[Tomcat Wiki] Update of "AddOns" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "AddOns" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/AddOns?action=diff&rev1=13&rev2=14 Comment: Move PicketLink Vault to a named section + = PropertySource = + + == PicketLink Vault == + + * [[https://github.com/picketbox/tomcat-vault|PicketLink Vault extension for Apache Tomcat]] - Provides a custom `PropertySource` that can be used with Tomcat. See [[FAQ/Password]]. + + + = Web Applications = == PSI Probe manager application == @@ -43, +51 @@ (Historically, the name is a tribute to Lambda Probe project, which they continued as a fork. The original Lambda Probe project (www.lambdaprobe.org) closed more than 10 years ago (2006) and is not applicable to current versions of Tomcat). - - = Other = - - * [[https://github.com/picketbox/tomcat-vault|PicketLink Vault extension for Apache Tomcat]] - Provides a custom `PropertySource` that can be used with Tomcat. See [[FAQ/Password]]. - - [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "AddOns" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "AddOns" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/AddOns?action=diff&rev1=14&rev2=15 Comment: Add a link to Agafua-syslog (Historically, the name is a tribute to Lambda Probe project, which they continued as a fork. The original Lambda Probe project (www.lambdaprobe.org) closed more than 10 years ago (2006) and is not applicable to current versions of Tomcat). + + = Logging = + + == Logging to Syslog == + + * See a [[https://stackoverflow.com/questions/2311697/is-there-a-robust-java-util-logging-handler-implementation-of-syslog|StackOverflow question]] and [[http://rusv.github.io/agafua-syslog/|Agafua-syslog]] project ([[https://github.com/rusv/agafua-syslog/tree/master|GitHub]]). + + [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FrontPage" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FrontPage" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FrontPage?action=diff&rev1=41&rev2=42 Comment: Add link to development pages at CWiki. * '''[[GSOC]]''' - Google Summer of Code * '''[[AddOns]]''' - Third party tools and add-ons not included in the official distribution * '''[[ReleaseProcess|Release Process]]''' - How to perform an official Apache Tomcat release - * '''[[Development|Development Issues]]''' - Work in progress design and/or development documentation + * '''[[Development|Development Issues]]''' - Work in progress design and/or development documentation. These pages have moved to [[https://cwiki.apache.org/confluence/display/TOMCAT/Design+and+Development+Issues|CWiki]]. * '''[[Events]]''' - Upcoming Tomcat events = Special Wiki pages = - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/CharacterEncoding" by GarretWilson
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/CharacterEncoding" page has been changed by GarretWilson: https://wiki.apache.org/tomcat/FAQ/CharacterEncoding?action=diff&rev1=27&rev2=28 Comment: Clarified legacy percent encoding of form submissions in HTML 4.01. ''Percent Encoding for `application/x-www-form-urlencoded`'' - The [[https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1|HTML 4.0.1]] specification indicated that percent-encoding of non-ASCII characters of `application/x-www-form-urlencoded` (the default content type for HTML form submissions) should be performed using `US-ASCII` byte sequences. However [[https://url.spec.whatwg.org/#concept-urlencoded-serializer|HTML 5]] changed this to use UTF-8 byte sequences, matching the modern percent encoding for URLs. Modern browsers therefore percent-encode UTF-8 sequences when submitting forms using `application/x-www-form-urlencoded`. + The [[https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1|HTML 4.01]] specification indicated that percent-encoding of any non alphanumeric characters of `application/x-www-form-urlencoded` (the default content type for HTML form submissions) should be performed using `US-ASCII` byte sequences. However [[https://url.spec.whatwg.org/#concept-urlencoded-serializer|HTML 5]] changed this to use UTF-8 byte sequences, matching the modern percent encoding for URLs. Modern browsers therefore percent-encode UTF-8 sequences when submitting forms using `application/x-www-form-urlencoded`. The servlet specification, however, requires servlet containers to interpret percent-encoded sequences in `application/x-www-form-urlencoded` as `ISO-8859-1`, which in a default configuration will result in corrupted content because of the charset mismatch. See below for how this can be reconfigured in Tomcat. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/CharacterEncoding" by GarretWilson
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/CharacterEncoding" page has been changed by GarretWilson: https://wiki.apache.org/tomcat/FAQ/CharacterEncoding?action=diff&rev1=26&rev2=27 Comment: Updated sections related to percent encoding charset of HTML form posts. <>'''Why does everything have to be this way?''' - Everything covered in this page comes down to practical interpretation of a number of specifications. When working with Java servlets, the Java Servlet Specification is the primary reference, but the servlet spec itself relies on older specifications such as HTTP for its foundation. Here are a couple of references before we cover exactly where these items are located in them. + Everything covered in this page comes down to practical interpretation of a number of specifications. When working with Java servlets, the Java Servlet Specification is the primary reference, but the servlet spec itself relies on older specifications such as HTTP for its foundation. Here are a couple of references before we cover exactly where these items are located in them. A more detailed list can be found on the [[https://wiki.apache.org/tomcat/Specifications|Specifications]] page. + 1. [[https://www.jcp.org/en/jsr/detail?id=369|Java Servlet Specification 4.0]] + 1. [[https://tools.ietf.org/html/rfc7230|HTTP 1.1 Protocol: Message Syntax and Routing]], [[https://tools.ietf.org/html/rfc7231|HTTP 1.1 Protocol: Semantics and Content]] … - 1. [[http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html|Java Servlet Specification 2.5]] - 1. [[http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html|Java Servlet Specification 2.4]] - 1. [[http://www.w3.org/Protocols/rfc2616/rfc2616.txt|HTTP 1.1 Protocol]] ([[http://www.w3.org/Protocols/rfc2616/rfc2616.html|hyperlinked version]]) - 1. [[http://www.ietf.org/rfc/rfc2396.txt|URI Syntax]] + 1. [[https://tools.ietf.org/html/rfc3986|URI Syntax]] - 1. [[http://www.w3.org/Protocols/rfc822/|ARPA Internet Text Messages]] + 1. [[https://tools.ietf.org/html/rfc822|ARPA Internet Text Messages]] - 1. [[http://www.w3.org/TR/html4|HTML 4]] + 1. [[https://www.w3.org/TR/html4/|HTML 4]], [[https://www.w3.org/TR/html/|HTML 5]] ''Default encoding for request and response bodies'' @@ -47, +46 @@ ''Default encoding for GET'' - The character set for HTTP query strings (that's the technical term for 'GET parameters') can be found in sections 2 and 2.1 the "URI Syntax" specification. The character set is defined to be [[http://en.wikipedia.org/wiki/ASCII|US-ASCII]]. Any character that does not map to US-ASCII must be encoded in some way. Section 2.1 of the URI Syntax specification says that characters outside of US-ASCII must be encoded using `%` escape sequences: each character is encoded as a literal `%` followed by the two hexadecimal codes which indicate its character code. Thus, `a` (US-ASCII character code 97 = 0x61) is equivalent to `%61`. There ''is no default encoding for URIs'' specified anywhere, which is why there is a lot of confusion when it comes to decoding these values. + The character set for HTTP query strings (that's the technical term for 'GET parameters') can be found in sections 2 and 2.1 the "URI Syntax" specification. The character set is defined to be [[http://en.wikipedia.org/wiki/ASCII|US-ASCII]]. Any character that does not map to US-ASCII must be encoded in some way. Section 2.1 of the URI Syntax specification says that characters outside of US-ASCII must be encoded using `%` escape sequences: each character is encoded as a literal `%` followed by the two hexadecimal codes which indicate its character code. Thus, `a` (US-ASCII character code 97 = 0x61) is equivalent to `%61`. Although the URI specification does not mandate a default encoding for percent-encoded octets, it recommends UTF-8 especially for new URI schemes, and most modern user agents have settled on UTF-8 for percent-encoding URI characters. Some notes about the character encoding of URIs: - 1. ISO-8859-1 and ASCII are compatible for character codes 0x20 to 0x7E, so they are often used interchangeably. Most of the web uses ISO-8859-1 as the default for query strings. + 1. ISO-8859-1 and ASCII are compatible for character codes 0x20 to 0x7E, so they are often used interchangeably. - 1. Many browsers are starting to offer (default) options of encoding URIs using UTF-8 instead of ISO-8859-1. Some browsers appear to use the encoding of the current page to encode URIs for links (see the note above regarding browser behavior for POST encoding). + 1. Modern browsers encoding URIs using UTF-8. Some browsers appear to use the encoding of the current page to encode URIs for links. - 1. [[http://www.w3.org/TR/html40/appendix/notes.html#non-ascii-chars|HTML 4.0]] recommends the use of UTF-8 to encode the query string. + 1. [[https:/
[Tomcat Wiki] Update of "ContributorsGroup" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by markt: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=33&rev2=34 Comment: += GarretWilson * developintelligence * DmytroMrachkovskyi * EmericVernat + * GarretWilson * GaryBriggs * GeorgeSexton * GFUCyrusAG - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by dblevins
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by dblevins: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=67&rev2=68 Comment: Add Tomitribe to the support list [[https://linuxhostsupport.com|{{https://linuxhostsupport.com/blog/wp-content/uploads/2017/05/linuxhostsupport-300.png|https://linuxhostsupport.com}}]] [[https://linuxhostsupport.com|LinuxHostSupport]] is a server management company that provides Tomcat server support services, including, but not limited to: Tomcat installation services, Tomcat configuration services, Tomcat server migration services etc. You can get a free quote. + + [[https://www.tomitribe.com|{{https://www.tomitribe.com/wp-content/uploads/2018/04/tomitribe.png|https://www.tomitribe.com|width=150}}]] + + Tomitribe was founded by several members of the ASF to be completely dedicated to Tomcat and TomEE offering [[https://www.tomitribe.com|7/24 global support]]. Subscriptions also include 365-day CVE scanning, notification and patching for all versions of Tomcat both EOL and active, and annual professional services and training benefits. === Example company name === Use this example as a basis for your entry. New entries should be added just above this example. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Building Tomcat on MacOS" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Building Tomcat on MacOS" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Building%20Tomcat%20on%20MacOS?action=diff&rev1=5&rev2=6 While you can set {{{ld.library.path}}} to include libraries from all over the place, I recommend that you copy everything into one place so you can easily find everything and it won't interfere with anything else on your system. First, copy the {{{libtcnative}}} binaries from where they were built: + {{{ $ cp -aR tomcat-native-x.y.z/native/.libs/* apache-tomcat-x.y.z-src/output/build/bin/}}} Next, copy the APR libraries: - {{{ $ cp -a$ $APR_HOME/libexec/lib/* apache-tomcat-x.y.z-src/output/build/bin/}}} + {{{ $ cp -aR $APR_HOME/libexec/lib/* apache-tomcat-x.y.z-src/output/build/bin/}}} Finally, if you are using a custom OpenSSL build, copy those libraries as well: - {{{ $ cp -a$ $OPENSSL_HOME/lib/* apache-tomcat-x.y.z-src/output/build/bin/}}} + {{{ $ cp -aR $OPENSSL_HOME/lib/* apache-tomcat-x.y.z-src/output/build/bin/}}} == Running Tomcat with libtcnative == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Building Tomcat on MacOS" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Building Tomcat on MacOS" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Building%20Tomcat%20on%20MacOS?action=diff&rev1=4&rev2=5 Building Tomcat from source on MacOS can require some additional work, especially if you want to build all of the optional items such as {{{libtcnative}}}. - == Building Tomcat== + == Building Tomcat == - Building Tomcat itself is fairly straightforward. Simply download the source distribution of Tomcat and follow the indtructions in the BUILDING.txt file bundled with the distribution. + Building Tomcat itself is fairly straightforward. Simply download the source distribution of Tomcat and follow the instructions in the BUILDING.txt file bundled with the distribution. Briefly, you'll need: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Building Tomcat on MacOS" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Building Tomcat on MacOS" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Building%20Tomcat%20on%20MacOS?action=diff&rev1=3&rev2=4 == Running Tomcat with libtcnative == + Tomcat (really Java) needs to know where to find these native libraries. We do that by setting the {{{java.library.path}}} environment variable for the JVM during startup. The easiest way to do this is by setting {{{CATALINA_OPTS}}} on startup. This can be done by adding this line to {{{bin/setenv.sh}}}: + + {{{export CATALINA_OPTS="-Djava.library.path=$CATALINA_HOME/bin"}}} + + Then you can startup Tomcat as usual, either: + + {{{$ bin/startup.sh }}} + + or + + {{{$ bin/catalina.sh start }}} + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Building Tomcat on MacOS" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Building Tomcat on MacOS" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Building%20Tomcat%20on%20MacOS?action=diff&rev1=2&rev2=3 You may have to set your {{{JAVA_HOME}}} environment variable and/or specify the full path to your {{{ant}}} binary. - == Building {{{libtcnative}}} == + == Building libtcnative == Building {{{libtcnative}}} it fairly straightforward as well, but you will need a number of prerequisites that are not terribly obvious as to how to get them. @@ -26, +26 @@ 1. Apache Portal Runtime (APR), available either directly from Apache ([[https://apr.apache.org/download.cgi|APR downloads]]) or by using [[brew|https://brew.sh/]] ({{{brew install apr}}}) 1. (Optional) OpenSSL 1.1.1 (latest at the time of this writing), available either directly from OpenSSL ([[|OpenSSL Downloads]]) or by using [[brew|]] ({{{brew install openssl1 + Download and unpack the libtcnative sources: + + {{{$ tar xzf tomcat-native-x.y.x.tar.gz}}} + {{{$ cd tomcat-native-x.y.z/native}}} + === Using OpenSSL === If using OpenSSL: - {{{./configure --with-ssl=[path to OpenSSL] --with-apr=[path to APR] --with-java-home=[your java home]}}} + {{{$ ./configure --with-ssl=[path to OpenSSL] --with-apr=[path to APR] --with-java-home=[your java home]}}} For example: - {{{./configure --with-ssl=/usr/local/Cellar/openssl\@1.1/1.1.1 --with-apr=/usr/local/Cellar/apr/1.6.5 --with-java-home=/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home}}} + {{{$ ./configure --with-ssl=/usr/local/Cellar/openssl\@1.1/1.1.1 --with-apr=/usr/local/Cellar/apr/1.6.5 --with-java-home=/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home}}} === Without OpenSSL (LibreSSL) === @@ -43, +48 @@ {{{./configure --with-ssl=yes --with-apr=/usr/local/Cellar/apr/1.6.5 --with-java-home=/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home}}} + + In either case (OpenSSL or not), proceed with the build process: + + {{{make}}} + + Once this process has completed, your built libraries can be found in {{{.libs/}}}. + + == Installing libtcnative == + + While you can set {{{ld.library.path}}} to include libraries from all over the place, I recommend that you copy everything into one place so you can easily find everything and it won't interfere with anything else on your system. + + First, copy the {{{libtcnative}}} binaries from where they were built: + {{{ $ cp -aR tomcat-native-x.y.z/native/.libs/* apache-tomcat-x.y.z-src/output/build/bin/}}} + + Next, copy the APR libraries: + + {{{ $ cp -a$ $APR_HOME/libexec/lib/* apache-tomcat-x.y.z-src/output/build/bin/}}} + + Finally, if you are using a custom OpenSSL build, copy those libraries as well: + + {{{ $ cp -a$ $OPENSSL_HOME/lib/* apache-tomcat-x.y.z-src/output/build/bin/}}} + + == Running Tomcat with libtcnative == + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Building Tomcat on MacOS" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Building Tomcat on MacOS" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Building%20Tomcat%20on%20MacOS?action=diff&rev1=1&rev2=2 - Building Tomcat from source on MacOS can require some additional work, especially if you want to build all of the optional items such as libtcnative. + Building Tomcat from source on MacOS can require some additional work, especially if you want to build all of the optional items such as {{{libtcnative}}}. == Building Tomcat== + Building Tomcat itself is fairly straightforward. Simply download the source distribution of Tomcat and follow the indtructions in the BUILDING.txt file bundled with the distribution. Briefly, you'll need: @@ -17, +18 @@ You may have to set your {{{JAVA_HOME}}} environment variable and/or specify the full path to your {{{ant}}} binary. + == Building {{{libtcnative}}} == + + Building {{{libtcnative}}} it fairly straightforward as well, but you will need a number of prerequisites that are not terribly obvious as to how to get them. + + 1. Xcode command-line tools, available from [[https://developer.apple.com/download/more/|Apple's developer tools download site]]. Make sure you get the proper version for your XCode version (if you have XCode already installed) and your OS version (10.x) + 1. Apache Portal Runtime (APR), available either directly from Apache ([[https://apr.apache.org/download.cgi|APR downloads]]) or by using [[brew|https://brew.sh/]] ({{{brew install apr}}}) + 1. (Optional) OpenSSL 1.1.1 (latest at the time of this writing), available either directly from OpenSSL ([[|OpenSSL Downloads]]) or by using [[brew|]] ({{{brew install openssl1 + + === Using OpenSSL === + If using OpenSSL: + + {{{./configure --with-ssl=[path to OpenSSL] --with-apr=[path to APR] --with-java-home=[your java home]}}} + + For example: + + {{{./configure --with-ssl=/usr/local/Cellar/openssl\@1.1/1.1.1 --with-apr=/usr/local/Cellar/apr/1.6.5 --with-java-home=/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home}}} + + === Without OpenSSL (LibreSSL) === + + If not using OpenSSL: + + {{{./configure --with-ssl=yes --with-apr=[path to APR] --with-java-home=[your java home]}}} + + {{{./configure --with-ssl=yes --with-apr=/usr/local/Cellar/apr/1.6.5 --with-java-home=/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home}}} + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Building Tomcat on MacOS" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Building Tomcat on MacOS" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Building%20Tomcat%20on%20MacOS New page: Building Tomcat from source on MacOS can require some additional work, especially if you want to build all of the optional items such as libtcnative. == Building Tomcat== Building Tomcat itself is fairly straightforward. Simply download the source distribution of Tomcat and follow the indtructions in the BUILDING.txt file bundled with the distribution. Briefly, you'll need: 1. The Tomcat source tarball (the ZIP file is fine, but we're on UNIX, so the tarball is more natural) 1. A Java Development Kit, available from [[https://jdk.java.net/|Java.net]] 1. Apache ant, available from the [[https://ant.apache.org/bindownload.cgi|Apache ant downloads]] page Once you have all that, {{{ant deploy}}} You may have to set your {{{JAVA_HOME}}} environment variable and/or specify the full path to your {{{ant}}} binary. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud?action=diff&rev1=3&rev2=4 + 2 - Example there is an example to use it with OpenShift in https://github.com/jfclere/tomcat-kubernetes + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud?action=diff&rev1=2&rev2=3 There are 2 ways to organize your images, use a standalone tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webapps. Each image will be started as a pod on kubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcat. Hanging or dying pods are restarted by kubernetes. - = "Standalone" tomcat configuration: =; + 1 - "Full" tomcat configuration: + In server.xml use the following: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud?action=diff&rev1=1&rev2=2 There are 2 ways to organize your images, use a standalone tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webapps. Each image will be started as a pod on kubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcat. Hanging or dying pods are restarted by kubernetes. - = 1 - "Standalone" tomcat configuration: =; + = "Standalone" tomcat configuration: =; In server.xml use the following: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud New page: How to use tomcat clustering in the cloud. The load-balancer and the sticky (or not sticky) logic is provided by the cloud it self, basically you have to expose a service and configure a route. Cloud configuration depends on the cloud providers, document for the mean cloud providers will be added to this wiki. The tomcat clustering for the cloud uses Kubernetes you have to configure your nodes to use Kubernetes, all cloud providers support Kubernetes. Kubernetes uses Docker so you have to create a Docker image to use tomcat in the cloud. There are 2 ways to organize your images, use a standalone tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webapps. Each image will be started as a pod on kubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcat. Hanging or dying pods are restarted by kubernetes. = 1 - "Standalone" tomcat configuration: =; In server.xml use the following: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=23&rev2=24 Comment: Update OpenSSL table == APR with OpenSSL Results (Default) == - |||| Java 6 || Java 7 || Java 8 || + |||| Java 6 || Java 7 || Java 8 || Java 9 || Java 10 || - || Tomcat 7 || A|| A|| A|| + || Tomcat 7 || A|| A|| A|| A||A|| - || Tomcat 8 || N/A || A|| A|| + || Tomcat 8 || N/A || A|| A|| A||A|| - || Tomcat 8.5 || N/A || A|| A|| + || Tomcat 8.5 || N/A || A|| A|| A||A|| - || Tomcat 9 || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || A|| A||A|| The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=22&rev2=23 Comment: Update JSSE+OpenSSL table == NIO/NIO2 with JSSE+OpenSSL Results (Default) == - |||| Java 6 || Java 7 || Java 8 || + |||| Java 6 || Java 7 || Java 8 || Java 9 || Java 10 || - || Tomcat 8.5 || N/A || A|| A|| + || Tomcat 8.5 || N/A || A|| A|| A||A|| - || Tomcat 9 || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || A|| A||A|| The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. - - Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. == APR with OpenSSL Results (Default) == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=21&rev2=22 Comment: Add Java 10 for JSSE == BIO/NIO/NIO2 with JSSE Results (Default) == - |||| Java 6 || Java 7 || Java 8 || Java 9 || + |||| Java 6 || Java 7 || Java 8 || Java 9 || Java 10 || - || Tomcat 7 || C|| B|| A|| A|| + || Tomcat 7 || C|| B|| A|| A||A|| - || Tomcat 8 || N/A || B|| A|| A|| + || Tomcat 8 || N/A || B|| A|| A||A|| - || Tomcat 8.5 || N/A || B|| A|| A|| + || Tomcat 8.5 || N/A || B|| A|| A||A|| - || Tomcat 9 || N/A || N/A || A|| A|| + || Tomcat 9 || N/A || N/A || A|| A||A|| Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=20&rev2=21 Comment: Update versions, add Java 9 and update JSSE results == BIO/NIO/NIO2 with JSSE Results (Default) == - |||| Java 6 || Java 7 || Java 8 || + |||| Java 6 || Java 7 || Java 8 || Java 9 || - || Tomcat 7 || C|| A|| A|| + || Tomcat 7 || C|| B|| A|| A|| - || Tomcat 8 || N/A || A|| A|| + || Tomcat 8 || N/A || B|| A|| A|| - || Tomcat 8.5 || N/A || A|| A|| + || Tomcat 8.5 || N/A || B|| A|| A|| - || Tomcat 9 || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || A|| A|| Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - Note: The 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. + Note: The Java 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. + + Note: The Java 7 results are capped at B because Java 7 does not support AEAD ciphers. The equivalent OpenSSL cipher configurations used to obtain the above results are: || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || + || Java 9 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || Note: kRSA ciphers are not excluded in Java 6 since they are likely to be the only ones left @@ -51, +54 @@ The results above were generated with: * Java 6, 64-bit, update 45 * Java 7, 64-bit, update 80 - * Java 8, 64-bit, update 77 + * Java 8, 64-bit, update 172 + * Java 9, 9.0.4 - * Apache Tomcat 7.0.69-dev, r1737253. + * Apache Tomcat 7.0.88-dev, r1737253. - * Apache Tomcat 8.0.34-dev, r1737224. + * Apache Tomcat 8.0.53-dev, r1737224. - * Apache Tomcat 8.5.1-dev, r1737241. + * Apache Tomcat 8.5.32-dev, r1737241. - * Apache Tomcat 9.0.0.M5-dev, r1737193. + * Apache Tomcat 9.0.9-dev, r1737193. - * tc-native 1.2.5 + * tc-native 1.2.16 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=19&rev2=20 Comment: Remove references to Java 5 and Tomcat 6 == BIO/NIO/NIO2 with JSSE Results (Default) == - |||| Java 5 || Java 6 || Java 7 || Java 8 || + |||| Java 6 || Java 7 || Java 8 || - || Tomcat 6 || C|| C|| A|| A|| - || Tomcat 7 || N/A || C|| A|| A|| + || Tomcat 7 || C|| A|| A|| - || Tomcat 8 || N/A || N/A || A|| A|| + || Tomcat 8 || N/A || A|| A|| - || Tomcat 8.5 || N/A || N/A || A|| A|| + || Tomcat 8.5 || N/A || A|| A|| - || Tomcat 9 || N/A || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || A|| Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - Note: The Java 5 and 6 results are capped at C because neither Java 5 nor 6 support TLS 1.1 or 1.2. + Note: The 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. The equivalent OpenSSL cipher configurations used to obtain the above results are: - || Java 5 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || - Note: kRSA ciphers are not excluded in Java 6 and earlier since they are likely to be the only ones left + Note: kRSA ciphers are not excluded in Java 6 since they are likely to be the only ones left Note: In Java 7 and earlier DHE ciphers use insecure DH keys with no means to configure longer keys which is why DHE ciphers are excluded in those Java versions. == NIO/NIO2 with JSSE+OpenSSL Results (Default) == - |||| Java 5 || Java 6 || Java 7 || Java 8 || + |||| Java 6 || Java 7 || Java 8 || - || Tomcat 8.5 || N/A || N/A || A|| A|| + || Tomcat 8.5 || N/A || A|| A|| - || Tomcat 9 || N/A || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || A|| The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. @@ -40, +38 @@ == APR with OpenSSL Results (Default) == - |||| Java 5 || Java 6 || Java 7 || Java 8 || + |||| Java 6 || Java 7 || Java 8 || - || Tomcat 6 || A|| A|| A|| A|| - || Tomcat 7 || N/A || A|| A|| A|| + || Tomcat 7 || A|| A|| A|| - || Tomcat 8 || N/A || N/A || A|| A|| + || Tomcat 8 || N/A || A|| A|| - || Tomcat 8.5 || N/A || N/A || A|| A|| + || Tomcat 8.5 || N/A || A|| A|| - || Tomcat 9 || N/A || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || A|| The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. == Environment == The results above were generated with: - * Java 5, 64-bit, update 22 * Java 6, 64-bit, update 45 * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 - * Apache Tomcat 6.0.46-dev, r1737284. * Apache Tomcat 7.0.69-dev, r1737253. * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737241. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=21&rev2=22 Comment: Add link to Security page. When the above flag is set, Tomcat recycles facades to its internal objects when request processing completes. This makes it easier to spot illegal access when it happens, instead of waiting until side effects of such access become visible.<><> This flag is also mentioned on the [[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security Considerations]] page.<><> - The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]]. + The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]].<><> + You can also search the archives of the Tomcat users' [[http://tomcat.apache.org/lists.html|mailing lists]] for previous discussions mentioning the `RECYCLE_FACADES` flag. 2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue. + Accessing response objects after their lifetime can lead to security issues in your application, such as sending responses to wrong clients, mixing up responses. If you can reproduce the issue and the above diagnostic does not show your own bug, but a bug in Apache Tomcat, + * if the problem manifests as a security issue, see [[http://tomcat.apache.org/security.html|how to report it]]. [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=20&rev2=21 Comment: Rearrange text about Response state troubleshooting E.g. [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61289|61289]], [[https://bz.apache.org/bugzilla/show_bug.cgi?id=58457|58457]] - The main suspect is your own web application keeping a reference to Request / Response objects outside of their life cycle. (*) + The main suspect is '''your own web application''' keeping a reference to Request / Response objects outside of their life cycle. + + {{{#!wiki note + + The lifetime of the Response object is documented in the [[Specifications|Servlet specification]]. Quoting from section "5.8 Lifetime of the Response Object" of Servlet 4.0 specification: + + "Each response object is valid only within the scope of a servlet’s service method, or within the scope of a filter’s doFilter method, unless the associated request object has asynchronous processing enabled for the component. If asynchronous processing on the associated request is started, then the response object remains valid until complete method on !AsyncContext is called." + + In case of asynchronous processing, when an error occurs Tomcat notifies all registered `AsyncListener`s and then calls `complete()` automatically if none of the listeners have called it yet. (Reference: [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61768#c3|61768]]) + + Also see sections "2.3.3.4 Thread Safety" and "3.13 Lifetime of the Request Object" of the same specification. + }}} + + To troubleshoot the issue: 1. Set the following [[http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html#Security|system property]] in Tomcat configuration: {{{org.apache.catalina.connector.RECYCLE_FACADES=true}}} - When flag is set, Tomcat recycles facades to its internal objects when request processing completes. This makes it easier to spot illegal access when it happens, instead of waiting until side effects of such access become visible.<><> + When the above flag is set, Tomcat recycles facades to its internal objects when request processing completes. This makes it easier to spot illegal access when it happens, instead of waiting until side effects of such access become visible.<><> - This flag is also mentioned on the [[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security Considerations]] page. The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]]. + This flag is also mentioned on the [[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security Considerations]] page.<><> + The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]]. 2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue. - (*) '''Note''' - - The lifetime of the Response object is documented in the [[Specifications|Servlet specification]]. Quoting from section "5.8 Lifetime of the Response Object" of Servlet 4.0 specification: - - || Each response object is valid only within the scope of a servlet’s service method, or within the scope of a filter’s doFilter method, unless the associated request object has asynchronous processing enabled for the component. If asynchronous processing on the associated request is started, then the response object remains valid until complete method on AsyncContext is called. || - - In case of asynchronous processing, when an error occurs Tomcat notifies all registered `AsyncListener`s and then calls `complete()` automatically if none of the listeners have called it yet. (Reference: [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61768#c3|61768]]) - - Also see sections "2.3.3.4 Thread Safety" and "3.13 Lifetime of the Request Object" of the same specification. [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FrontPage" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FrontPage" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FrontPage?action=diff&rev1=40&rev2=41 Comment: Add steps on how to create a Wiki name, following suggestion by Charlie Arehart on the users' list This is the Wiki for Apache Tomcat, a Servlet and Java Server Pages container developed under the Apache License. The main documentation for this product is at [[http://tomcat.apache.org|tomcat.apache.org]]. Below is a list of some useful pages: we encourage everyone to contribute to these pages or start new ones as desired. But before you do, please check out the main documentation site as well as the [[FAQ]] and the [[http://tomcat.apache.org/lists.html|mailing lists]] (whose archives are searchable). - If you do decide to contribute, you will need to create a Wiki login name and then send an e-mail to the Tomcat developers' mailing list or [[FAQ/Tomcat_User|Tomcat users' mailing list]], see [[http://tomcat.apache.org/lists.html|mailing lists]] page for details, asking to be added to the ContributorsGroup. Please remember to provide your Wiki name. (Do not send personal e-mails to committers. Ask on a mailing list, so that a public record of this remains in an archive.) Apologies for this extra step, but it's necessary to combat spam. + If you do decide to contribute, you will need to create a Wiki login name (click "Login" link at the top of the page, then "create one now") and then send an e-mail to the Tomcat developers' mailing list or [[FAQ/Tomcat_User|Tomcat users' mailing list]], see [[http://tomcat.apache.org/lists.html|mailing lists]] page for details, asking to be added to the ContributorsGroup. Please remember to provide your Wiki name. (Do not send personal e-mails to committers. Ask on a mailing list, so that a public record of this remains in an archive.) Apologies for this extra step, but it's necessary to combat spam. * '''[[GettingStarted|Getting Started]]''' - Getting started with Tomcat. * '''[[TomcatVersions|Tomcat versions]]''' - A list of every Tomcat version and its current status. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ContributorsGroup" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=32&rev2=33 * AndreaBrugiolo * AndrewCarr * BrianBurch + * CharlieArehart * CoreyNorthcutt * dblevins * developintelligence - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "TomcatVersions" by VioletaGeorgieva
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "TomcatVersions" page has been changed by VioletaGeorgieva: https://wiki.apache.org/tomcat/TomcatVersions?action=diff&rev1=29&rev2=30 = Tomcat 9.0.x = ||Spec versions: ||Servlet 4.0, JSP 2.3, EL 3.0, !WebSocket 1.1, JASPIC 1.1 || - ||Stable: ||No || + ||Stable: ||Yes || ||Enhancements: ||Yes || ||Bug Fixes: ||Yes || ||Security Fixes: ||Yes || - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "AddOns" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "AddOns" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/AddOns?action=diff&rev1=12&rev2=13 Comment: Add link to "PicketLink Vault extension for Apache Tomcat" project. (Historically, the name is a tribute to Lambda Probe project, which they continued as a fork. The original Lambda Probe project (www.lambdaprobe.org) closed more than 10 years ago (2006) and is not applicable to current versions of Tomcat). + + = Other = + + * [[https://github.com/picketbox/tomcat-vault|PicketLink Vault extension for Apache Tomcat]] - Provides a custom `PropertySource` that can be used with Tomcat. See [[FAQ/Password]]. + + [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Password" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Password" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Password?action=diff&rev1=12&rev2=13 Comment: Update entry about setting a custom PropertySource. Add link to "PicketLink Vault extension for Apache Tomcat" project. . Now, whenever you write {{{&resources;}}} in the text below, it will be replaced by the content of the file "resources.txt". The file path is relative to the conf directory. * Write your own datasource implementation which wraps your datasource and obscure your brains out ([[http://en.wikipedia.org/wiki/XOR_cipher|XOR]] and [[http://en.wikipedia.org/wiki/ROT13|ROT13]] are great candidates for this since their strength matches the protection you'll actually get). See the docs on how to do this. * Write your own {{{javax.naming.spi.ObjectFactory}}} implementation that creates and configures your datasource. - * (Tomcat 7) Write your own {{{org.apache.tomcat.util.IntrospectionUtils.PropertySource}}} implementation to 'decrypt' passwords that are 'encrypted' in catalina.properties and referenced via ${...} in server.xml. You will need to set the system property {{{org.apache.tomcat.util.digester.PROPERTY_SOURCE}}} to point to your !PropertySource implementation. + * Write your own {{{org.apache.tomcat.util.IntrospectionUtils.PropertySource}}} implementation to 'decrypt' passwords that are 'encrypted' in catalina.properties and referenced via ${...} in server.xml. You will need to set the [[https://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html|system property]] {{{org.apache.tomcat.util.digester.PROPERTY_SOURCE}}} to point to your !PropertySource implementation. + * An example of a project that provides such custom !PropertySource: [[https://github.com/picketbox/tomcat-vault|PicketLink Vault extension for Apache Tomcat]]. A cultural reference: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "tools/SSLUtils.java" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "tools/SSLUtils.java" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/tools/SSLUtils.java?action=diff&rev1=2&rev2=3 Comment: Replace source file with link to GitHub repository. + This utility has been replaced by a project on GitHub: + https://github.com/ChristopherSchultz/ssltest - {{{ - /* - * SSLUtils.java - * - * Contains useful SSL/TLS methods. - * - * Copyright (c) 2015 Christopher Schultz - * - * Christopher Schultz licenses this file to You under the Apache License, - * Version 2.0 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - import java.io.File; - import java.io.FileInputStream; - import java.io.IOException; - import java.io.InputStream; - import java.net.InetAddress; - import java.net.ServerSocket; - import java.net.Socket; - import java.net.UnknownHostException; - import java.security.InvalidAlgorithmParameterException; - import java.security.KeyManagementException; - import java.security.KeyStore; - import java.security.KeyStoreException; - import java.security.NoSuchAlgorithmException; - import java.security.NoSuchProviderException; - import java.security.SecureRandom; - import java.security.cert.CRL; - import java.security.cert.CRLException; - import java.security.cert.CertPathParameters; - import java.security.cert.CertStore; - import java.security.cert.CertStoreParameters; - import java.security.cert.CertificateException; - import java.security.cert.CertificateFactory; - import java.security.cert.CollectionCertStoreParameters; - import java.security.cert.PKIXBuilderParameters; - import java.security.cert.X509CertSelector; - import java.security.cert.X509Certificate; - import java.util.Collection; - import javax.net.ssl.CertPathTrustManagerParameters; - import javax.net.ssl.HostnameVerifier; - import javax.net.ssl.HttpsURLConnection; - import javax.net.ssl.ManagerFactoryParameters; - import javax.net.ssl.SSLContext; - import javax.net.ssl.SSLServerSocket; - import javax.net.ssl.SSLServerSocketFactory; - import javax.net.ssl.SSLSession; - import javax.net.ssl.SSLSocket; - import javax.net.ssl.SSLSocketFactory; - import javax.net.ssl.TrustManager; - import javax.net.ssl.TrustManagerFactory; - import javax.net.ssl.X509TrustManager; - - /** - * Lots of useful SSL-related goodies. - * - * @author Christopher Schultz - * @author Apache Software Foundation (some code adapted/lifted from Apache Tomcat). - */ - public class SSLUtils - { - public static void disableSSLHostnameVerification() - { - HostnameVerifier verifyEverything = new HostnameVerifier() { - public boolean verify(String hostname, SSLSession session) - { - return true; - } - }; - - HttpsURLConnection.setDefaultHostnameVerifier(verifyEverything); - } - - private static final TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - public X509Certificate[] getAcceptedIssuers() { - return null; - } - public void checkClientTrusted(X509Certificate[] certs, -String authType) { - // Trust all clients - } - public void checkServerTrusted(X509Certificate[] certs, -String authType) { - // Trust all servers - } - } - }; - - public static TrustManager[] getTrustAllCertsTrustManagers() - { - return trustAllCerts.clone(); - } - - /** - * Configures SSLSocketFactory for Java's HttpsURLConnection. - */ - public static void configureHttpsURLConnection(String protocol, -String[] sslEnabledProtocols, -String[] sslCipherSuites, -SecureRandom random, -TrustManager[] tms) - throws NoSuchAlgorithmException, KeyManagementException - { - HttpsURLConnection.setDefaultSSLSocketFactory(getSSLSocketFactory(protocol, - sslEnabledProtocols, -
[Tomcat Wiki] Update of "tools/SSLTest.java" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "tools/SSLTest.java" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/tools/SSLTest.java?action=diff&rev1=4&rev2=5 Comment: Replace source file with link to GitHub repository. + This utility has been replaced by a project on GitHub: + https://github.com/ChristopherSchultz/ssltest - {{{ - /* - * SSLTest.java - * - * Tests servers for SSL/TLS protocol and cipher support. - * - * Copyright (c) 2015 Christopher Schultz - * - * Christopher Schultz licenses this file to You under the Apache License, - * Version 2.0 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - // Note this class requires [[SSLUtils.java]] - import java.io.IOException; - import java.net.InetSocketAddress; - import java.net.Socket; - import java.net.SocketTimeoutException; - import java.security.NoSuchAlgorithmException; - import java.security.Provider; - import java.security.SecureRandom; - import java.security.Security; - import java.security.cert.Certificate; - import java.security.cert.X509Certificate; - import java.util.ArrayList; - import java.util.Arrays; - import java.util.Collections; - import java.util.HashSet; - import java.util.List; - import java.util.Map.Entry; - import javax.net.ssl.SSLContext; - import javax.net.ssl.SSLSocket; - import javax.net.ssl.SSLSocketFactory; - import javax.net.ssl.TrustManager; - - /** - * A driver class to test a server's SSL/TLS support. - * - * Usage: java SSLTest [opts] host[:port] - * - * Try "java SSLTest -h" for help. - * - * This tester will attempts to handshake with the target host with all - * available protocols and ciphers and report which ones were accepted and - * which were rejected. An HTTP connection is never fully made, so these - * connections should not flood the host's access log with entries. - * - * @author Christopher Schultz - */ - public class SSLTest - { - public static void usage() - { - System.out.println("Usage: java " + SSLTest.class + " [opts] host[:port]"); - System.out.println(); - System.out.println("-sslprotocol Sets the SSL/TLS protocol to be used (e.g. SSL, TLS, SSLv3, TLSv1.2, etc.)"); - System.out.println("-enabledprotocols protocols Sets individual SSL/TLS ptotocols that should be enabled"); - System.out.println("-ciphers cipherspec A comma-separated list of SSL/TLS ciphers"); - - System.out.println("-truststore Sets the trust store for connections"); - System.out.println("-truststoretype type Sets the type for the trust store"); - System.out.println("-truststorepassword pass Sets the password for the trust store"); - System.out.println("-truststorealgorithm alg Sets the algorithm for the trust store"); - System.out.println("-truststoreprovider provider Sets the crypto provider for the trust store"); - - System.out.println("-no-check-certificateIgnores certificate errors"); - System.out.println("-no-verify-hostname Ignores hostname mismatches"); - - System.out.println("-h -help --help Shows this help message"); - } - - public static void main(String[] args) - throws Exception - { - int connectTimeout = 0; // default = infinite - int readTimeout = 1000; - - boolean disableHostnameVerification = true; - boolean disableCertificateChecking = true; - - String trustStoreFilename = System.getProperty("javax.net.ssl.trustStore"); - String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); - String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType"); - String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider"); - String trustStoreAlgorithm = null; - String sslProtocol = "TLS"; - String[] sslEnabledProtocols = new String[] { "SSLv2", "SSLv2hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" }; - String[] sslCipherSuites = null; // Default = default for protocol - String crlFilename = null; - boolean showCerts = false; - - if(args.length < 1) - { - usage(); - System.exit(0); - } - - int argIndex; - for(argIndex = 0; argIndex < args.length; ++argIndex) - {
[Tomcat Wiki] Update of "ContributorsGroup" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=31&rev2=32 * DmytroMrachkovskyi * EmericVernat * GaryBriggs + * GeorgeSexton * GFUCyrusAG * GlenIhrig * GregTrasuk - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Security" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Security" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Security?action=diff&rev1=21&rev2=22 Comment: Mention CVE-2009-3548 in the "Record" section. === The Record === There have been no public cases of damage done to a company, organization, or individual due to a Tomcat security issue. There have been no documented cases of data loss or application crashes caused by an intruder. While there have been numerous analyses conducted on Tomcat, partially because this is easy to do with Tomcat's source code openly available, there have been only '''theoretical''' vulnerabilities found. All of those were addressed even though there were no documented cases of actual exploitation of these vulnerabilities. + + That said, + * There have been several reports of a compromise done via guess of the password of a user of the Manager web application.<><>There was once a bug that blindly clicking-trough the Windows installer configured a manager user with blank password ([[http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.24|CVE-2009-3548]]). This was fixed by April 2010 (Tomcat 5.5.29, 6.0.24 and later are safe).<><>Please see "Security considerations" pages in Tomcat documentation ([[#Links|linked below]]) for a reference on how access to Management Applications in Tomcat should be secured. + + * There have been several reports of compromises via vulnerabilities in 3-rd party web applications deployed on Tomcat. E.g. vulnerabilities in Apache Struts framework were a popular attack target several times in years 2013-2017. E.g. [[https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax|Equifax breach]] in year 2017. It is unknown whether Equifax has run their application on Tomcat, but there have been a number of similar compromise reports from Tomcat users. Those are not caused by a vulnerability in Tomcat. + === Role of Customization === We believe, and the evidence suggests, that Tomcat is more than secure enough for most use-cases. However, like all other components of Tomcat, you can customize any and all of the relevant parts of the server to achieve even higher security. For example, the session manager implementation is pluggable, and even the default implementation has support for pluggable random number generators. If you have a special need that you feel is not met by Tomcat out of the box, consider these customization options. At the same time, please bring up your requirements on the user mailing list, where we'll be glad to discuss it and assist in your approach/design/implementation as needed. + + It is also possible to configure Tomcat insecurely. Please see "Security considerations" pages in Tomcat documentation ([[#Links|linked below]]) for the list of security-sensitive options. === Links === - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Security" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Security" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Security?action=diff&rev1=20&rev2=21 Comment: Add links to Tomcat 8.5 and Tomcat 9 "Security Considerations" pages. === Links === * Known vulnerabilities [[http://tomcat.apache.org/security.html]] - * Security considerations (Tomcat documentation) - [[http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html|Tomcat 8]], [[http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html|Tomcat 7]] + * Security considerations (Tomcat documentation) - [[http://tomcat.apache.org/tomcat-9.0-doc/security-howto.html|Tomcat 9]], + [[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html|Tomcat 8.5]], + [[http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html|Tomcat 8.0]], + [[http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html|Tomcat 7]] == Questions == 1. [[#Q1|How do I use OpenSSL to set up my own Certificate Authority (CA)?]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=19&rev2=20 Comment: Document what is the lifetime of Request/Response objects. Reference the specification. E.g. [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61289|61289]], [[https://bz.apache.org/bugzilla/show_bug.cgi?id=58457|58457]] - The main suspect is your own web application keeping a reference to Request / Response objects outside of their life cycle. + The main suspect is your own web application keeping a reference to Request / Response objects outside of their life cycle. (*) 1. Set the following [[http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html#Security|system property]] in Tomcat configuration: {{{org.apache.catalina.connector.RECYCLE_FACADES=true}}} - This flag instructs Tomcat to recycle facades to its internal objects, so that it is easier to spot illegal access when it happens, instead of waiting until internal state of referenced object becomes corrupted from concurrent access. + When flag is set, Tomcat recycles facades to its internal objects when request processing completes. This makes it easier to spot illegal access when it happens, instead of waiting until side effects of such access become visible.<><> + This flag is also mentioned on the [[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security Considerations]] page. The flag is `true` when Tomcat runs with enabled [[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java Security Manager]]. 2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue. + + (*) '''Note''' + + The lifetime of the Response object is documented in the [[Specifications|Servlet specification]]. Quoting from section "5.8 Lifetime of the Response Object" of Servlet 4.0 specification: + + || Each response object is valid only within the scope of a servlet’s service method, or within the scope of a filter’s doFilter method, unless the associated request object has asynchronous processing enabled for the component. If asynchronous processing on the associated request is started, then the response object remains valid until complete method on AsyncContext is called. || + + In case of asynchronous processing, when an error occurs Tomcat notifies all registered `AsyncListener`s and then calls `complete()` automatically if none of the listeners have called it yet. (Reference: [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61768#c3|61768]]) + + Also see sections "2.3.3.4 Thread Safety" and "3.13 Lifetime of the Request Object" of the same specification. [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=18&rev2=19 Comment: Change section title * A good place for a breakpoint is `org.apache.catalina.connector.CoyoteAdapter.service()` method. That is the entry point from Tomcat connectors and into the Servlet engine. At that place your request has already been received and its processing starts. - == Troubleshooting Response State Problems == + == Troubleshooting unexpected Response state problems == - If you encounter problems that manifest themselves as accessing a request / response that is an inconsistent state. + If you encounter problems that manifest themselves as accessing a request or response that is an inconsistent state. E.g. [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61289|61289]], [[https://bz.apache.org/bugzilla/show_bug.cgi?id=58457|58457]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=17&rev2=18 Comment: Add a section on RECYCLE_FACADES * A good place for a breakpoint is `org.apache.catalina.connector.CoyoteAdapter.service()` method. That is the entry point from Tomcat connectors and into the Servlet engine. At that place your request has already been received and its processing starts. + == Troubleshooting Response State Problems == + + If you encounter problems that manifest themselves as accessing a request / response that is an inconsistent state. + + E.g. [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61289|61289]], [[https://bz.apache.org/bugzilla/show_bug.cgi?id=58457|58457]] + + The main suspect is your own web application keeping a reference to Request / Response objects outside of their life cycle. + + 1. Set the following [[http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html#Security|system property]] in Tomcat configuration: + + {{{org.apache.catalina.connector.RECYCLE_FACADES=true}}} + + This flag instructs Tomcat to recycle facades to its internal objects, so that it is easier to spot illegal access when it happens, instead of waiting until internal state of referenced object becomes corrupted from concurrent access. + + 2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue. + [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/KnownIssues" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/KnownIssues" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/KnownIssues?action=diff&rev1=15&rev2=16 Comment: Replace obsolete bugzilla links with a link to tomcat.apache.org/bugreport.html To determine the known issues for any given Tomcat version, you'll need to review the following: * The currently open bugs and enhancement requests in Bugzilla -* [[https://issues.apache.org/bugzilla/buglist.cgi?query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_status=REOPENED;bug_status=NEEDINFO;product=Tomcat%207|Open Tomcat 7 bugs]] -* [[https://issues.apache.org/bugzilla/buglist.cgi?query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_status=REOPENED;bug_status=NEEDINFO;product=Tomcat%206|Open Tomcat 6 bugs]] * The latest (from svn) change log entries for all newer versions + + See chapter [[https://tomcat.apache.org/bugreport.html#Looking_for_known_issues|Looking for known issues]] on Tomcat web site. -* [[http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml| Tomcat 8 change log]] -* [[http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml| Tomcat 7 change log]] -* [[http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml| Tomcat 6 change log]] <> === What are the known issues with the Oracle JRE? === - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/KnownIssues" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/KnownIssues" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/KnownIssues?action=diff&rev1=14&rev2=15 Comment: Minor formatting corrections. Split paragraphs. '''Are there any other corresponding cases of this bug?''' - The third party PDF generating software module PD4ML has had a corresponding problem when calling the render() methods in class org.zefer.pd4ml.PD4ML with response.getOutputStream() as argument. That causes the response stream to be closed from a finalizer() method of a class called PD4Device. When using an Apache/Tomcat connector, this unexpected stream close from the finalizer thread has occationally caused responses to be sent to wrong requestor (request/response mix up). The workarounds described above for ImageIO works perfectly in this case too. A general way to protect the response output streams from misbehaving web applications is to set the system property org.apache.catalina.connector.RECYCLE_FACADES=true, since that makes Tomcat create new stream instances for each request (of course at the cost of performance). + The third party PDF generating software module PD4ML has had a corresponding problem when calling the render() methods in class org.zefer.pd4ml.PD4ML with response.getOutputStream() as argument. That causes the response stream to be closed from a finalizer() method of a class called PD4Device. When using an Apache/Tomcat connector, this unexpected stream close from the finalizer thread has occationally caused responses to be sent to wrong requestor (request/response mix up). The workarounds described above for ImageIO works perfectly in this case too. - <> - <> - PD4ML has fixed this bug in their latest releases, but sites using older versions of the library can still be affected. PD4ML version 3.2.3 definitely has this flaw, but the currently latest version 3.8.0 is fixed. The release notes gives no clues where in between the problem was fixed and the vendor was not able to tell either in [[http://pd4ml.com/support/pdf-generation-troubleshooting-f4/pd4device-finalize-closes-output-stream-and-causes-mixup-t543.html|this bug report]]. + A general way to protect the response output streams from misbehaving web applications is to set the system property org.apache.catalina.connector.RECYCLE_FACADES=true, since that makes Tomcat create new stream instances for each request (of course at the cost of performance). + + PD4ML has fixed this bug in their latest releases, but sites using older versions of the library can still be affected. PD4ML version 3.2.3 definitely has this flaw, but the currently latest version 3.8.0 is fixed. The release notes document gives no clues where in between the problem was fixed, and the vendor was not able to tell either in [[http://pd4ml.com/support/pdf-generation-troubleshooting-f4/pd4device-finalize-closes-output-stream-and-causes-mixup-t543.html|this bug report]]. + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=47&rev2=48 Comment: Move HTTP/2 specifications to HTTP section. Remove SPDY protocol. The following are specifications for the web protocols supported by Tomcat. - == HTTP == + == HTTP, HTTP/2 == || HTTP 0.9 || [[http://www.w3.org/Protocols/HTTP/AsImplemented.html|The Original HTTP as defined in 1991]] at W3.org|| || HTTP/1.0 || [[http://tools.ietf.org/html/rfc1945|RFC 1945]] || - || HTTP/1.1 || [[http://tools.ietf.org/html/rfc2068|RFC 2068]] (January 1997) - obsolete, replaced by 2616<>[[http://tools.ietf.org/html/rfc2616|RFC 2616]] (June 1999) - obsolete, replaced by 7230...7235<>[[http://tools.ietf.org/html/rfc7230|RFC 7230]] (June 2014) - Message Syntax and Routing<>[[http://tools.ietf.org/html/rfc7231|RFC 7231]] (June 2014) - Semantics and Content<>[[http://tools.ietf.org/html/rfc7232|RFC 7232]] (June 2014) - Conditional Requests<>[[http://tools.ietf.org/html/rfc7233|RFC 7233]] (June 2014) - Range Requests<>[[http://tools.ietf.org/html/rfc7234|RFC 7234]] (June 2014) - Caching<>[[http://tools.ietf.org/html/rfc7235|RFC 7235]] (June 2014) - Authentication || + || HTTP/1.1 || [[http://tools.ietf.org/html/rfc2068|RFC 2068]] (January 1997) - obsolete, replaced by 2616<>[[http://tools.ietf.org/html/rfc2616|RFC 2616]] (June 1999) - obsolete, replaced by 7230...7235<><>[[http://tools.ietf.org/html/rfc7230|RFC 7230]] (June 2014) - Message Syntax and Routing<>[[http://tools.ietf.org/html/rfc7231|RFC 7231]] (June 2014) - Semantics and Content<>[[http://tools.ietf.org/html/rfc7232|RFC 7232]] (June 2014) - Conditional Requests<>[[http://tools.ietf.org/html/rfc7233|RFC 7233]] (June 2014) - Range Requests<>[[http://tools.ietf.org/html/rfc7234|RFC 7234]] (June 2014) - Caching<>[[http://tools.ietf.org/html/rfc7235|RFC 7235]] (June 2014) - Authentication || + || HTTP/2 || [[http://tools.ietf.org/html/rfc7540|RFC 7540]] (May 2015) - Hypertext Transfer Protocol Version 2 (HTTP/2)<>[[http://tools.ietf.org/html/rfc7541|RFC 7541]] (May 2015) - HPACK: Header Compression for HTTP/2<><> [[http://http2.github.io/|HTTP/2 home page, maintained by the IETF HTTPbis Working Group]] || === Related Specifications === @@ -168, +169 @@ || AJP/1.3 || [[http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html|AJP Protocol Reference - AJPv13]] || - == SPDY == - - TBD - - SPDY protocol is obsolete, has been replaced by HTTP/2. - - [[http://tools.ietf.org/html/draft-mbelshe-httpbis-spdy-00|draft-mbelshe-httpbis-spdy-00]] (Draft 3), Expires: August 4, 2012 - - [[http://dev.chromium.org/spdy/spdy-protocol|List of protocol specifications, at dev.chromium.org]] - - == HTTP/2 == - - [[http://http2.github.io/|HTTP/2 home page, maintained by the IETF HTTPbis Working Group]] - - || HTTP/2 || [[http://tools.ietf.org/html/rfc7540|RFC 7540]] (May 2015) - Hypertext Transfer Protocol Version 2 (HTTP/2)<>[[http://tools.ietf.org/html/rfc7541|RFC 7541]] (May 2015) - HPACK: Header Compression for HTTP/2 || - - Note: Firefox enabled HTTP/2 protocol starting with version 34 (released on December 1, 2014), according to its [[https://developer.mozilla.org/en-US/Firefox/Releases/34/Site_Compatibility#Networking|Site Compatibility for Firefox 34]]. - == WebSocket == !WebSocket protocol is specified by [[http://tools.ietf.org/html/rfc6455|RFC 6455]]. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=46&rev2=47 Comment: Reorder JSP & EL specifications, with newer ones first. Add Java EE 8 link. Expression Language was covered by JSP 2.0 and JSP 2.1 specifications, but became a separate document starting with JSP 2.2. - ||Spec versions: ||JSP 2.0 || + ||Spec versions: ||JSP 2.3 || EL 3.0 || + ||Main page: ||[[http://www.jcp.org/en/jsr/detail?id=245|JSR245]] ||[[http://www.jcp.org/en/jsr/detail?id=341|JSR341]] || + ||Java.net project: || [[http://java.net/projects/jsp-spec-public/|jsp-spec-public ]] ? || [[http://java.net/projects/el-spec/|el-spec]] || + ||Stable: || Maintenance Release 2<>''The naming is according to JSR 245. The title page of the<>JSP specification document says "Maintenace Release 3"'' || Final Release || + ||Date: || 12 Jun, 2013 || 22 May, 2013 || + ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/mrel/jsr245/index2.html|Overview]]<>[[http://download.oracle.com/otndocs/jcp/jsp-2_3-mrel2-eval-spec/|Direct Download]] || [[http://jcp.org/aboutJava/communityprocess/final/jsr341/index.html|Overview]]<>[[http://download.oracle.com/otndocs/jcp/el-3_0-fr-eval-spec/index.html|Direct Download]] || + ||Online Javadoc: ||<-2> [[http://docs.oracle.com/javaee/7/api/|Java EE 7]], [[https://javaee.github.io/javaee-spec/javadocs/ | Java EE 8]] || + ||Minimum Tomcat version: ||<-2> 8.0.0 || + + ||Spec versions: ||JSP 2.2, EL 2.2 || - ||Main page: ||[[http://www.jcp.org/en/jsr/summary?id=152|JSR152]] || + ||Main page: ||[[http://www.jcp.org/en/jsr/summary?id=245|JSR245]] || - ||Stable: ||Final Release || - ||Date: ||24 November, 2003 || - ||Download Page: ||[[http://jcp.org/aboutJava/communityprocess/final/jsr152/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/jsp-2.0-fr-oth-JSpec/|Direct Download]] || + ||Stable: ||Maintenance Release<>''The naming is according to JSR 245. The title page of the<>JSP specification document says "Maintenace Release 2"'' || + ||Date: ||10 Dec, 2009 || + ||Download Page: ||[[http://jcp.org/aboutJava/communityprocess/mrel/jsr245/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/jsp-2.2-mrel-eval-oth-JSpec/|Direct Download - JSP 2.2]]<> [[http://download.oracle.com/otndocs/jcp/expression_language-2.2-mrel-eval-oth-JSpec/|Direct Download - EL 2.2]] || - ||Online Javadoc: || [[http://docs.oracle.com/javaee/1.4/api/|Java EE 1.4]] || + ||Online Javadoc: || [[http://docs.oracle.com/javaee/6/api/|Java EE 6]]|| - ||Minimum Tomcat version: || 5.0.0 || + ||Minimum Tomcat version: || 7.0.0 || ||Spec versions: ||JSP 2.1 || ||Main page: ||[[http://www.jcp.org/en/jsr/summary?id=245|JSR245]] || @@ -94, +103 @@ ||Online Javadoc: || [[http://docs.oracle.com/javaee/5/api/|Java EE 5]]|| ||Minimum Tomcat version: || 6.0.0 || - ||Spec versions: ||JSP 2.2, EL 2.2 || + ||Spec versions: ||JSP 2.0 || - ||Main page: ||[[http://www.jcp.org/en/jsr/summary?id=245|JSR245]] || + ||Main page: ||[[http://www.jcp.org/en/jsr/summary?id=152|JSR152]] || - ||Stable: ||Maintenance Release<>''The naming is according to JSR 245. The title page of the<>JSP specification document says "Maintenace Release 2"'' || - ||Date: ||10 Dec, 2009 || - ||Download Page: ||[[http://jcp.org/aboutJava/communityprocess/mrel/jsr245/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/jsp-2.2-mrel-eval-oth-JSpec/|Direct Download - JSP 2.2]]<> [[http://download.oracle.com/otndocs/jcp/expression_language-2.2-mrel-eval-oth-JSpec/|Direct Download - EL 2.2]] || + ||Stable: ||Final Release || + ||Date: ||24 November, 2003 || + ||Download Page: ||[[http://jcp.org/aboutJava/communityprocess/final/jsr152/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/jsp-2.0-fr-oth-JSpec/|Direct Download]] || - ||Online Javadoc: || [[http://docs.oracle.com/javaee/6/api/|Java EE 6]]|| + ||Online Javadoc: || [[http://docs.oracle.com/javaee/1.4/api/|Java EE 1.4]] || - ||Minimum Tomcat version: || 7.0.0 || + ||Minimum Tomcat version: || 5.0.0 || - - ||Spec versions: ||JSP 2.3 || EL 3.0 || - ||Main page: ||[[http://www.jcp.org/en/jsr/detail?id=245|JSR245]] ||[[http://www.jcp.org/en/jsr/detail?id=341|JSR341]] || - ||Java.net project: || [[http://java.net/projects/jsp-spec-public/|jsp-spec-public ]] ? || [[http://java.net/projects/el-spec/|el-spec]] || - ||Stable: || Maintenance Release 2<>''The naming is according to JSR 245. The title page of the<>JSP specification document says "Maintenace Release 3"'' || Final Release || - ||Date: || 12 Jun, 2013 || 22 May, 2013 || - ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/mrel/jsr245/index2.html|Overview]]<>[[http://download.oracle.com/otndocs/jcp/jsp-2_3-mrel2-eval-spec/|Direct Download]] || [[http://jcp.org/aboutJava/commun
[Tomcat Wiki] Update of "TomcatVersions" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "TomcatVersions" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/TomcatVersions?action=diff&rev1=28&rev2=29 Comment: Update specification versions for Tomcat 9.0, based on Java EE Platform v8 Final Release document - ch.EE.6.1.2 (Required Java Technologies) The "Process" field in the following tables documents what development model is accepted by that project, either [[http://www.apache.org/foundation/glossary.html#ReviewThenCommit|Review-Then-Commit]] or [[http://www.apache.org/foundation/glossary.html#CommitThenReview|Commit-Then-Review]]. For RTC model the changes are first proposed in the `STATUS.txt` file in the root of the project and have to gain at least 3 "`+1`" votes before being applied. The project members have agreed on several [[#RTC_Exceptions|exceptions]] from the RTC rule (documented below). = Tomcat 9.0.x = - ||Spec versions: ||Servlet 4.0, JSP 2.4?, EL 3.1?, !WebSocket 1.2?, JASPIC 1.1 || + ||Spec versions: ||Servlet 4.0, JSP 2.3, EL 3.0, !WebSocket 1.1, JASPIC 1.1 || ||Stable: ||No || ||Enhancements: ||Yes || ||Bug Fixes: ||Yes || - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=45&rev2=46 Comment: Correct naming of JavaEE project ||Spec versions: ||Servlet 4.0 || ||Main page: || [[http://www.jcp.org/en/jsr/detail?id=369|JSR369]] || - ||Java.net project: || [[https://javaee.github.io/servlet-spec/|servlet-spec]]<>Also see JavaEE specification project, [[https://javaee.github.io/javaee-spec/|javaee-spec]]|| + ||Java.net project: || [[https://javaee.github.io/servlet-spec/|servlet-spec]]<>Also see Java EE Platform Specification project, [[https://javaee.github.io/javaee-spec/|javaee-spec]]|| ||Stable: || Final Release || ||Date: || 05 Sept, 2017 || ||Download Page: || [[https://jcp.org/aboutJava/communityprocess/final/jsr369/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-4-final-eval-spec/index.html|Direct Download]] || - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "TomcatVersions" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "TomcatVersions" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/TomcatVersions?action=diff&rev1=27&rev2=28 Comment: Update information on releases. (Tomcat 6.0 archived, 9.0 available, names of release managers) ||Enhancements: ||Yes || ||Bug Fixes: ||Yes || ||Security Fixes: ||Yes || - ||Releases: ||Not yet || + ||Releases: ||Yes || - ||Release Manager: ||TBD || + ||Release Manager: ||Mark Thomas (markt) || ||Process: ||CTR || - ||Listed on download pages: ||Not yet || + ||Listed on download pages: ||Yes || = Tomcat 8.5.x = ||Spec versions: ||Servlet 3.1, JSP 2.3, EL 3.0, !WebSocket 1.1, JASPIC 1.1 || @@ -38, +38 @@ ||Bug Fixes: ||Yes || ||Security Fixes: ||Yes || ||Releases: ||Yes || - ||Release Manager: ||Mark Thomas (markt) || + ||Release Manager: ||Violeta Georgieva (violetagg) || ||Process: ||CTR || ||Listed on download pages: ||Yes || @@ -57, +57 @@ = Tomcat 6.0.x = ||Spec versions: ||Servlet 2.5, JSP 2.1 || ||Stable: ||Yes || - ||Enhancements: ||Unlikely || + ||Enhancements: ||Highly unlikely || - ||Bug Fixes: ||Yes || - ||Security Fixes: ||Yes || - ||Releases: ||Yes || - ||Release Manager: ||Jean-Frederic Clere (jfclere) || + ||Bug Fixes: ||Highly unlikely || + ||Security Fixes: ||Highly unlikely || + ||Releases: ||Highly unlikely || + ||Release Manager: ||Violeta Georgieva (violetagg) || ||Process: ||CTR || - ||Listed on download pages: ||Yes || + ||Listed on download pages: ||No || = Tomcat 5.5.x = - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=44&rev2=45 Comment: Reorder Sevler specs with newer ones first. Add Servlet 4.0 specification. == Java Servlet Specifications == + Servlet 4.0 specification is JSR 369. + Servlet 3.1 specification is JSR 340. Servlet 3.0 specification is JSR 315. Servlet 2.5 is a maintenance release of Servlet 2.4. Both are JSR 154. - ||Spec versions: ||Servlet 2.4 || + ||Spec versions: ||Servlet 4.0 || - ||Main page: || [[http://www.jcp.org/en/jsr/summary?id=154|JSR154]] || + ||Main page: || [[http://www.jcp.org/en/jsr/detail?id=369|JSR369]] || + ||Java.net project: || [[https://javaee.github.io/servlet-spec/|servlet-spec]]<>Also see JavaEE specification project, [[https://javaee.github.io/javaee-spec/|javaee-spec]]|| - ||Stable: ||Final Release || + ||Stable: || Final Release || - ||Date: ||24 Nov, 2003 || + ||Date: || 05 Sept, 2017 || - ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-2.4-fr-spec-oth-JSpec/|Direct Download]] || + ||Download Page: || [[https://jcp.org/aboutJava/communityprocess/final/jsr369/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-4-final-eval-spec/index.html|Direct Download]] || - ||Online Javadoc: || [[http://docs.oracle.com/javaee/1.4/api/|Java EE 1.4]] || + ||Online Javadoc: || [[https://javaee.github.io/javaee-spec/javadocs/ | Java EE 8]] (A javaee.github.io link. Not available at docs.oracle.com?) || - ||Minimum Tomcat version: || 5.0.0 || + ||Minimum Tomcat version: || 9.0.0 || + + ||Spec versions: ||Servlet 3.1 || + ||Main page: || [[http://www.jcp.org/en/jsr/detail?id=340|JSR340]] || + ||Java.net project: || [[http://java.net/projects/servlet-spec/|servlet-spec ]]|| + ||Stable: || Final Release || + ||Date: || 28 May, 2013 || + ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/final/jsr340/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-3_1-fr-eval-spec/index.html|Direct Download]] || + ||Online Javadoc: || [[http://docs.oracle.com/javaee/7/api/|Java EE 7]] || + ||Minimum Tomcat version: || 8.0.0 || + + ||Spec versions: ||<-2>Servlet 3.0 || + ||Main page: ||<-2> [[http://www.jcp.org/en/jsr/summary?id=315|JSR315]] || + ||Stable: ||Final Release ||Maintenance Release (Version 3.0 Rev a) || + ||Date: ||10 Dec, 2009 ||6 Feb, 2011|| + ||Download Page: ||[[http://jcp.org/aboutJava/communityprocess/final/jsr315/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-3.0-fr-eval-oth-JSpec/|Direct Download]] || [[http://jcp.org/aboutJava/communityprocess/mrel/jsr315/index.html|Overview]]<>[[http://jcp.org/aboutJava/communityprocess/maintenance/jsr315/315ChangeLog.html|Change Log]]<>[[http://download.oracle.com/otndocs/jcp/servlet-3.0-mrel-eval-oth-JSpec/|Direct Download - PDF]] || + ||Online Javadoc: ||<-2> [[http://docs.oracle.com/javaee/6/api/|Java EE 6]]|| + ||Minimum Tomcat version: || 7.0.0 || 7.0.25 || ||Spec versions: ||<-2> Servlet 2.5 || ||Main page: ||<-2> [[http://www.jcp.org/en/jsr/summary?id=154|JSR154]] || @@ -38, +58 @@ ||Online Javadoc: ||<-2> [[http://docs.oracle.com/javaee/5/api/|Java EE 5]]|| ||Minimum Tomcat version: || 6.0.0 || 6.0.44 ([[https://bz.apache.org/bugzilla/show_bug.cgi?id=57703|bug 57703]]) || - ||Spec versions: ||<-2>Servlet 3.0 || + ||Spec versions: ||Servlet 2.4 || - ||Main page: ||<-2> [[http://www.jcp.org/en/jsr/summary?id=315|JSR315]] || + ||Main page: || [[http://www.jcp.org/en/jsr/summary?id=154|JSR154]] || - ||Stable: ||Final Release ||Maintenance Release (Version 3.0 Rev a) || - ||Date: ||10 Dec, 2009 ||6 Feb, 2011|| - ||Download Page: ||[[http://jcp.org/aboutJava/communityprocess/final/jsr315/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-3.0-fr-eval-oth-JSpec/|Direct Download]] || [[http://jcp.org/aboutJava/communityprocess/mrel/jsr315/index.html|Overview]]<>[[http://jcp.org/aboutJava/communityprocess/maintenance/jsr315/315ChangeLog.html|Change Log]]<>[[http://download.oracle.com/otndocs/jcp/servlet-3.0-mrel-eval-oth-JSpec/|Direct Download - PDF]] || - ||Online Javadoc: ||<-2> [[http://docs.oracle.com/javaee/6/api/|Java EE 6]]|| - ||Minimum Tomcat version: || 7.0.0 || 7.0.25 || - - ||Spec versions: ||Servlet 3.1 || - ||Main page: || [[http://www.jcp.org/en/jsr/detail?id=340|JSR340]] || - ||Java.net project: || [[http://java.net/projects/servlet-spec/|servlet-spec ]]|| - ||Stable: || Final Release || + ||Stable: ||Final Release || - ||Date: || 28 May, 2013 || + ||Date: ||24 Nov, 2003 || - ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/final/jsr340/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-3
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=43&rev2=44 Comment: Update spec compliance values, as bug 57703 was fixed in 6.0.44 ||Date: ||11 May, 2006 ||11 Sep, 2007 || ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-2.5-mrel-eval-oth-JSpec/|Direct Download - Javadoc, classes]] || [[http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html|Overview]]<> [[http://download.oracle.com/otndocs/jcp/servlet-2.5-mrel2-eval-oth-JSpec/|Direct Download - PDF]]|| ||Online Javadoc: ||<-2> [[http://docs.oracle.com/javaee/5/api/|Java EE 5]]|| - ||Minimum Tomcat version: || 6.0.0 || N/A ([[https://bz.apache.org/bugzilla/show_bug.cgi?id=57703|bug 57703]]) || + ||Minimum Tomcat version: || 6.0.0 || 6.0.44 ([[https://bz.apache.org/bugzilla/show_bug.cgi?id=57703|bug 57703]]) || ||Spec versions: ||<-2>Servlet 3.0 || ||Main page: ||<-2> [[http://www.jcp.org/en/jsr/summary?id=315|JSR315]] || - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "tools/check_jmxproxy.pl" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "tools/check_jmxproxy.pl" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/tools/check_jmxproxy.pl?action=diff&rev1=2&rev2=3 Comment: Move to GitHub + In order to provide better history and community participation, this script has moved to: - {{{ - #!/usr/bin/perl - # - # check_jmxproxy - # - # Contacts a JMX proxy (like that which Apache Tomcat provides) - # and compares the return value to the warning and critical values - # provided as parameters to this script. - # - # Copyright (c) 2012 Christopher Schultz - # - # Christopher Schultz licenses this file to You under the Apache License, - # Version 2.0 (the "License"); you may not use this file except in - # compliance with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # Special thanks to Susan Burgee for her help with Perl. - # - use strict; + https://github.com/ChristopherSchultz/apache-tomcat-stuff/tree/master/bin/nagios - # For getopt: - use Getopt::Long qw(:config no_ignore_case bundling);; - - # For HTTP stuff: - use LWP::UserAgent; - use HTTP::Request; - use HTTP::Response; - use URI::Heuristic; - - my $help = ''; - my $url = ''; - my $warn = ''; - my $critical = ''; - my $verbose = ''; - my $authorization = ''; - my $useragent = 'Nagios check_jmxproxy/0.1'; - my $timeout = 180; - my $fetchingRegexp = '^OK.*=\s*([0-9]+)$'; - # $fetchingRegexp = 'OK.*used=([0-9]+).*'; - my $outputFilterRegexp; - - GetOptions( - 'U=s' => \$url, - 'url=s' => \$url, - 'w=s' => \$warn, - 'warn=s' => \$warn, - 'c=s' => \$critical, - 'critical=s' => \$critical, - 'h' => \$help, - 'help'=> \$help, - 'v' => \$verbose, - 'verbose' => \$verbose, - 'a=s' => \$authorization, - 'authorization=s' => \$authorization, - 'A' => \$useragent, - 'useragent' => \$useragent, - 't=i' => \$timeout, - 'timeout=i' => \$timeout, - 'r=s' => \$fetchingRegexp, - 'regexp=s'=> \$fetchingRegexp, - 'R=s' => \$outputFilterRegexp, - 'filtering-regexp=s' => \$outputFilterRegexp, - ) or $help = '-h'; - - $help = 1 if ( $url eq '' || $warn eq '' || $critical eq '' ); - - if( $help ) { - print < -w -c - - -A, --useragent - Specify the User-Agent that will be sent when contacting the server. - - -a, --authorization - Specify the BASIC authorization string that will be used to satisfy - a WWW-Authenticate challenge. Should be in the form 'user:password'. - - -c, --critical - Specifies the 'critical' level against which the number returned - from the JMX proxy will be compared. Append a ':' to the end of - the critical value in order to perform a less-than comparison. - - -h, --help - Shows this help message. - - -r, --regexp - Specifies the regular expression that will be used to capture the - numeric portion of the JMX proxy's response. The first capture group - in the regular expression will be used as the numeric response. - Default: '^OK.*=\\s*([0-9]+)\$' - - -R, --filtering-regexp - Specifies the regular expresison that will be used to filter the - response from the JMX proxy before echoing it to the output stream - after a "JMX OK", "JMX WARN", or "JMX CRITICAL" message. If the - response from the JMX proxy is malformed, the response will not be - filtered. - - -t, --timeout - Specifies the timeout, in seconds, to wait for a response before - the request to the server is considered a failure. Default is 180 - (3 minutes). - - -U, --url - Specifies the URL that check_jmxproxy will contact. - - -v, --verbose - Enabled verbose logging of what check_jmxproxy is doing. - - -w, --warn - Specifies the 'warning' level against which a number returned - from the JMX proxy will be compared. Append a ':' to the end of - the warning value in order to perform a less-than comparison. - - Example: -${0} -U 'http://host/manager/jmxproxy?get=java.lang:type=Memory&att=HeapMemoryUsage&key=used' -w 33554432 -c 50331648 - - This example will report CRITICAL if the current JVM heap size exceeds - 48MiB or WARN if the heap size exceeds 32MiB. - USAGE - exit(); - } - - if ($verbose) { - print "url = $url\n" if ($url); - print "cricital = $cri
[Tomcat Wiki] Update of "HowTo/FasterStartUp" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "HowTo/FasterStartUp" page has been changed by markt: https://wiki.apache.org/tomcat/HowTo/FasterStartUp?action=diff&rev1=27&rev2=28 Comment: Un-wikify WebSocket }}} - The impact of disabling WebSocket support will depend on how many JARs were being scanned for WebSocket annotations and whether any other SCIs trigger annotation scans. Generally, it is the first SCI scan that has the biggest performance impact. The impact of additional scans is minimal. + The impact of disabling !WebSocket support will depend on how many JARs were being scanned for !WebSocket annotations and whether any other SCIs trigger annotation scans. Generally, it is the first SCI scan that has the biggest performance impact. The impact of additional scans is minimal. References: [[https://bz.apache.org/bugzilla/show_bug.cgi?id=55855|Bug 55855]], [[http://tomcat.apache.org/tomcat-8.0-doc/config/context.html|Tomcat 8 Context documentation]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "HowTo/FasterStartUp" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "HowTo/FasterStartUp" page has been changed by markt: https://wiki.apache.org/tomcat/HowTo/FasterStartUp?action=diff&rev1=26&rev2=27 Comment: Complete some TODOs There exists an attribute on `Context` element, `containerSciFilter`. It can be used to disable container-provided features that are plugged into Tomcat via SCI API: !WebSocket support (in Tomcat 7 and later), JSP support (in Tomcat 8 and later). - The class names to filter can be detected by looking into `META-INF/services/javax.servlet.ServletContainerInitializer` files in Tomcat JARs. For !WebSocket support the name is `org.apache.tomcat.websocket.server.WsSci`, for JSP support the name is `org.apache.jasper.servlet.JasperInitializer`. + The class names to filter can be detected by looking into `META-INF/services/javax.servlet.ServletContainerInitializer` files in Tomcat JARs. For !WebSocket support the name is `org.apache.tomcat.websocket.server.WsSci`, for JSP support the name is `org.apache.jasper.servlet.JasperInitializer`. e.g.: + {{{ + + }}} + The impact of disabling WebSocket support will depend on how many JARs were being scanned for WebSocket annotations and whether any other SCIs trigger annotation scans. Generally, it is the first SCI scan that has the biggest performance impact. The impact of additional scans is minimal. - ''TODO: Configuration example'' - - ''TODO: How much faster does it make it? In short: Delays due to annotation scanning caused by !WebSocket have been already mentioned in another paragraphs on this page. This is an alternative to removing websocket JARs from Tomcat installation.'' References: [[https://bz.apache.org/bugzilla/show_bug.cgi?id=55855|Bug 55855]], [[http://tomcat.apache.org/tomcat-8.0-doc/config/context.html|Tomcat 8 Context documentation]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=65&rev2=66 Comment: Better link for pivotal OSS support - = Support = - - [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings|width=150}}]] + [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|https://pivotal.io/support/oss|width=150}}]] - Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. + Pivotal provides global, 24x7, [[https://pivotal.io/support/oss|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. [[http://www.kippdata.de|{{http://www.kippdata.de/site/themes/kippdata/img/elements/kippdata_logo.gif|http://www.kippdata.de}}]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=64&rev2=65 Comment: Make expected location of new entries clearer. The ASF does not endorse any of the organisations listed on this page nor any services that they may provide. - If you would like to add your company to this page, feel free to do so. You will need to create a wiki account to do so. There aren't any hard and fast rules about what is acceptable but please keep your entry to a few lines, a link and a small logo. Excessive entries will be edited. Remember to add you company to both sections if you provide support and training. + If you would like to add your company to this page, feel free to do so. You will need to create a wiki account to do so. There aren't any hard and fast rules about what is acceptable but please keep your entry to a few lines, a link and a small logo. Excessive entries will be edited. Remember to add you company to both sections if you provide support and training. New entries should be added to the end of the relevant section. - = Support = - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=63&rev2=64 Comment: Review support ordering SpringSource/Pivotal was the first entry. OpenLogic/RougeWave was sixth. Review training ordering. OpenLogic/RougeWave was fourth. - = Support = - + [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings|width=150}}]] + + Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. + [[http://www.kippdata.de|{{http://www.kippdata.de/site/themes/kippdata/img/elements/kippdata_logo.gif|http://www.kippdata.de}}]] Kippdata's [[https://www.kippdata.de/tomcat/|eSupport for Apache Tomcat]] features several eSupport packages starting from basic support levels up to mission critical enterprise support. We actively contribute to the Apache Tomcat project, so that our bug fixes and other code enhancements become part of the standard Apache Tomcat code. Kippdata is located in Bonn, Germany. @@ -24, +28 @@ Site: [[http://www.opengate.biz|www.opengate.biz]]<> eMail: i...@opengate.biz.<><> - [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings|width=150}}]] - - Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. - [[http://www.mulesoft.com|{{https://www.mulesoft.com/sites/default/files/3C_mulesoft_logo_updated.svg|http://www.mulesoft.com|width=150}}]] !MuleSoft provides global [[http://www.mulesoft.com/tomcat-support|enterprise Tomcat support]] as well as free, user-contributed howto guides. A general-audience [[http://www.mulesoft.com/understanding-apache-tomcat|Apache Tomcat]] guide is meant for absolute beginners, while intermediate Tomcat users can benefit from guides on how to resolve [[http://www.mulesoft.com/tomcat-logging|Tomcat logging]] problems or how to use [[http://www.mulesoft.com/tomcat-eclipse|Tomcat in eclipse]]. !MuleSoft also provides resources on upcoming releases of Tomcat like [[http://www.mulesoft.com/tomcat-7|Tomcat 7]]. !MuleSoft employs leading experts and authors on Apache Tomcat to ensure that customers can get their questions answered quickly and accurately. !MuleSoft also provides [[http://www.mulesoft.com/free-apache-tomcat-support|Free Tomcat Assistance]]. @@ -37, +37 @@ [[http://innraz.ru/|InnRaz.ru]] offers enterprise support and consulting for Apache Tomcat users. + + [[http://www.roguewave.com|{{http://www.roguewave.com/CMSPages/GetAzureFile.aspx?path=~\roguewave\media\assets\logos\rw-logo.png&hash=a8e0402f2ee46c3ac9de1b48128e0d1465ef716dde369d3cd448811ab1c55206|http://www.roguewave.com}}]] + + [[http://www.roguewave.com/|Roguewave Tomcat Support]] / [[http://www.openlogic.com/|OpenLogic]] has a dedicated team of OSS experts offering round-the-clock Production Support with competitive SLAs for troubleshooting Tomcat issues and outages. [[http://www.savoirfairelinux.com|{{http://www.savoirfairelinux.com/image/image_gallery?img_id=53315&t=1287776986392|http://www.savoirfairelinux.com}}]] @@ -49, +53 @@ [[http://www.it-schulungen.com|{{http://www.it-schulungen.com/images/banners/its-banner-ulmerv.gif|http://www.it-schulungen.com}}]] IT-Schulungen.com [[http://www.it-schulungen.com/seminare/opensource/index.html|Training and Support for Apache Tomcat]] IT-Schulungen.com is located in nurumberg, Germany. - - [[http://www.roguewave.com|{{http://www.roguewave.com/CMSPages/GetAzureFile.aspx?path=~\roguewave\media\assets\logos\rw-logo.png&hash=a8e0402f2ee46c3ac9de1b48128e0d1465ef716dde369d3cd448811ab1c55206|http://www.roguewave.com}}]] - - [[http://www.roguewave.com/|Roguewave Tomcat Support]] / [[http://www.openlogic.com/|OpenLogic]] has a dedicated team of OSS experts offering round-the-clock Production Support with competitive SLAs for troubleshooting Tomcat issues and outages. [[https://www.rosehosting.com|{{https://media.rosehosting.com/uploads/2016/12/rosehosting-logo50.png|https://www.rosehosting.com}}]] @@ -79, +79 @@ [[http://www.nobleprog.com|{{http://www.nobleprog.com/sites/all/themes/nexus_subtheme/logo.png|http://www.nobleprog.com}}]]
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=62&rev2=63 Comment: Headings were getting lost in the logos. Add horizontal rules to make then stand out. If you would like to add your company to this page, feel free to do so. You will need to create a wiki account to do so. There aren't any hard and fast rules about what is acceptable but please keep your entry to a few lines, a link and a small logo. Excessive entries will be edited. Remember to add you company to both sections if you provide support and training. + - = Support = + - [[http://www.kippdata.de|{{http://www.kippdata.de/site/themes/kippdata/img/elements/kippdata_logo.gif|http://www.kippdata.de}}]] Kippdata's [[https://www.kippdata.de/tomcat/|eSupport for Apache Tomcat]] features several eSupport packages starting from basic support levels up to mission critical enterprise support. We actively contribute to the Apache Tomcat project, so that our bug fixes and other code enhancements become part of the standard Apache Tomcat code. Kippdata is located in Bonn, Germany. @@ -59, +61 @@ === Example company name === Use this example as a basis for your entry. New entries should be added just above this example. + - = Training = + - + [[http://www.kippdata.de|{{http://www.kippdata.de/site/themes/kippdata/img/elements/kippdata_logo.gif|http://www.kippdata.de}}]] Kippdata offers a [[http://www.kippdata.de/red/workshops/opensource/|selection of trainings for Apache Tomcat]]. We focus on single day trainings like „Apache Tomcat Best Practices“, „Java Memory Sizing and Garbage Collection Tuning“. Kippdata is located in Bonn, Germany. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=61&rev2=62 Comment: Add a logo for mechsoft otherwise their entry gets lots in the text !Intertech [[http://www.intertech.com|delivers training and consulting for Tomcat]] in our complete line-up of open source-related training and consulting. For training, students can attend courses virtually, in-person at Intertech's facility, or we can come to your location. - [[http://mechsoft.com.tr|Mechsoft]] + [[http://mechsoft.com.tr|{{https://www.mechsoft.com.tr/images/logo/mechsoft.jpg|http://mechsoft.com.tr}}]] !MechSoft supports the development of open source software in Turkey and the world. We always aim to use open source applications and tools while developing our enterprise applications. Besides, our highly talented developers represent !MechSoft and Turkey at well-known open source foundation. !MechSoft helps companies to adopt open source solutions in their IT infrastructure. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=60&rev2=61 Comment: Add a logo for intertech else their entry gets lost in the text Savoir-faire Linux provides 24/7 support, consulting, development and training services on Apache Tomcat. We provide [[http://www.savoirfairelinux.com/services/training/open-source-softwares/oss111-tomcat|Tomcat training]] in our offices in Montreal, Quebec City and Ottawa, Canada. For private, on-site and custom courses, contact train...@savoirfairelinux.com or call 1-877-735-4689. - [[http://www.intertech.com|{{attachment:intertech.jpg|http://www.intertech.com}}]] + [[http://www.intertech.com|{{attachment:intertech.jpg|http://www.intertech.com|width=100}}]] !Intertech [[http://www.intertech.com|delivers training and consulting for Tomcat]] in our complete line-up of open source-related training and consulting. For training, students can attend courses virtually, in-person at Intertech's facility, or we can come to your location. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] New attachment added to page SupportAndTraining
Dear Wiki user, You have subscribed to a wiki page "SupportAndTraining" for change notification. An attachment has been added to that page by markt. Following detailed information is available: Attachment name: intertech.jpg Attachment size: 6926 Attachment link: https://wiki.apache.org/tomcat/SupportAndTraining?action=AttachFile&do=get&target=intertech.jpg Page link: https://wiki.apache.org/tomcat/SupportAndTraining - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=59&rev2=60 Savoir-faire Linux provides 24/7 support, consulting, development and training services on Apache Tomcat. We provide [[http://www.savoirfairelinux.com/services/training/open-source-softwares/oss111-tomcat|Tomcat training]] in our offices in Montreal, Quebec City and Ottawa, Canada. For private, on-site and custom courses, contact train...@savoirfairelinux.com or call 1-877-735-4689. + [[http://www.intertech.com|{{attachment:intertech.jpg|http://www.intertech.com}}]] !Intertech [[http://www.intertech.com|delivers training and consulting for Tomcat]] in our complete line-up of open source-related training and consulting. For training, students can attend courses virtually, in-person at Intertech's facility, or we can come to your location. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=58&rev2=59 Comment: Fix GFU logo !LearnComputer offers instructor-led online and onsite [[http://www.learncomputer.com/training/tomcat/|Tomcat training]] courses for companies and public. We also offer beginner to advanced courses in Android, Apache, Hadoop, PHP, MySQL, Linux, Java and Networking. - [[http://www.gfu.net|{{http://www.gfu.net/css/screen/images/logo.jpg|http://www.gfu.net - GFU Cyrus AG in Köln}}]] + [[http://www.gfu.net|{{attachment:gfu.jpg|http://www.gfu.net - GFU Cyrus AG in Köln|height=100}}]] GFU Cyrus AG offers extensive [[http://www.gfu.net/schulung-tomcat-grundlagen.html|seminars and inhouse training on Apache Tomcat]], from basic principles to advanced and intensive courses. Architecture, installation and configuration – in the cologne training centre you obtain an overview of the possibilities of the application server. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] New attachment added to page SupportAndTraining
Dear Wiki user, You have subscribed to a wiki page "SupportAndTraining" for change notification. An attachment has been added to that page by markt. Following detailed information is available: Attachment name: gfu.jpg Attachment size: 3601 Attachment link: https://wiki.apache.org/tomcat/SupportAndTraining?action=AttachFile&do=get&target=gfu.jpg Page link: https://wiki.apache.org/tomcat/SupportAndTraining - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=57&rev2=58 Comment: Remove JMatrix. Website is no longer active. !Intertech [[http://www.intertech.com|delivers training and consulting for Tomcat]] in our complete line-up of open source-related training and consulting. For training, students can attend courses virtually, in-person at Intertech's facility, or we can come to your location. - [[http://www.jmatrix.in//|{{http://www.jmatrix.in//attachments/Logo/SS_1.GIF?template=generic}}]] - - Jmatrix provides technical support for tomcat customization and migration. - [[http://mechsoft.com.tr|Mechsoft]] !MechSoft supports the development of open source software in Turkey and the world. We always aim to use open source applications and tools while developing our enterprise applications. Besides, our highly talented developers represent !MechSoft and Turkey at well-known open source foundation. !MechSoft helps companies to adopt open source solutions in their IT infrastructure. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=56&rev2=57 Comment: Fix other Mulesoft logo Kippdata bietet eine [[http://www.kippdata.de/red/workshops/opensource/|Auswahl an Schulungen für Apache Tomcat]] an. Wir haben uns auf Ein-Tages-Schulungen zu Themen wie „Apache Tomcat Best Practices“, „Java Memory Sizing and Garbage Collection Tuning“ spezialisiert. Kippdata ist in Bonn, Deutschland, ansässig. - [[http://www.MuleSoft.com|{{http://www.mulesoft.com/sites/default/files/mulesoft-logo-final.gif|http://www.MuleSoft.com}}]] + [[http://www.mulesoft.com|{{https://www.mulesoft.com/sites/default/files/3C_mulesoft_logo_updated.svg|http://www.mulesoft.com|width=150}}]] !MuleSoft provides comprehensive [[http://www.mulesoft.com/mule-training|Tomcat Training]] for users of Apache Tomcat. !MuleSoft offers a FREE pre-recorded training course to help users to get started with Apache Tomcat and also intensive instructor led training courses on advanced topics such as [[http://www.mulesoft.com/tomcat-performance-tuning|Tomcat performance tuning]], [[http://www.mulesoft.com/tomcat-configuration-training|configuration management]]. The training is designed by Tomcat experts and delivered by experienced instructors. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=55&rev2=56 Comment: Fix broken Mulesoft logo Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. - [[http://www.mulesoft.com|{{http://www.mulesoft.com/sites/default/files/mulesoft-logo-final.gif|http://www.mulesoft.com}}]] + [[http://www.mulesoft.com|{{https://www.mulesoft.com/sites/default/files/3C_mulesoft_logo_updated.svg|http://www.mulesoft.com|width=150}}]] !MuleSoft provides global [[http://www.mulesoft.com/tomcat-support|enterprise Tomcat support]] as well as free, user-contributed howto guides. A general-audience [[http://www.mulesoft.com/understanding-apache-tomcat|Apache Tomcat]] guide is meant for absolute beginners, while intermediate Tomcat users can benefit from guides on how to resolve [[http://www.mulesoft.com/tomcat-logging|Tomcat logging]] problems or how to use [[http://www.mulesoft.com/tomcat-eclipse|Tomcat in eclipse]]. !MuleSoft also provides resources on upcoming releases of Tomcat like [[http://www.mulesoft.com/tomcat-7|Tomcat 7]]. !MuleSoft employs leading experts and authors on Apache Tomcat to ensure that customers can get their questions answered quickly and accurately. !MuleSoft also provides [[http://www.mulesoft.com/free-apache-tomcat-support|Free Tomcat Assistance]]. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=54&rev2=55 Comment: Reduce logo size Site: [[http://www.opengate.biz|www.opengate.biz]]<> eMail: i...@opengate.biz.<><> - [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings}}]] + [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings|width=150}}]] Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by LucaVisconti
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by LucaVisconti: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=53&rev2=54 Comment: Sorry Pivotal, but I've noticed only now that on "Revision 44 as of 2015-02-03 20:52:47" you changed your position from line 61 to in front of Open Gate. I re-established original order. Kippdatas [[https://www.kippdata.de/tomcat/|eSupport für Apache Tomcat]] bietet von Basis Level Support bis hin zu Support für unternehmenskritische Anwendungen verschiedene eSupport-Pakete. Wir beteiligen uns aktiv am Apache Tomcat Projekt, so dass unsere Fehlerbeseitigungen und andere Erweiterungen des Codes in den Standard Apache Tomcat Code einfliessen. Kippdata ist in Bonn, Deutschland, ansässig. - [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings}}]] - - Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. - [[http://www.opengate.biz/|{{http://www.opengate.biz/wp-content/uploads/2014/02/logo_opengate_hea...@2x-300x51.png|http://www.opengate.biz/}}]] !OpenGate provides support for Apache Tomcat enterprise users located in Italy. !OpenGate has over 13 years experience in helping customers adopting Apache Tomcat and hundreds of success stories.<> !OpenGate fornisce supporto in Italia per gli utenti di Apache Tomcat. !OpenGate ha più di 13 anni di esperienza nell'aiutare i clienti nell'adozione di Apache Tomcat e centinaia di storie di successo.<> <> Site: [[http://www.opengate.biz|www.opengate.biz]]<> eMail: i...@opengate.biz.<><> + + [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings}}]] + + Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. [[http://www.mulesoft.com|{{http://www.mulesoft.com/sites/default/files/mulesoft-logo-final.gif|http://www.mulesoft.com}}]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=52&rev2=53 Comment: Pivotal no longer offers Tomcat training Kippdata bietet eine [[http://www.kippdata.de/red/workshops/opensource/|Auswahl an Schulungen für Apache Tomcat]] an. Wir haben uns auf Ein-Tages-Schulungen zu Themen wie „Apache Tomcat Best Practices“, „Java Memory Sizing and Garbage Collection Tuning“ spezialisiert. Kippdata ist in Bonn, Deutschland, ansässig. - [[http://www.pivotal.io/support/offerings|{{http://www.pivotal.io/assets/images/Pivotal_Logo.png|http://www.pivotal.io/support/offerings}}]] - - Pivotal provides comprehensive [[http://mylearn.vmware.com/mgrReg/plan.cfm?plan=31719&ui=www_edu|education]] on enterprise Java with specific [[http://mylearn.vmware.com/mgrreg/courses.cfm?ui=www_edu&a=one&id_subject=23470|training]] for Apache Tomcat. The four-day, intensive instructor-led training provides practical, hands-on knowledge about installation, configuration, deployment, load balancing and troubleshooting for production systems using Apache Tomcat. - [[http://www.MuleSoft.com|{{http://www.mulesoft.com/sites/default/files/mulesoft-logo-final.gif|http://www.MuleSoft.com}}]] !MuleSoft provides comprehensive [[http://www.mulesoft.com/mule-training|Tomcat Training]] for users of Apache Tomcat. !MuleSoft offers a FREE pre-recorded training course to help users to get started with Apache Tomcat and also intensive instructor led training courses on advanced topics such as [[http://www.mulesoft.com/tomcat-performance-tuning|Tomcat performance tuning]], [[http://www.mulesoft.com/tomcat-configuration-training|configuration management]]. The training is designed by Tomcat experts and delivered by experienced instructors. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by markt: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=51&rev2=52 Comment: Fix logo Kippdatas [[https://www.kippdata.de/tomcat/|eSupport für Apache Tomcat]] bietet von Basis Level Support bis hin zu Support für unternehmenskritische Anwendungen verschiedene eSupport-Pakete. Wir beteiligen uns aktiv am Apache Tomcat Projekt, so dass unsere Fehlerbeseitigungen und andere Erweiterungen des Codes in den Standard Apache Tomcat Code einfliessen. Kippdata ist in Bonn, Deutschland, ansässig. - [[https://www.pivotal.io/support/offerings|{{http://www.pivotal.io/assets/images/Pivotal_Logo.png|http://www.pivotal.io/support/offerings}}]] + [[https://www.pivotal.io/support/offerings|{{http://www.apache.org/foundation/images/pivotal-platinum.png|http://www.pivotal.io/support/offerings}}]] Pivotal provides global, 24x7, [[http://www.pivotal.io/support/offerings|enterprise support]] for production users of Apache Tomcat. Pivotal employs the leading experts on Apache Tomcat to ensure that support customers can get their questions answered quickly and accurately and that bug fixes are incorporated into the open source code base. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ServletProxy" by WoonsanKo
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ServletProxy" page has been changed by WoonsanKo: https://wiki.apache.org/tomcat/ServletProxy?action=diff&rev1=8&rev2=9 [2] http://noodle.tigris.org/, “home page – noodle”. [3] http://edwardstx.net/wiki/Wiki.jsp?page=HttpProxyServlet, “ Http proxy Servlet – main page”. + + [4] http://portals.apache.org/applications/webcontent2/reverse-proxy-module.html, “Apache Portals Web Content Application 2 - Http proxy Servlet Reverse Proxy Module”. [[CategoryGSOC|CategoryGSOC]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ServletProxy" by WoonsanKo
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ServletProxy" page has been changed by WoonsanKo: https://wiki.apache.org/tomcat/ServletProxy?action=diff&rev1=7&rev2=8 Link: http://edwardstx.net/wiki/Wiki.jsp?page=HttpProxyServlet + ' 4) Apache Portals WebContent-2 Reverse Proxy Module ' : The Reverse Proxy Module provides the features of Reverse Proxy, and it consists of HTTP Client builder components (using HttpClient-4), Reverse Proxy Command/Chain components (using Apache Commons Chain), and built-in or extensible Reverse Proxy Servlets and Filters. + With this Reverse Proxy Module, you can configure proxy mappings with YAML configuration, you can rewrite content using built-in or custom content rewriting components, and you can even customize the processing commands in the chain easily. + This module is part of WebContent-2 portlet web application project, but the reverse proxy jar module has been designed and working in normal servlet (non-portlet) environments independently as well. For details, see http://portals.apache.org/applications/webcontent2/modules-overview.html. + + Link: http://portals.apache.org/applications/webcontent2/reverse-proxy-module.html + __ ''' These are only some of the existing proxies. ''' __ === References : === - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ContributorsGroup" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by markt: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=30&rev2=31 Comment: += WoonsanKo * StevenHeckler * SiegfriedGoeschl * theimpaler + * WoonsanKo - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Monitoring" by EmericVernat
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Monitoring" page has been changed by EmericVernat: https://wiki.apache.org/tomcat/FAQ/Monitoring?action=diff&rev1=17&rev2=18 Comment: fix javamelody links [[http://moskito.org/|MoSKito]], an open source solution by [[http://anotheria.net/home.html|Anotheria]], is a multi-purpose, non-invasive, interval-based monitoring system kit that collects, stores and provides instant analysis of a Tomcat application’s performance and behavior data. - [[http://javamelody.googlecode.com|JavaMelody]] can monitor your JavaEE/Tomcat application from dev to production. It is open-source and easy: get the [[http://code.google.com/p/javamelody/wiki/Screenshots#Charts|first view]] of your application in [[https://code.google.com/p/javamelody/wiki/UserGuide#Setup|about 2 minutes]] from now. + [[https://github.com/javamelody/javamelody/wiki|JavaMelody]] can monitor your JavaEE/Tomcat application from dev to production. It is open-source and easy: get the [[https://github.com/javamelody/javamelody/wiki/Screenshots#charts|first view]] of your application in [[https://github.com/javamelody/javamelody/wiki/UserGuide#javamelody-setup|about 2 minutes]] from now. Other plug-in-based monitoring software like Nagios or Icinga may need some help interacting with Tomcat's JMXProxyServlet. [[tools/check_jmxproxy.pl]] is a Perl script that can be used with these tools to monitor Tomcat via the JMXProxyServlet. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by RoseHosting
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by RoseHosting: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=48&rev2=49 Comment: added our Tomcat services [[http://www.roguewave.com/|Roguewave Tomcat Support]] / [[http://www.openlogic.com/|OpenLogic]] has a dedicated team of OSS experts offering round-the-clock Production Support with competitive SLAs for troubleshooting Tomcat issues and outages. + [[https://www.rosehosting.com|{{https://media.rosehosting.com/uploads/2016/12/rosehosting-logo50.png|https://www.rosehosting.com}}]] + + [[https://www.rosehosting.com/|RoseHosting]] provides [[https://www.rosehosting.com/tomcat-hosting.html|fully managed Tomcat VPS hosting]] with free 24/7 support. Free Tomcat installation, configuration and optimization included with all VPS hosting plans. ] === Example company name === Use this example as a basis for your entry. New entries should be added just above this example. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by CotySutherland
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by CotySutherland: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=42&rev2=43 Comment: Adding missing JASPIC section as it was implemented in tomcat 8.5 ||Online Javadoc: || [[http://docs.oracle.com/javaee/7/api/|Java EE 7]] || || ||Minimum Tomcat version: || 7.0.47, 8.0.0 || 7.0.56, 8.0.13 || + == Java Authentication Service Provider Interface for Containers Specification == + + JASPIC 1.1 is the second maintenance release, Maintenance Release B, of JASPIC 1.0 (JSR 196). + + ||Spec versions: || JASPIC 1.0 || JASPIC 1.1 || + ||Main page: ||<-2> [[http://www.jcp.org/en/jsr/summary?id=196|JSR196]] || + ||Java.net project: ||<-2> [[http://java.net/projects/jaspic-spec/|jaspic-spec ]]|| + ||Stable: || Final Release || Maintenance Release B || + ||Date: || 10 Oct, 2007 || 12 Jun, 2013 || + ||Download Page: || [[http://jcp.org/aboutJava/communityprocess/final/jsr196/index.html|Overview]]<>[[http://download.oracle.com/otndocs/jcp/jaspic-1.0-fr-oth-JSpec/index.html|Direct Download]] || [[https://jcp.org/aboutJava/communityprocess/mrel/jsr196/index.html|Overview]]<>[[http://download.oracle.com/otndocs/jcp/jaspic-1_1-mrel2-eval-spec/index.html|Direct Download]] || + ||Online Javadoc: ||<-2> [[http://docs.oracle.com/javaee/7/api/|Java EE 7]] || + ||Minimum Tomcat version: ||<-2> 8.5.0 || + == See Also == * [[TomcatVersions|Tomcat Versions]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "AdminGroup" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "AdminGroup" page has been changed by markt: https://wiki.apache.org/tomcat/AdminGroup?action=diff&rev1=11&rev2=12 Comment: += Coty Sutherland * VioletaGeorgieva * JeanFredericClere * KeiichiFujino + * CotySutherland - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "WikiSandBox" by JamesLampert
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "WikiSandBox" page has been changed by JamesLampert: https://wiki.apache.org/tomcat/WikiSandBox?action=diff&rev1=9&rev2=10 blockquote . deeper - IBM_MidrangeSystem + === Glossary === Term:: Definition - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "WikiSandBox" by JamesLampert
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "WikiSandBox" page has been changed by JamesLampert: https://wiki.apache.org/tomcat/WikiSandBox?action=diff&rev1=8&rev2=9 blockquote . deeper - CL_Program + IBM_MidrangeSystem === Glossary === Term:: Definition - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "WikiSandBox" by JamesLampert
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "WikiSandBox" page has been changed by JamesLampert: https://wiki.apache.org/tomcat/WikiSandBox?action=diff&rev1=7&rev2=8 Please feel free to experiment here, after the four dashes below... and please do '''NOT''' create new pages without any meaningful content just to try it out. '''Tip:''' Shift-click "HelpOnEditing" to open a second window with the help pages. + == Formatting == - - ''italic'' '''bold''' {{{typewriter}}} + ''italic'' '''bold''' {{{typewriter}}} `backtick typewriter` (configurable) {{{ preformatted }}} - == Linking == - - HelpOnEditing MoinMoin:InterWiki + HelpOnEditing MoinMoin:InterWiki http://purl.net/wiki/moin/ [[http://www.python.org/|Python]] some...@the.inter.net - === Image Link === {{http://c2.com/sig/wiki.gif}} == Lists == - === Bullet === * first -1. nested and numbered + 1. nested and numbered -1. numbered lists are renumbered + 1. numbered lists are renumbered * second -1. number + 1. number - A. letter +A. letter * third -1. + 1. -2. + 1. blockquote -deeper + . deeper + - CLProgram + CL_Program === Glossary === Term:: Definition === Drawing === - {{drawing:mytest}} + {{drawing:mytest.tdraw}} - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "WikiSandBox" by JamesLampert
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "WikiSandBox" page has been changed by JamesLampert: https://wiki.apache.org/tomcat/WikiSandBox?action=diff&rev1=6&rev2=7 2. blockquote deeper + CLProgram === Glossary === Term:: Definition - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ContributorsGroup" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=29&rev2=30 * GregTrasuk * HartmutBecker * jboynes + * JamesLampert * JonLucas * [[Krzysztof Gil]] * LucaVisconti - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Logging" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Logging" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/FAQ/Logging?action=diff&rev1=25&rev2=26 Comment: Fix name/link for cronolog. 1. If you are using jsvc 1.0.4 or later (from [[http://commons.apache.org/daemon/|Apache Commons Daemon]] project) to launch Tomcat, you can send SIGUSR1 signal to jsvc to get it to re-open its log files ([[https://issues.apache.org/jira/browse/DAEMON-95|Jira Ticket]]). You can couple this with 'logrotate' or your favorite log-rotation utility (including good-old 'mv') to re-name catalina.out at intervals and then get jsvc to re-open the original (catalina.out) file and continue writing to it. 1. Use 'logrotate' with the 'copytruncate' option. This allows you to externally rotate catalina.out without changing anything within Tomcat. - 1. Modify bin/catalina.sh (or bin/catalina.bat) to pipe output from the JVM into a piped-logger such as [[http://www.cronolog.org/|chronolog]] or Apache httpd's [[http://httpd.apache.org/docs/2.2/logs.html#piped|rotatelogs]] (note that the previous reference is for Apache httpd documentation and *is not applicable to Tomcat* -- it merely illustrates the concept).<>See also the patch in [[https://bz.apache.org/bugzilla/show_bug.cgi?id=53930|Bug 53930, "Allow capture of catalina stdout/stderr to a command instead of just a file"]]. + 1. Modify bin/catalina.sh (or bin/catalina.bat) to pipe output from the JVM into a piped-logger such as [[http://linux.die.net/man/1/cronolog|cronolog]] or Apache httpd's [[http://httpd.apache.org/docs/2.2/logs.html#piped|rotatelogs]] (note that the previous reference is for Apache httpd documentation and *is not applicable to Tomcat* -- it merely illustrates the concept).<>See also the patch in [[https://bz.apache.org/bugzilla/show_bug.cgi?id=53930|Bug 53930, "Allow capture of catalina stdout/stderr to a command instead of just a file"]]. References to mailing list discussions: * [[http://marc.info/?t=10554447261&r=1&w=2a|tomcat-users thread from 2003]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "SupportAndTraining" by GregTrasuk
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "SupportAndTraining" page has been changed by GregTrasuk: https://wiki.apache.org/tomcat/SupportAndTraining?action=diff&rev1=47&rev2=48 Comment: Add Web Age Solutions to training provider listings. Rogue Wave [[http://www.roguewave.com/|Roguewave Tomcat Support]] / OpenLogic [[http://www.openlogic.com/|Roguewave Tomcat Support]] offers a comprehensive week-long instructor-led training program for developers and admins. Rogue Wave OpenLogic also provides Architecture and Design Consulting, and a Developer Support contract to assist in the development of web applications. + [[http://www.webagesolutions.com/index.html|{{http://www.webagesolutions.com/img/web-age-solutions.png|http://www.webagesolutions.com}}]] + + Web Age Solutions offers [[http://www.webagesolutions.com/courses/servers-operating-systems-training|Apache Tomcat training and mentoring]] on-site in the US, Canada and worldwide, at a training center, in a Live Virtual Class, or through our subscription-based video library. + === Example company name === Use this example as a basis for your entry. New entries should be added just above this example. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ContributorsGroup" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=28&rev2=29 Comment: Add GregTrasuk, as requested on dev@ list. * GaryBriggs * GFUCyrusAG * GlenIhrig + * GregTrasuk * HartmutBecker * jboynes * JonLucas - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "AdminGroup" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "AdminGroup" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/AdminGroup?action=diff&rev1=10&rev2=11 Comment: Add FelixSchumacher, as requested on dev@ list. This is a list of people who can do editing of the LocalBadContent and ContributorsGroup pages: * ChristopherSchultz * ChuckCaldarale + * FelixSchumacher * IanDarwin * KonstantinKolinko * markt - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=41&rev2=42 Comment: Add link to RFC 6266 === Related Specifications === - || [[http://tools.ietf.org/html/rfc2617|RFC 2617]] || "HTTP Authentication: Basic and Digest Access Authentication"<>It covers BASIC and DIGEST authentication methods<>It was updated by [[http://tools.ietf.org/html/rfc7235|RFC 7235]]. || + || [[http://tools.ietf.org/html/rfc2617|RFC 2617]] || "HTTP Authentication: Basic and Digest Access Authentication"<>It covers BASIC and DIGEST authentication methods<><>It was updated by [[http://tools.ietf.org/html/rfc7235|RFC 7235]]. || || [[https://tools.ietf.org/html/rfc6265|RFC 6265]] || "HTTP State Management Mechanism"<>The specification about cookies. Implemented by [[http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html | org.apache.tomcat.util.http.Rfc6265CookieProcessor]] that is available since Tomcat 8.0.15 and is default with Tomcat 8.5.0 onwards. See also "Cookies" page in [[Development|"Development Issues"]].<><>Obsolete specifications: [[https://tools.ietf.org/html/rfc2109|RFC2109]], [[https://tools.ietf.org/html/rfc2965|RFC 2965]]. || + || [[https://tools.ietf.org/html/rfc6266|RFC 6266]] || "Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)"<>Content-Disposition header is used by file uploads. See also [[https://bz.apache.org/bugzilla/show_bug.cgi?id=59115#c5|Bug 59115]] || == AJP == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Specifications" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Specifications?action=diff&rev1=40&rev2=41 Comment: Add link to Cookies RFC. === Related Specifications === || [[http://tools.ietf.org/html/rfc2617|RFC 2617]] || "HTTP Authentication: Basic and Digest Access Authentication"<>It covers BASIC and DIGEST authentication methods<>It was updated by [[http://tools.ietf.org/html/rfc7235|RFC 7235]]. || + || [[https://tools.ietf.org/html/rfc6265|RFC 6265]] || "HTTP State Management Mechanism"<>The specification about cookies. Implemented by [[http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html | org.apache.tomcat.util.http.Rfc6265CookieProcessor]] that is available since Tomcat 8.0.15 and is default with Tomcat 8.5.0 onwards. See also "Cookies" page in [[Development|"Development Issues"]].<><>Obsolete specifications: [[https://tools.ietf.org/html/rfc2109|RFC2109]], [[https://tools.ietf.org/html/rfc2965|RFC 2965]]. || == AJP == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FrontPage" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FrontPage" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FrontPage?action=diff&rev1=38&rev2=39 Comment: Use HTTPS url for the image, so that Firefox (47.0.1) does not complain about an insecure page when accessing wiki with https:// ##language:en = Welcome to the Apache Tomcat Wiki = - {{http://tomcat.apache.org/images/tomcat.gif}} + {{https://tomcat.apache.org/images/tomcat.gif}} This is the Wiki for Apache Tomcat, a Servlet and Java Server Pages container developed under the Apache License. The main documentation for this product is at [[http://tomcat.apache.org|tomcat.apache.org]]. Below is a list of some useful pages: we encourage everyone to contribute to these pages or start new ones as desired. But before you do, please check out the main documentation site as well as the [[FAQ]] and the [[http://tomcat.apache.org/lists.html|mailing lists]] (whose archives are searchable). - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Password" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Password" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Password?action=diff&rev1=11&rev2=12 Comment: Correct DOCTYPE declaration example - it has to match the root element. See "Validity constraint: Root Element Type" in XML 1.0 spec (REC-xml-20081126). I am using this syntax in my server.xml files. * Use properties replacement so that in the xml config you have ${db.password} and in conf/catalina.properties you put the password there. * Since server.xml is an XML file — you can use XML entities. For example: "woot" becomes "woot" which is a way to obscure the password. You may even go through an extra layer of indirection by converting ${db.password} into XML entities so that the property replacement above is also performed. (But remember, while "clever, not more secure) - * XML entities can be read from an external file. That is, add the following lines at the top of server.xml just above the {{{}}} element: + * XML entities can be read from an external file. That is, add the following text at the top of server.xml just after the XML declaration (``) and before the {{{}}} element (line wraps can be removed): {{{ - ]> }}} - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "TomcatVersions" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "TomcatVersions" page has been changed by markt: https://wiki.apache.org/tomcat/TomcatVersions?action=diff&rev1=26&rev2=27 Comment: Add 8.5.x The "Process" field in the following tables documents what development model is accepted by that project, either [[http://www.apache.org/foundation/glossary.html#ReviewThenCommit|Review-Then-Commit]] or [[http://www.apache.org/foundation/glossary.html#CommitThenReview|Commit-Then-Review]]. For RTC model the changes are first proposed in the `STATUS.txt` file in the root of the project and have to gain at least 3 "`+1`" votes before being applied. The project members have agreed on several [[#RTC_Exceptions|exceptions]] from the RTC rule (documented below). = Tomcat 9.0.x = - ||Spec versions: ||Servlet 4.0, JSP 2.4?, EL 3.1?, !WebSocket 1.2? || + ||Spec versions: ||Servlet 4.0, JSP 2.4?, EL 3.1?, !WebSocket 1.2?, JASPIC 1.1 || ||Stable: ||No || ||Enhancements: ||Yes || ||Bug Fixes: ||Yes || @@ -19, +19 @@ ||Release Manager: ||TBD || ||Process: ||CTR || ||Listed on download pages: ||Not yet || + + = Tomcat 8.5.x = + ||Spec versions: ||Servlet 3.1, JSP 2.3, EL 3.0, !WebSocket 1.1, JASPIC 1.1 || + ||Stable: ||Yes || + ||Enhancements: ||Yes || + ||Bug Fixes: ||Yes || + ||Security Fixes: ||Yes || + ||Releases: ||Yes || + ||Release Manager: ||Mark Thomas (markt) || + ||Process: ||CTR || + ||Listed on download pages: ||Yes || = Tomcat 8.0.x = ||Spec versions: ||Servlet 3.1, JSP 2.3, EL 3.0, !WebSocket 1.1 || - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "AJP with stunnel" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "AJP with stunnel" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/AJP%20with%20stunnel New page: = AJP over stunnel = stunnel is a little more complicated than a normal protocol because it can be used in a number of different ways. I'll give some contrived examples to see how you can set it up in different ways, depending upon the support for encryption of the underlying protocol. This wiki entry is intended to be a starter-guide and not a replacement for the fine [https://www.stunnel.org/docs.html|documentation provided by the stunnel team]. Let's say that you have an HTTPS server, but your client can't speak HTTPS for some reason. If you set up stunnel on the *client* side, you can connect locally to the stunnel server and have it establish a secure-connection to the remote server running HTTPS. Like this: {{{ client -> localhost:12345 (stunnel) stunnel -> remote_host:443 (httpd) }}} As far as the client is concerned, it's using HTTP to talk to localhost. But really it's talking to remove_host:443, so everyone is happy. (Yes, there are issues with URLs and redirects produced by the server, but that's out of scope for this discussion). Let's take another example: you have clients that are HTTPS-capable, but the service you are running can only support HTTP for some reason, and you want to secure it. Set up stunnel on the *server*, then have your remote clients connect to *it* and tunnel to localhost. Like this: {{{ client -> remote_host:443 (stunnel) stunnel localhost:8080 (httpd) }}} As far as the client is concerned, it's using HTTPS to communicate with remote_host:443, but really it's connecting to remote_host:8080. (Yes, there are some issues with URLs and redirects but that's out of scope for this discussion.) So what if the underling protocol doesn't support TLS at all? Well, then you have to set up stunnel on *both sides* of the tunnel, like this: {{{ client (mod_jk) -> localhost:12345 (stunnel) stunnel -> remote_host:12345 (stunnel) stunnel -> localhost:8009 (Tomcat) }}} The setup for stunnel looks like this for the client (on the web server): {{{ sslVersion = all options = NO_SSLv2 options = NO_SSLv3 client = yes [ajp13s] accept=localhost:8009 connect=remote_host:8010 }}} On the server, it looks like this: {{{ sslVersion = all options = NO_SSLv2 options = NO_SSLv3 client = no [ajp13s] accept=8010 connect=localhost:8009 }}} On the web server, set your worker's host to "localhost" and port to 8009. mod_jk will connect to localhost:8009 which stunnel will accept and forward over the network to remote_host:8010 which will be accepted by stunnel on the server and forwarded to localhost:8009 on the server. stunnel is great because it will auto-reconnect if the connection is dropped for some reason. Remember a few things with stunnel: 1. Depending upon the version, you might only be able to use TLSv1 (and not e.g. TLSv1.2) 2. stunnel generally ignores certificate issues, such as expiration, etc. You might want to configure it with a little more care than the default. '''THIS ALSO MEANS IT DOES NOT AUTHENTICATE THE SERVER BY DEFAULT'''. You could accidentally connect to a malicious server. This should be enough to get you started. Please refer to the official stunnel documentation for specifics. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Connectors" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Connectors" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/FAQ/Connectors?action=diff&rev1=16&rev2=17 directives to say http:// (or https://) instead of ajp://. This might help you if you need to switch protocols for debugging purposes or if you suddenly need switch to HTTPS to secure the traffic without any - external configuration (e.g. stunnel or VPN). + external configuration (e.g. stunnel or VPN). (See [[AJP with stunnel]].) mod_proxy also supports ProxyPassMatch which lets you use regular expressions in your URL mappings, which mod_jk's JkMount does not - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=18&rev2=19 Comment: Add results for Tomcat 6 and APR/native == APR with OpenSSL Results (Default) == |||| Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 || TBD || TBD || TBD || TBD || + || Tomcat 6 || A|| A|| A|| A|| || Tomcat 7 || N/A || A|| A|| A|| || Tomcat 8 || N/A || N/A || A|| A|| || Tomcat 8.5 || N/A || N/A || A|| A|| || Tomcat 9 || N/A || N/A || N/A || A|| The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. - - - == JSSE (BIO/NIO/NIO2) Results (Improved) == - - || || Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 || B|| B|| A- || A|| - - == JSSE Settings for Improved Results == - - To use these settings: - - 1. Pass JVM parameter '''-Djdk.tls.ephemeralDHKeySize=2048''' to JVM running Tomcat. - - 1. Set the ciphers attribute on your secure connector to the list of ciphers shown below. The list should be comma separated. - - * Java 5 -* TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * Java 6 -* TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA - * Java 7 - * TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * Java 8 -* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA == Environment == @@ -79, +56 @@ * Java 6, 64-bit, update 45 * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 - * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. + * Apache Tomcat 6.0.46-dev, r1737284. * Apache Tomcat 7.0.69-dev, r1737253. * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737241. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=17&rev2=18 Comment: Add the results for Tomcat 6 and JSSE == BIO/NIO/NIO2 with JSSE Results (Default) == |||| Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 || C|| C|| C|| B|| + || Tomcat 6 || C|| C|| A|| A|| || Tomcat 7 || N/A || C|| A|| A|| || Tomcat 8 || N/A || N/A || A|| A|| || Tomcat 8.5 || N/A || N/A || A|| A|| @@ -15, +15 @@ Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - Note: The Java 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. + Note: The Java 5 and 6 results are capped at C because neither Java 5 nor 6 support TLS 1.1 or 1.2. The equivalent OpenSSL cipher configurations used to obtain the above results are: + || Java 5 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || @@ -33, +34 @@ || Tomcat 8.5 || N/A || N/A || A|| A|| || Tomcat 9 || N/A || N/A || N/A || A|| + The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=16&rev2=17 Comment: Update Tomcat 7 APR/native results |||| Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || TBD || TBD || TBD || TBD || - || Tomcat 7 || N/A || TBD || TBD || TBD || + || Tomcat 7 || N/A || A|| A|| A|| || Tomcat 8 || N/A || N/A || A|| A|| || Tomcat 8.5 || N/A || N/A || A|| A|| || Tomcat 9 || N/A || N/A || N/A || A|| @@ -52, +52 @@ || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || B|| B|| A- || A|| - - == JSSE Settings for Improved Results == @@ -80, +78 @@ * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. - * Apache Tomcat 7.0.69-dev, r1737249. + * Apache Tomcat 7.0.69-dev, r1737253. * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737241. * Apache Tomcat 9.0.0.M5-dev, r1737193. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=15&rev2=16 Comment: Fill in Tomcat 7 JSSE |||| Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || C|| C|| C|| B|| - || Tomcat 7 || N/A || C|| C|| B|| + || Tomcat 7 || N/A || C|| A|| A|| || Tomcat 8 || N/A || N/A || A|| A|| || Tomcat 8.5 || N/A || N/A || A|| A|| || Tomcat 9 || N/A || N/A || N/A || A|| Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files + + Note: The Java 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. + + The equivalent OpenSSL cipher configurations used to obtain the above results are: + + || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || + || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || + || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || + + Note: kRSA ciphers are not excluded in Java 6 and earlier since they are likely to be the only ones left + + Note: In Java 7 and earlier DHE ciphers use insecure DH keys with no means to configure longer keys which is why DHE ciphers are excluded in those Java versions. == NIO/NIO2 with JSSE+OpenSSL Results (Default) == @@ -23, +35 @@ Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. - - The equivalent OpenSSL cipher configurations used to obtain the above results are: - - || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || - || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || - - Note: Java 7 DHE ciphers sue a 768 bit DH key which is considered insecure which is why those ciphers are excluded only for Java 7. == APR with OpenSSL Results (Default) == @@ -47, +52 @@ || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || B|| B|| A- || A|| - || Tomcat 7 || N/A || B|| A- || A|| @@ -76, +80 @@ * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. - * Apache Tomcat 7.0.60-dev, r1664373. + * Apache Tomcat 7.0.69-dev, r1737249. * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737241. * Apache Tomcat 9.0.0.M5-dev, r1737193. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=14&rev2=15 Comment: Update the Tomcat 8.5 results. Split out JSSE, JSSE+OpenSSL and OpenSSL into separate tables There is no right choice since there are always trade-offs to make between better security better interoperability, better performance etc.. Where you choose to draw that line is a choice you need to make. The following information is provided to help you make that choice. The ratings provided are those calculated by the excellent [[https://www.ssllabs.com/ssltest|SSL Labs Test]]. Keep in mind that, as more vulnerabilities are discovered, these ratings are only ever going to get worse over time. The results shown on this page were correct at the time they were generated. - As of May 2015, 1024-bit DHE is [[https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html|considered]] [[https://weakdh.org/imperfect-forward-secrecy.pdf|breakable]] by nation-state adversaries. 2048-bit DHE is recommended. 2048-bit DHE may be configured with JSSE connectors (BIO, NIO, NIO2) using JVM parameter, and for APR connector Apache Tomcat Native Library 1.2.2 (or later) should be used. + == BIO/NIO/NIO2 with JSSE Results (Default) == - - == JSSE (BIO/NIO/NIO2) Results (Default) == - - || || Java 5 || Java 6 || Java 7 || Java 8 || + |||| Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 (JSSE) || C|| C|| C|| B|| + || Tomcat 6 || C|| C|| C|| B|| - || Tomcat 7 (JSSE) || N/A || C|| C|| B|| + || Tomcat 7 || N/A || C|| C|| B|| - || Tomcat 8 (JSSE) || N/A || N/A || A|| A|| + || Tomcat 8 || N/A || N/A || A|| A|| - || Tomcat 8 (APR/OpenSSL)|| N/A || N/A || A|| A|| + || Tomcat 8.5 || N/A || N/A || A|| A|| - || Tomcat 8.5 (JSSE) || N/A || N/A || TBD || TBD || - || Tomcat 8.5 (JSSE/OpenSSL) || N/A || N/A || TBD || TBD || - || Tomcat 8.5 (APR/OpenSSL) || N/A || N/A || TBD || TBD || - || Tomcat 9 (JSSE) || N/A || N/A || N/A || A|| + || Tomcat 9 || N/A || N/A || N/A || A|| - || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| - || Tomcat 9 (APR/OpenSSL)|| N/A || N/A || N/A || A|| Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files + == NIO/NIO2 with JSSE+OpenSSL Results (Default) == + + |||| Java 5 || Java 6 || Java 7 || Java 8 || + || Tomcat 8.5 || N/A || N/A || A|| A|| + || Tomcat 9 || N/A || N/A || N/A || A|| + + - Note: Tomcat 9 with JSSE/OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. + Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. + + The equivalent OpenSSL cipher configurations used to obtain the above results are: + + || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || + || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || + + Note: Java 7 DHE ciphers sue a 768 bit DH key which is considered insecure which is why those ciphers are excluded only for Java 7. + + == APR with OpenSSL Results (Default) == + + |||| Java 5 || Java 6 || Java 7 || Java 8 || + || Tomcat 6 || TBD || TBD || TBD || TBD || + || Tomcat 7 || N/A || TBD || TBD || TBD || + || Tomcat 8 || N/A || N/A || A|| A|| + || Tomcat 8.5 || N/A || N/A || A|| A|| + || Tomcat 9 || N/A || N/A || N/A || A|| + + The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. + == JSSE (BIO/NIO/NIO2) Results (Improved) == @@ -50, +68 @@ * Java 8 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - ''(It might be nice to provide the OpenSSL-style cipher suites arcana for the versions of Tomcat that support it)'' - == Environment == The results above were generated with: @@ -62, +78 @@ * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. * Apache Tomcat 7.0.60-dev, r1664373. * Apache Tomcat 8.0.34-dev, r1737224. - * Apache Tomcat 8.5.1-d
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=13&rev2=14 Comment: Update Tomcat 8 results. No longer need the improved results for Tomcat 8. || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 (JSSE) || C|| C|| C|| B|| || Tomcat 7 (JSSE) || N/A || C|| C|| B|| - || Tomcat 8 (JSSE) || N/A || N/A || A- || A- || + || Tomcat 8 (JSSE) || N/A || N/A || A|| A|| - || Tomcat 8 (APR/OpenSSL)|| N/A || N/A || A- || A- || + || Tomcat 8 (APR/OpenSSL)|| N/A || N/A || A|| A|| - || Tomcat 8.5 (JSSE) || N/A || N/A || N/A || TBD || + || Tomcat 8.5 (JSSE) || N/A || N/A || TBD || TBD || - || Tomcat 8.5 (JSSE/OpenSSL) || N/A || N/A || N/A || TBD || + || Tomcat 8.5 (JSSE/OpenSSL) || N/A || N/A || TBD || TBD || - || Tomcat 8.5 (APR/OpenSSL) || N/A || N/A || N/A || TBD || + || Tomcat 8.5 (APR/OpenSSL) || N/A || N/A || TBD || TBD || || Tomcat 9 (JSSE) || N/A || N/A || N/A || A|| || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| || Tomcat 9 (APR/OpenSSL)|| N/A || N/A || N/A || A|| @@ -30, +30 @@ || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || B|| B|| A- || A|| || Tomcat 7 || N/A || B|| A- || A|| - || Tomcat 8 || N/A || N/A || A- || A|| @@ -62, +61 @@ * Java 8, 64-bit, update 77 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. * Apache Tomcat 7.0.60-dev, r1664373. - * Apache Tomcat 8.0.34-dev, r1737213. + * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737213. * Apache Tomcat 9.0.0.M5-dev, r1737193. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=12&rev2=13 Comment: Add placeholders for 8.5.x == JSSE (BIO/NIO/NIO2) Results (Default) == - || || Java 5 || Java 6 || Java 7 || Java 8 || + || || Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 (JSSE) || C|| C|| C|| B|| + || Tomcat 6 (JSSE) || C|| C|| C|| B|| - || Tomcat 7 (JSSE) || N/A || C|| C|| B|| + || Tomcat 7 (JSSE) || N/A || C|| C|| B|| + || Tomcat 8 (JSSE) || N/A || N/A || A- || A- || + || Tomcat 8 (APR/OpenSSL)|| N/A || N/A || A- || A- || - || Tomcat 8 (JSSE) || N/A || N/A || A- || TBD || + || Tomcat 8.5 (JSSE) || N/A || N/A || N/A || TBD || + || Tomcat 8.5 (JSSE/OpenSSL) || N/A || N/A || N/A || TBD || - || Tomcat 8 (APR/OpenSSL) || N/A || N/A || TBD || TBD || + || Tomcat 8.5 (APR/OpenSSL) || N/A || N/A || N/A || TBD || - || Tomcat 9 (JSSE) || N/A || N/A || N/A || A|| + || Tomcat 9 (JSSE) || N/A || N/A || N/A || A|| - || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| + || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| - || Tomcat 9 (APR/OpenSSL) || N/A || N/A || N/A || A|| + || Tomcat 9 (APR/OpenSSL)|| N/A || N/A || N/A || A|| Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - Note: Tomcat 9 with JSSE/OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since without it the full certificate chain is not presented to the client. + Note: Tomcat 9 with JSSE/OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. == JSSE (BIO/NIO/NIO2) Results (Improved) == @@ -59, +62 @@ * Java 8, 64-bit, update 77 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. * Apache Tomcat 7.0.60-dev, r1664373. - * Apache Tomcat 8.0.34-dev, r1737212. + * Apache Tomcat 8.0.34-dev, r1737213. + * Apache Tomcat 8.5.1-dev, r1737213. * Apache Tomcat 9.0.0.M5-dev, r1737193. == APR/native == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=11&rev2=12 Comment: Update Tomcat 8 results || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 (JSSE) || C|| C|| C|| B|| || Tomcat 7 (JSSE) || N/A || C|| C|| B|| - || Tomcat 8 (JSSE) || N/A || N/A || C|| B|| + || Tomcat 8 (JSSE) || N/A || N/A || A- || TBD || + || Tomcat 8 (APR/OpenSSL) || N/A || N/A || TBD || TBD || || Tomcat 9 (JSSE) || N/A || N/A || N/A || A|| || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| || Tomcat 9 (APR/OpenSSL) || N/A || N/A || N/A || A|| @@ -54, +55 @@ The results above were generated with: * Java 5, 64-bit, update 22 * Java 6, 64-bit, update 45 - * Java 7, 64-bit, update 76 + * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. * Apache Tomcat 7.0.60-dev, r1664373. - * Apache Tomcat 8.0.21-dev, r1664594. + * Apache Tomcat 8.0.34-dev, r1737212. * Apache Tomcat 9.0.0.M5-dev, r1737193. == APR/native == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=10&rev2=11 Comment: Add note about JCE policy files || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| || Tomcat 9 (APR/OpenSSL) || N/A || N/A || N/A || A|| + Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files Note: Tomcat 9 with JSSE/OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since without it the full certificate chain is not presented to the client. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=9&rev2=10 Comment: Add APR/native results for Tomcat 9 == JSSE (BIO/NIO/NIO2) Results (Default) == - |||| Java 5 || Java 6 || Java 7 || Java 8 || + || || Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 (JSSE)|| C|| C|| C|| B|| + || Tomcat 6 (JSSE) || C|| C|| C|| B|| - || Tomcat 7 (JSSE)|| N/A || C|| C|| B|| + || Tomcat 7 (JSSE) || N/A || C|| C|| B|| - || Tomcat 8 (JSSE)|| N/A || N/A || C|| B|| + || Tomcat 8 (JSSE) || N/A || N/A || C|| B|| - || Tomcat 9 (JSSE)|| N/A || N/A || N/A || A|| + || Tomcat 9 (JSSE) || N/A || N/A || N/A || A|| - || Tomcat 9 (OpenSSL) || N/A || N/A || N/A || A|| + || Tomcat 9 (JSSE/OpenSSL) || N/A || N/A || N/A || A|| + || Tomcat 9 (APR/OpenSSL) || N/A || N/A || N/A || A|| + - Note: Tomcat 9 with JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since without it the full certificate chain is not presented to the client. + Note: Tomcat 9 with JSSE/OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since without it the full certificate chain is not presented to the client. == JSSE (BIO/NIO/NIO2) Results (Improved) == @@ -56, +58 @@ * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. * Apache Tomcat 7.0.60-dev, r1664373. * Apache Tomcat 8.0.21-dev, r1664594. - * Apache Tomcat 9.0.0.M5-dev r1737119 + * Apache Tomcat 9.0.0.M5-dev, r1737193. == APR/native == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Security/Ciphers" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=8&rev2=9 Comment: Update Tomcat 9 results || Tomcat 7 (JSSE)|| N/A || C|| C|| B|| || Tomcat 8 (JSSE)|| N/A || N/A || C|| B|| || Tomcat 9 (JSSE)|| N/A || N/A || N/A || A|| - || Tomcat 9 (OpenSSL) || N/A || N/A || N/A || B|| + || Tomcat 9 (OpenSSL) || N/A || N/A || N/A || A|| - Note: There is a bug with Tomcat 9 with JSSE+OpenSSL that limits the grade to B because the certificate chain is not made available. + Note: Tomcat 9 with JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since without it the full certificate chain is not presented to the client. == JSSE (BIO/NIO/NIO2) Results (Improved) == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org