On 7/2/21 11:44, James H. H. Lampert wrote:
On 7/2/21 12:02 AM, Mark Thomas wrote:

It is an alternative session manager that persists session data via a configured Store. There are two Store implementations provided by default - File and DataSource.

You would know if you were using it as it requires explicit configuration.

Thanks for the specific documentation link; I would not have known where to look in the docs. My friends and colleagues seem to think I have brilliant research skills; in fact, I simply have no qualms about asking for help.

Our webapp totally lacks a "context.xml" (I looked for one) but I see such files, with Manager elements, in the manager and host-manager webapps. Are they affected by CVE-2021-25329/CVE-2020-9484?

Incidentally, speaking of those webapps, when installing, we immediately jettison all as-shipped webapps *except* manager and host-manager. We use manager all the time, but I'm not even sure what host-manager does.

I honestly have never seen a real-world use-case for where the host-manager is useful. I'm sure its critically important for somebody out there, though.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to