishmaan via users
'for each' statements are only available if source level is 1.5 or greater Mark Foley
- Re: 'for each' statements are only available if source level is 1.5 or greater Mark Thomas
- Re: 'for each' statements are only available if source level is 1.5 or greater Mark Foley

Earlier messages