-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aurélien,
On 1/26/17 4:31 PM, Aurélien Terrestris wrote: > maybe you're just sending cookies with non-compliant characters. > Please check what you're sending if you can reproduce this problem > yourself > > RFC 6265 says : > > cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) > cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ; > US-ASCII characters excluding CTLs, ; whitespace DQUOTE, comma, > semicolon, ; and backslash Even if the client is sending a malformed HTTP header (or cookie, specifically), it shouldn't crash the JVM. - -chris > 2017-01-26 22:22 GMT+01:00 Satish Chhatpar 02 > <chhatp...@cpwplc.com>: > >> Yes all of them failed in the same way. >> >> >> # Problematic frame: # J >> org.apache.http.impl.cookie.BestMatchSpec.formatCookies( >> Ljava/util/List;)Ljava/util/List; >> >> >> >> Regards >> >> Satish Chhatpar >> >> >> ________________________________ From: Christopher Schultz >> <ch...@christopherschultz.net> Sent: Friday, January 27, 2017 >> 2:44:54 AM To: Tomcat Users List Subject: Re: Apache >> Tomcat/7.0.39 crashed with fatal error >> > Satish, > > On 1/26/17 3:42 PM, Satish Chhatpar 02 wrote: >>>> Thanks Chris. I appreciate your help. >>>> >>>> All 4 tomcats are on diff machines. One on each, with same >>>> tomcat version, same java version and same OS for all. > > Did they all fail in the same way (JVM crash @ > org.apache.http.impl.cookie.BestMatchSpec.formatCookies)? > >>>> Tomcats are not in cluster. > > I would highly recommend upgrading the JVM on one of those servers > to 1.7.latest to see if everything still works. If things go well, > upgrade all of them. > > Then deploy the 1.8.latest to one of them. Tomcat shouldn't have > any compatibility issues with Java 8, but you will definitely want > to test everything in your application of course. > > -chris > >>>> ________________________________ From: Christopher Schultz >>>> <ch...@christopherschultz.net> Sent: Friday, January 27, 2017 >>>> 1:52:47 AM To: Tomcat Users List Subject: Re: Apache >>>> Tomcat/7.0.39 crashed with fatal error >>>> >>>> Satish, >>>> >>>> On 1/26/17 2:28 PM, Satish Chhatpar 02 wrote: >>>>> we are using Apache Tomcat/7.0.39 for our java >>>>> application. >>>> >>>> I highly recommend an upgrade for both Tomcat and Java. >>>> There are published vulnerabilities for both product versions >>>> you are using. >>>> >>>>> There are 4 tomcat instances using same tomcat version and >>>>> java version. yesterday all 4 tomcats crashed with below >>>>> error in hs_err_pid log file. >>>> >>>> All on the same hardware? Or separate machines? >>>> >>>>> This log file was created for all 4 tomcats. >>>> >>>>> Its very peculiar behaviour that all 4 crashed around same >>>>> time. >>>> >>>> If they are in a cluster, one going down could cause the >>>> load on the others to go up, increasing the chances of a >>>> problem. >>>> >>>>> Any information can help us to mitigate this incident. >>>> >>>>> Apache Tomcat/7.0.39 >>>> >>>> Unless this is a package-managed version of Tomcat with an >>>> unfortunately inaccurate version number, that version of >>>> Tomcat is nearly 3 years old. The current version in the >>>> 7.0.x line is 7.0.75 (released yesterday). >>>> >>>>> java version "1.7.0_21" Java(TM) SE Runtime Environment >>>>> (build 1.7.0_21-b11) Java HotSpot(TM) 64-Bit Server VM >>>>> (build 23.21-b01, mixed mode) >>>> >>>> That version of Java is also nearly 3 years old. Latest 1.7 >>>> build is 1.7.0_80 release nearly 3 years ago. Note that Java >>>> 7 is no longer supported unless you have a long-term support >>>> contract with Oracle, in which case the latest version is >>>> 1.7.0_131, released earlier this month. >>>> >>>>> OS used >>>> >>>> >>>>> Red Hat Enterprise Linux Server release 6.3 (Santiago) >>>> >>>> Ouch! 5 years old! >>>> >>>>> # # A fatal error has been detected by the Java Runtime >>>>> Environment: # # SIGSEGV (0xb) at pc=0x00007fed24ecfe9e, >>>>> pid=21352, tid=140656275650304 # # JRE version: 7.0_21-b11 >>>>> # Java VM: Java HotSpot(TM) 64-Bit Server VM (23.21-b01 >>>>> mixed mode linux-amd64 compressed oops) # Problematic >>>>> frame: # J >>>>> org.apache.http.impl.cookie.BestMatchSpec.formatCookies(Ljava/util /Li > >>>>> >>>>> s >>>> >>>>> > t;)Ljava/util/List; >>>> >>>> >>>> # >>>>> # Failed to write core dump. Core dumps have been >>>>> disabled. To enable core dumping, try "ulimit -c unlimited" >>>>> before starting Java again # # If you would like to submit >>>>> a bug report, please visit: # >>>>> http://bugreport.sun.com/bugreport/crash.jsp # >>>> >>>> This is either a JVM bug is a hardware error. Given that the >>>> OS if 5 years old, I'm guessing the hardware is at least >>>> that old. I'd expect 5-year old hardware to be fairly >>>> trustworthy, but it may not have been properly-tested before >>>> going into production. >>>> >>>> If it's all on a single piece of hardware (all 4 Tomcats), >>>> I'd blame the hardware and look for a speedy replacement >>>> (properly-tested this time). If it was on different >>>> machines, I'd suspect a JVM bug. >>>> >>>> -chris >>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> > >>>> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: >>>> users-h...@tomcat.apache.org >>>> >>>> ::DISCLAIMER:: >>>> ___________________________________________________________________ ___ > >>>> >>>> __________________________________________ >>>> >>>> > Confidentiality Notice from Dixons Carphone plc (registered in > England & Wales No.07105905) of 1 Portal Way, London, W3 6RS > ("Dixons Carphone"). The information contained in this e-mail and > any attachments may be legally privileged, proprietary and/or > confidential. If you received this e-mail in error, please notify > the sender by return, permanently delete the e-mail and destroy > all hard copies immediately. No warranty is made as to the > completeness or accuracy of the information contained in this > e-mail. Opinions, conclusions and statements of intent in this > e-mail are those of the sender and will not bind any Dixons > Carphone group company (Dixons Carphone Group) unless confirmed by > an authorised representative independently of this e-mail. We do > not accept responsibility for viruses; you must scan for these. > E-mails sent to and from Dixons Carphone Group are routinely > monitored for record keeping, quality control, training purposes, > to ensure regulatory compliance and to prevent viruses and > unauthorised use of our computer systems. The Carphone Warehouse > Limited (registered in England & Wales No.02142673) is a member of > the Dixons Carphone Group and is authorised and regulated by the > Financial Conduct Authority. >>>> ___________________________________________________________________ ___ > >>>> >>>> __________________________________________ >>>> >> >> --------------------------------------------------------------------- >> >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYimzGAAoJEBzwKT+lPKRYQMUQAK7yrP+4eL2vG24fs5OG4qf+ O/Vy1Arl5QVvxm8avjB7458W2fgkFP/f15wn/jZdsMAF1VL7C+EZ4t5QfcBf2oUE kawWmPU4qMvCG5mIeiYqRHVpVUyJ8PSX+jxOqJR039MQ4Kgr/AiaRwqZ/lKrN+ye c/jH3ZF3mVZcJAQLdUc7ABQjz3w0MDGJFGhz+aptQ4Zmny2/vyQTlnLdm9+JlCc+ XmDqu8V6Lz1QX23UopFafv17bEmqXkLvpRHfiaPtzHDeX9ZciigeK9TIK279CnjS lcJQPJGa4XH+u7ItNk1Wvv7l/YC+G159gg2RzauOe7x7QzTHiY5CSd9klRoW4H0p wzNXmrUHoFK9BW6lCfpd9LKVADc6ggCXkBfQHlca/sNhwgRHeA90tNEIEBvLoMEb WqN7igF/+7aFctaSBtr1KCbx/R9FL8tqUwCbS4gIdbwQ7FnEx9DTHug5wMhgp9GV SWLVb/NLYH8YJEEXMBROroyY+82UgK7ynYaYTzvR7P1zmnD9jeOTI792crlDWNzv /zP1x0iRX7zJ33H7pEG6xdw/SHR+dFKnEu3bxn5QawupOxQt9ifWXxUgTXx/+Q/m 7FmRwZDpfxDngsdVgKdQOlOxp2PGHRlu7rVkq4LzXXsHsUZsVoEtVEKvqKarTd45 z13tY8pReCBVV3nRdkAU =SOql -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org