On 07.05.20 06:31, Markus Koschany wrote:
Am 07.05.20 um 10:04 schrieb Michael Meier:
Package: tomcat9
Version: 9.0.16-4
Severity: grave
Justification: renders package unusable
I've just been called out of bed.
As it seems unattended-upgrades upgraded on a debian buster server
from:9.0.16-4 to 9.0.31-1~deb10u1
One of the installed webapps throws following error when trying to use it:
[https-openssl-nio-8443-exec-13] ERROR org.zkoss.zk.ui.metainfo.Property -
Failed to assign [value=${i18n:rt('Benutzername')}] to <Label fLvPc>
Unable to find ExpressionFactory of type: # Licensed to the Apache Software
Foundation (ASF) under one or more
Downgrading to 9.0.16-4 solves the issue.
Have you read the changelog or the Debian security announcement before
upgrading Tomcat 9 ? Does your application require the AJP protocol to
work? Then you probably need to slightly change your Tomcat
configuration. For more information please also refer to the official
documentation at
https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html
The application doesn't use ajp.
The sense of using unattended-upgrades and debian stable (no breaking
changes on updates) is not to read each security announcement in before.
I'm not working in an area, where anybody would (be able to) pay for that.
If that does not solve your problem, then we need more information about
your setup and configuration to debug the problem but note that we ship
the latest upstream version basically unmodified, so this would be most
likely an upstream bug.
I could trace it back to the zk library used:
https://bz.apache.org/bugzilla/show_bug.cgi?id=64097
https://tracker.zkoss.org/browse/ZK-4510
That seems to be a really really weird bug. If I understand it
correctly, it's the fault of zk, but I'm not 100% sure.
Anyway, as it seems if I manage to update the project to the new zk
major version, it's supposed to work again.
