[Bug 57458] Mixed up responses sent to wrong users
https://issues.apache.org/bugzilla/show_bug.cgi?id=57458 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution|--- |INVALID --- Comment #4 from Mark Thomas ma...@apache.org --- No response in 2+ weeks. Closing on the assumption that the application is retaining a reference that it shouldn't. Feel free to re-open this if you can provide a simple test case that demonstrates this issue on the latest 7.0.x release. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57458] Mixed up responses sent to wrong users
https://issues.apache.org/bugzilla/show_bug.cgi?id=57458 --- Comment #2 from Mahmoud Al-Yasein mahmoud.alyas...@gmail.com --- We are not using any of mentioned items, unfortunately I don't have the stack trace just null pointer exception without stack trace, I'll try to use the latest version and see -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57458] Mixed up responses sent to wrong users
https://issues.apache.org/bugzilla/show_bug.cgi?id=57458 --- Comment #3 from Konstantin Kolinko knst.koli...@gmail.com --- (In reply to Mark Thomas from comment #1) 7.0.39 is getting on for 2 years old and has a number of known security vulnerabilities including one that can result in response mix ups. Please upgrade to the latest stable 7.0.x release (7.0.58 as I type this) and retest. +1 Correction: 7.0.57 is the last released version. (7.0.58 has not been tagged yet). I also recommend to add the following line to conf/catalina.properties org.apache.catalina.connector.RECYCLE_FACADES=true Documentation: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security That settings helps to prevent and detect programming errors in web applications such as illegal access to request/response objects outside of their life cycle. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57458] Mixed up responses sent to wrong users
https://issues.apache.org/bugzilla/show_bug.cgi?id=57458 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |NEEDINFO OS||All --- Comment #1 from Mark Thomas ma...@apache.org --- 7.0.39 is getting on for 2 years old and has a number of known security vulnerabilities including one that can result in response mix ups. Please upgrade to the latest stable 7.0.x release (7.0.58 as I type this) and retest. The more information you provide, the more likely we are to be able to help you. A copy of the stack trace for the NPE you mention would be a start. Other things of interest are does your application use any of the following: - Comet (I'm guessing not because you could switch to BIO) - WebSocket - Servlet 3.0 async - sendFile -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org