Re: Patch information required
On 28 Nov 2013, at 6:14 pm, pravin.pa...@accenture.com wrote: Hi Ben, Thanks for your comment. We are using tomcat bundle which comes with JasperReports Server (v5.1.0). Can you upgrade to 5.5? This uses Tomcat 7. Likely to have many of your patches covered. Upgrading a bundled Tomcat would require you taking on some testing effort, and may affect your product support from the vendor. Safer to follow the vendors upgrade path. Cheers, Ben Can you provide any alternative way to install the below mentioned patches without upgrading it to the latest version. We are not sure that upgrading to the latest version will affect our application server or not. Thanks, Pravin Pawar -Original Message- From: Ben Stringer [mailto:b...@burbong.com] Sent: Thursday, November 28, 2013 12:06 PM To: Tomcat Users List Cc: Pawar, Pravin Subject: Re: Patch information required On Thu, November 28, 2013 5:15 pm, kanishk.se...@accenture.com wrote: Hi All, Hi Kanishhk, We are using Apache tomcat version 6.0.26 and we need to install below patches on our servers to fix some Vulnerabilities. http://svn.apache.org/viewvc?view=revisionrevision=958911 http://svn.apache.org/viewvc?view=revisionrevision=958977 http://svn.apache.org/viewvc?view=revisionrevision=959428 http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID =c03298151 http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05 -584actionBtn=Search Is the Apache tomcat instance you are using bundled with the applications above (from HP, Juniper)? If so, you should get an updated release from those vendors, as they should have bundled a higher version of Tomcat that resolves the issues. You can cross-check your list of CVE vulnerabilities against Tomcat versions at this page: http://tomcat.apache.org/security.html Looks like 6.0.37 is the latest version of Tomcat 6. Cheers, Ben This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. . __ www.accenture.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
org.apache.catalina.filters.CorsFilter
Hi, I 'm using the CorsFilter in Tomcat 7.0.47, all good. Then tried it in 7.0.37 - no luck, only available since 7.0.41. OK, I put the class into the war file and expected that it is loadable now. But I get a ClassNotFound. Guessing some special classloader rules I remaned the class to com.apache.catalina.filters.CorsFilter and now it is working. So - what are the special rules for org.apache.catalina.*? Thank you P.S. yum update tomcat7 did not help, lastest tomcat7 is 7.0.37. How can I update it to the lastest version? Just wget the tar from tomcat downloads and extract it into the current tomcat dir? Or will this destroy the tomcat? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Patch information required
I will contact all the engineers i know who want to work free for Accenture Auf 'Wiedersehn __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. From: kanishk.se...@accenture.com To: users@tomcat.apache.org CC: pravin.pa...@accenture.com Subject: Patch information required Date: Thu, 28 Nov 2013 06:15:27 + Hi All, We are using Apache tomcat version 6.0.26 and we need to install below patches on our servers to fix some Vulnerabilities. http://svn.apache.org/viewvc?view=revisionrevision=958911 http://svn.apache.org/viewvc?view=revisionrevision=958977 http://svn.apache.org/viewvc?view=revisionrevision=959428 http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151 http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584actionBtn=Search I am not sure how to install these patches can anyone help us here. Regards Kanishk Sethi This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. . __ www.accenture.com
Re: org.apache.catalina.filters.CorsFilter
On 28/11/2013 12:59, spr...@gmx.eu wrote: Hi, I 'm using the CorsFilter in Tomcat 7.0.47, all good. Then tried it in 7.0.37 - no luck, only available since 7.0.41. OK, I put the class into the war file and expected that it is loadable now. But I get a ClassNotFound. Guessing some special classloader rules I remaned the class to com.apache.catalina.filters.CorsFilter and now it is working. So - what are the special rules for org.apache.catalina.*? There aren't any. Without the details of how you configured the filter, where you put the class file and the stack trace of the exception we can't help you. Thank you P.S. yum update tomcat7 did not help, lastest tomcat7 is 7.0.37. How can I update it to the lastest version? Complain to the folks the produce the package you use. Just wget the tar from tomcat downloads and extract it into the current tomcat dir? How successful (or not) that is will depend on how your package has been constructed. Or will this destroy the tomcat? Based on past experience, probably. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7.0.48-dev WebSockets: NullPointerException on WsServerContainer.unregisterAuthenticatedSession
Hello everybody. I have a doubt: whenever the HttpSession expires, I get a NullPointerException on WsServerContainer.unregisterAuthenticatedSession in this line: private void unregisterAuthenticatedSession(WsSession wsSession, String httpSessionId) { SetWsSession wsSessions = authenticatedSessions.get(httpSessionId); --wsSessions.remove(wsSession); } The quick fix is obvious: private void unregisterAuthenticatedSession(WsSession wsSession, String httpSessionId) { SetWsSession wsSessions = authenticatedSessions.get(httpSessionId); if(wsSessions!=null) wsSessions.remove(wsSession); } but I suspect that the error is elsewhere. What do you think?
Re: Tomcat 7.0.48-dev WebSockets: NullPointerException on WsServerContainer.unregisterAuthenticatedSession
On 28/11/2013 14:06, Francesco Bassi wrote: Hello everybody. I have a doubt: whenever the HttpSession expires, I get a NullPointerException on WsServerContainer.unregisterAuthenticatedSession in this line: private void unregisterAuthenticatedSession(WsSession wsSession, String httpSessionId) { SetWsSession wsSessions = authenticatedSessions.get(httpSessionId); --wsSessions.remove(wsSession); } The quick fix is obvious: private void unregisterAuthenticatedSession(WsSession wsSession, String httpSessionId) { SetWsSession wsSessions = authenticatedSessions.get(httpSessionId); if(wsSessions!=null) wsSessions.remove(wsSession); } but I suspect that the error is elsewhere. What do you think? The quick fix looks like the right fix to me. I've applied the fix to trunk for 8.0.0-RC6 and 7.0.x for 7.0.48. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.48-dev WebSockets: NullPointerException on WsServerContainer.unregisterAuthenticatedSession
Thanks a lot for your prompt support. Definitely a serious reason not to switch to any other application server! On Thu, Nov 28, 2013 at 3:29 PM, Mark Thomas ma...@apache.org wrote: On 28/11/2013 14:06, Francesco Bassi wrote: Hello everybody. I have a doubt: whenever the HttpSession expires, I get a NullPointerException on WsServerContainer.unregisterAuthenticatedSession in this line: private void unregisterAuthenticatedSession(WsSession wsSession, String httpSessionId) { SetWsSession wsSessions = authenticatedSessions.get(httpSessionId); --wsSessions.remove(wsSession); } The quick fix is obvious: private void unregisterAuthenticatedSession(WsSession wsSession, String httpSessionId) { SetWsSession wsSessions = authenticatedSessions.get(httpSessionId); if(wsSessions!=null) wsSessions.remove(wsSession); } but I suspect that the error is elsewhere. What do you think? The quick fix looks like the right fix to me. I've applied the fix to trunk for 8.0.0-RC6 and 7.0.x for 7.0.48. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
context.xml in META-INF
Hello: I'm using Tomcat 6.0.23 . Yes, I know it's an old release I would like to use - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
META-INF/context.xml connection pool
Hello: I'm using Tomcat 6.0.23 Yes, I know is an old release Anyway, I would like to use tomcat-jdbc connection pool JAR So, I 've stored a context.xml into META-INF folder in my WAR, as Context Resource auth=Container type=javax.sql.DataSource factory=org.apache.tomcat.jdbc.pool.DataSourceFactory driverClassName=org.postgresql.Driver initialSize=0 maxActive=100 maxIdle=20 maxWait=1 mindIdle=0 name=datasource/ddbb password= removeAbandoned=true url=jdbc:postgresql://localhost:5433/ddbb?LoginTimeout=3 username=uu validationQuery=SELECT 1 testOnBorrow=true / /Context My question is should I store JAR ( tomcat-jdbc-x.x.x.jar tomcat-juli-x.x.x.jar ) into WEB-INF/lib folder in WAR or into $TOMCAT_HOME/lb folder ? Could there be a problem by store them into the own WAR ( WEB-INF/lib ) ? Thanks and regards - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat sessiin replication not working
Hi, Ive set up a cluster of tomcats They use back up manager for session replication. The replication works on my web app. Today i added another web application, but when a new session is created, no replication takes place. The original web application still replicates fine. Any ideas why?
Re: Tomcat sessiin replication not working
On Thu, Nov 28, 2013 at 12:32 PM, Nir A n...@netomedia.com wrote: Hi, Ive set up a cluster of tomcats They use back up manager for session replication. The replication works on my web app. Today i added another web application, but when a new session is created, no replication takes place. The original web application still replicates fine. Any ideas why? Did you check in web.xml that your new application is distributable/?
Re: Tomcat sessiin replication not working
Thats probably it. Thanks On Nov 28, 2013 7:55 PM, Neven Cvetkovic neven.cvetko...@gmail.com wrote: On Thu, Nov 28, 2013 at 12:32 PM, Nir A n...@netomedia.com wrote: Hi, Ive set up a cluster of tomcats They use back up manager for session replication. The replication works on my web app. Today i added another web application, but when a new session is created, no replication takes place. The original web application still replicates fine. Any ideas why? Did you check in web.xml that your new application is distributable/?