/show_bug.cgi?id=12968
[Possible security hole?] package.access security in Catalina/CatalinaService
--- Additional Comments From [EMAIL PROTECTED] 2002-09-25 17:36 ---
Ouch! Glenn, I was just pointing out that since you take the time to protect
the subpackages of org.apache.catalina
on 2002/9/25 6:27 AM, Costin Manolache [EMAIL PROTECTED] wrote:
Well, this is not a very good policy IMO. Self-contained applications are
a good thing ( IMO ).
Then store your templates in the WEB-INF directory. That is what we do with
Scarab, which is 100% self contained.
And of course,
On Wed, 2002-09-25 at 20:59, John Trollinger wrote:
Don't buy all the velocity hype.. It is not as great as they make it out
to be.
What hype? I don't follow here...
Velocity is just a template language, plain, simple and relatively
small. It's greatness comes from the fact that you cannot
Bojan Smojver wrote:
On Wed, 2002-09-25 at 20:59, John Trollinger wrote:
Don't buy all the velocity hype.. It is not as great as they make it out
to be.
What hype? I don't follow here...
Velocity is just a template language, plain, simple and relatively
small. It's greatness comes
Quoting Costin Manolache [EMAIL PROTECTED]:
And Velocity does have a mailing list where all this can be discussed.
This is tomcat-dev - for servlet and jsp development.
If you have any ideas on how to improve jasper - great, but please don't
waste our time with off topic subjects.
With power comes responsibility.
% System.exit(1) %
-bob
P.S. Yea, I know the SecurityManager can catch this, if enabled.
On Wed, 2002-09-25 at 21:22, Bojan Smojver wrote:
Quoting Costin Manolache [EMAIL PROTECTED]:
And Velocity does have a mailing list where all this can be discussed.
That's what code reviews are for and in absence of that - firing your
developers.
Wouldn't I also get an out of memory with this in Velocity?
#set($oom = )
#foreach( $i in [-2147483648..2147483648] )
#set($oom =
Not if:
runtime.interpolate.string.literals = false
Bojan
Quoting Tim Funk [EMAIL PROTECTED]:
That's what code reviews are for and in absence of that - firing your
developers.
Wouldn't I also get an out of memory with this in Velocity?
#set($oom =
/show_bug.cgi?id=12968
[Possible security hole?] package.access security in Catalina/CatalinaService
--- Additional Comments From [EMAIL PROTECTED] 2002-09-26 02:50 ---
Vetting applications for security vulnerabilities is important.
I applaud efforts to do so, the more eyes reviewing _and_
Bojan Smojver wrote:
All right then, let's talk about JSP's. If I host my clients' JSP's on my
server and a web designer puts this in (BTW, he wasn't forced, he simply
decided he wanted to do it):
And your proposed solution is ... ?
Do you have a patch to solve this problem ? If so, send
I'm agreeing with Costin. Please move this discussion to
[EMAIL PROTECTED] It is off-topic here.
- Original Message -
From: Bojan Smojver [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Wednesday, September 25, 2002 7:33 PM
Subject: Re: [SECURITY] Apache Tomcat 4.x
Quoting Costin Manolache [EMAIL PROTECTED]:
Bojan Smojver wrote:
All right then, let's talk about JSP's. If I host my clients' JSP's on my
server and a web designer puts this in (BTW, he wasn't forced, he simply
decided he wanted to do it):
And your proposed solution is ... ?
Don't
Quoting Bill Barker [EMAIL PROTECTED]:
I'm agreeing with Costin. Please move this discussion to
[EMAIL PROTECTED] It is off-topic here.
Promise not to write a single byte on this topic on Tomcat-Dev list after this
e-mail.
Bojan
-
This mail
A security vulnerability has been confirmed to exist in all Apache
Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which
allows to use a specially crafted URL to return the unprocessed source
of a JSP page, or, under special circumstances, a static resource which
would
Would the following be vulnerable?
1) Use Jk only
2) do NOT use -- JkMount /servlet/* loadbalancer
3) But the invoker mapping is enabled
Would they be vulnerable? I personally don't see a security flaw in this
config. But does Jk also look for the text jsessionid being passed in
the URL
Developers List; Tomcat Users List; announcements
Subject: [SECURITY] Apache Tomcat 4.x JSP source disclosure
vulnerability
A security vulnerability has been confirmed to exist in all Apache
Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which
allows to use a specially crafted URL
Tim Funk wrote:
Would the following be vulnerable?
1) Use Jk only
2) do NOT use -- JkMount /servlet/* loadbalancer
3) But the invoker mapping is enabled
Would they be vulnerable? I personally don't see a security flaw in this
config. But does Jk also look for the text jsessionid being
Remy Maucherat wrote:
Tim Funk wrote:
Would the following be vulnerable?
1) Use Jk only
2) do NOT use -- JkMount /servlet/* loadbalancer
3) But the invoker mapping is enabled
Would they be vulnerable? I personally don't see a security flaw in
this config. But does Jk also look
Marx, Mitchell E (Mitch), ALCNS wrote:
Evil question: does this vulnerability exist in Tomcat 3.2.3?
No. At worst it would be vulnerable to a distant cousin of the exploit.
Remy
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
/show_bug.cgi?id=12968
[Possible security hole?] package.access security in Catalina/CatalinaService
Summary: [Possible security hole?] package.access security in
Catalina/CatalinaService
Product: Tomcat 4
Version: 4.0.4 Final
Platform: Other
] wrote:
A security vulnerability has been confirmed to
exist in all Apache
Tomcat 4.x releases (including Tomcat 4.0.4 and
Tomcat 4.1.10), which
allows to use a specially crafted URL to return
the unprocessed source
of a JSP page, or, under special circumstances, a
static resource which
on 2002/9/24 4:59 AM, Remy Maucherat [EMAIL PROTECTED] wrote:
A security vulnerability has been confirmed to exist in all Apache
Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which
allows to use a specially crafted URL to return the unprocessed source
of a JSP page
On September 23, 2002 10:04 am, Remy Maucherat wrote:
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered.
It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at
which time the exploit will be publicized. The security advisory will
also
This list is for discussing Tomcat development, not velocity, web macro, et. al.
The evangelizing for velocity is off topic in this list.
JSP is part of Tomcat, live with it and move on.
There are plenty of other forums for discussing the merits of one
web templating technology vs another.
On Tuesday 24 September 2002 05:26 pm, Jon Scott Stevens wrote:
on 2002/9/24 4:59 AM, Remy Maucherat [EMAIL PROTECTED] wrote:
A security vulnerability has been confirmed to exist in all Apache
Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which
allows to use a specially
on 2002/9/24 5:15 PM, Steve Downey [EMAIL PROTECTED] wrote:
http://localhost:8080/velexample/servlet/org.apache.catalina.servlets.DefaultS
ervlet/sample.vm
Unlike JSP, we don't store (or encourage people to store) .vm files in the
webroot. They can be anywhere on the fileystem and with custom
Quoting Glenn Nielsen [EMAIL PROTECTED]:
This list is for discussing Tomcat development, not velocity, web macro, et.
al.
The evangelizing for velocity is off topic in this list.
JSP is part of Tomcat, live with it and move on.
There are plenty of other forums for discussing the
Quoting Steve Downey [EMAIL PROTECTED]:
Perhaps you would prefer this exploit?
http://localhost:8080/velexample/servlet/org.apache.catalina.servlets.DefaultServlet/sample.vm
Horrors! Velocity is insecure!
The DefaultServlet exploit is a general security problem in Tomcat. JSP may
/show_bug.cgi?id=12968
[Possible security hole?] package.access security in Catalina/CatalinaService
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
/show_bug.cgi?id=12968
[Possible security hole?] package.access security in Catalina/CatalinaService
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered.
It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at
which time the exploit will be publicized. The security advisory will
also include an easy workaround to protect existing Tomcat
Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of:
- a bugfix to URL parsing
- the security fix
ballot
+1 [+1] Yes, I approve this release
-1 [ ] No, because:
/ballot
Which JTC should be used ?
Tomcat 4.1.12 Stable release
Tomcat
Remy Maucherat wrote:
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered.
It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at
which time the exploit will be publicized. The security advisory will
also include an easy workaround
Remy Maucherat wrote:
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered.
It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at
which time the exploit will be publicized. The security advisory will
also include an easy workaround
Henri Gomez wrote:
Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of:
- a bugfix to URL parsing
- the security fix
ballot
+1 [+1] Yes, I approve this release
-1 [ ] No, because:
/ballot
Which JTC should be used ?
I bundled the latest JTC binaries for Coyote HTTP
Remy,
Here's my votes.
Patrick
Tomcat 4.0.5 release
ballot
+1 [X] Yes, I approve this release
-1 [ ] No, because:
/ballot
Tomcat 4.1.12 Stable release
ballot
+1 [X] Yes, I approve this release
-1 [ ] No, because:
/ballot
--
Remy Maucherat wrote:
Henri Gomez wrote:
Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of:
- a bugfix to URL parsing
- the security fix
ballot
+1 [+1] Yes, I approve this release
-1 [ ] No, because:
/ballot
Which JTC should be used ?
I bundled the latest
Tomcat 4.0.5 release
Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of:
- a bugfix to URL parsing
- the security fix
ballot
+1 [X] Yes, I approve this release
-1 [ ] No, because:
/ballot
Tomcat 4.1.12 Stable release
Remy Maucherat wrote:
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered.
It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at
which time the exploit will be publicized. The security advisory will
also include an easy workaround
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Monday, September 23, 2002 7:04 AM
Subject: [VOTE] [4.0.5] [4.1.12] Security releases
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 23, 2002 10:05 AM
To: Tomcat Developers List
Subject: [VOTE] [4.0.5] [4.1.12] Security releases
A security vulnerability which affects all releases of Tomcat 4.x has
been discovered
On Mon, 23 Sep 2002, Remy Maucherat wrote:
Tomcat 4.0.5 release
Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of:
- a bugfix to URL parsing
- the security fix
ballot
+1 [X] Yes, I approve this release
-1 [ ] No, because:
/ballot
Tomcat
/show_bug.cgi?id=11934
web.xml security-constraint is parsed incorrectly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=11934
web.xml security-constraint is parsed incorrectly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED|REOPENED
/show_bug.cgi?id=11934
web.xml security-constraint is parsed incorrectly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|REOPENED|RESOLVED
/show_bug.cgi?id=11934
web.xml security-constraint is parsed incorrectly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED|REOPENED
/show_bug.cgi?id=11934
web.xml security-constraint is parsed incorrectly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|REOPENED|RESOLVED
According to the Jakarta website, security problems for Jakarta projects
should be reported to [EMAIL PROTECTED]
A colleague of mine and I are researching a potential security issue in
Tomcat, and I wanted to confirm that we should use [EMAIL PROTECTED] to
report the issue, once our research
to [EMAIL PROTECTED], since Apache is
strongly committed to closing security holds. However, I'd understand if
you choose to post to tomcat-dev as well.
- Original Message -
From: Christopher Todd [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, September 07, 2002 4:43 PM
Subject
Renato wrote:
Hi all,
I'm trying to upgrade a production installation running TC 4.0.4 to lastest 4.1.10.
So far, so good ( still using Jasper 1 ), but I think there is a problem with the
configuration of catalina.policy for individual jar files.
On catalina.policy it says to use:
Hi all,
I'm trying to upgrade a production installation running TC 4.0.4 to lastest 4.1.10. So
far, so good ( still using Jasper 1 ), but I think there is a problem with the
configuration of catalina.policy for individual jar files.
On catalina.policy it says to use:
grant codeBase
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
--- Additional Comments From [EMAIL PROTECTED] 2002-08-31 22:27 ---
That sounds great, as long as there isn't a security issue with granting
untrusted webapps with class access permission
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
--- Additional Comments From [EMAIL PROTECTED] 2002-08-31 23:11 ---
There was no need to add the permission, it worked fine without it
in Tomcat 4.1.10.
--
To unsubscribe, e-mail: mailto
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
--- Additional Comments From [EMAIL PROTECTED] 2002-08-29 12:35 ---
Try adding the following permission to your default grant in catalina.policy.
java.lang.RuntimePermission
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
--- Additional Comments From [EMAIL PROTECTED] 2002-08-29 16:55 ---
Actually I needed to add this slightly different permission to address the
problem:
permission
java.lang.RuntimePermission
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
--- Additional Comments From [EMAIL PROTECTED] 2002-08-30 02:51 ---
What version of the JVM are you using. How accessClassInPackage
and defineClassInPackage work changed from Java 1.3 to Java
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
--- Additional Comments From [EMAIL PROTECTED] 2002-08-30 04:44 ---
I'm using Sun JDK 1.3.1_04.
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto
/show_bug.cgi?id=12101
SecurityManager + unprivileged call to getParameter() = Security Violation
[EMAIL PROTECTED] changed:
What|Removed |Added
Summary|SecurityManager + removal
/show_bug.cgi?id=11934
web.xml security-constraint is parsed incorrectly
Summary: web.xml security-constraint is parsed incorrectly
Product: Tomcat 4
Version: 4.1.9
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Normal
glenn 2002/08/17 17:54:48
Modified:webapps/tomcat-docs security-manager-howto.xml
Log:
Update security docs for pending release
Revision ChangesPath
1.3 +68 -63
jakarta-tomcat-4.0/webapps/tomcat-docs/security-manager-howto.xml
Index: security-manager
/show_bug.cgi?id=11603
security fails for http-method != GET when user is forced to login
--- Additional Comments From [EMAIL PROTECTED] 2002-08-11 22:46 ---
Typo - auth-constraint
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
/show_bug.cgi?id=11603
security fails for http-method != GET when user is forced to login
--- Additional Comments From [EMAIL PROTECTED] 2002-08-12 01:00 ---
I tested WebLogic 6.1 sp2 and it does the same thing that Tomcat does. It
allows the GET after you login (that I think should
/show_bug.cgi?id=11603
security fails for http-method != GET when user is forced to login
Summary: security fails for http-method != GET when user is
forced to login
Product: Tomcat 4
Version: 4.0.4 Final
Platform: Other
URL
/show_bug.cgi?id=11603
security fails for http-method != GET when user is forced to login
[EMAIL PROTECTED] changed:
What|Removed |Added
URL|http://www.secuityfilter.org|http
Bug 11210 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210) is a
security problem which could have serious effects for people using
JNDIRealm with the Netscape/iPlanet JNDI LDAP provider
(com.netscape.jndi.ldap.LdapContextFactory). The default provider
/show_bug.cgi?id=11076
Security grants are not recognized by all loaded classes
Summary: Security grants are not recognized by all loaded classes
Product: Tomcat 4
Version: 4.0.3 Final
Platform: PC
OS/Version: Linux
Status: NEW
/show_bug.cgi?id=11076
Security grants are not recognized by all loaded classes
--- Additional Comments From [EMAIL PROTECTED] 2002-07-23 10:33 ---
Created an attachment (id=2449)
The example files (zip archive)
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands
/show_bug.cgi?id=11076
Security grants are not recognized by all loaded classes
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=11076
Security grants are not recognized by all loaded classes
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED|CLOSED
/show_bug.cgi?id=7052
Security manager not initialised or accessed properly
[EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL PROTECTED
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
[EMAIL PROTECTED] changed:
What|Removed |Added
Status
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
[EMAIL PROTECTED] changed:
What|Removed |Added
Status
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
[EMAIL PROTECTED] changed:
What|Removed |Added
Status
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
--- Additional Comments From [EMAIL PROTECTED] 2002-07-18 16:25 ---
precompiling a simple JSP containing only hello world gives the following
(note the references
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
--- Additional Comments From [EMAIL PROTECTED] 2002-07-18 16:40 ---
Instead of Tomcat trying to fine tune the package access rules,
why not just add the following
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
--- Additional Comments From [EMAIL PROTECTED] 2002-07-18 17:45 ---
Yes, adding the line
permission
java.lang.RuntimePermission
/show_bug.cgi?id=10902
package.access security check too general for Jasper - precompiled JSPs get
package-access violation
Summary: package.access security check too general for Jasper -
precompiled JSPs get package-access violation
Product: Tomcat 4
/show_bug.cgi?id=10595
Security Constraints not processed according to spec.
Summary: Security Constraints not processed according to spec.
Product: Tomcat 4
Version: 4.1.7
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Hi,
I've got the following error when I try to create LoginContext in my
servlet.
What should I do?
java.lang.SecurityException: Sealing violation loading javax.naming.Context
: Package javax.naming is sealed.
at
/show_bug.cgi?id=10171
MIME types of the files residing within a security realm do not seem to properly
return to the Internet Explorer.
Summary: MIME types of the files residing within a security realm
do not seem to properly return to the Internet Explorer
/show_bug.cgi?id=10171
MIME types of the files residing within a security realm do not seem to properly
return to the Internet Explorer.
[EMAIL PROTECTED] changed:
What|Removed |Added
/show_bug.cgi?id=10064
Tomcat nt service does not use security manager
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
I' ve installed tomcat 4.0.3 on Linux 7.2 and I try to start with security
option but It doesn't work:
the error message is:
Catalina.start: java.security.AccessControlException: access denied
(java.io.FilePermission /var/tomcat4/conf/server.xml read)
server.xml is tomcat4.tomcat4 for owner
/show_bug.cgi?id=9344
Security risk at HttpSessionEvent Source
Summary: Security risk at HttpSessionEvent Source
Product: Tomcat 4
Version: 4.0.4 Beta 3
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority
/show_bug.cgi?id=9344
Security risk at HttpSessionEvent Source
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
/show_bug.cgi?id=9023
Servlet Container does not convert the roles, which wherer specified in the Element
security-role-ref
Summary: Servlet Container does not convert the roles, which
wherer specified in the Element security-role-ref
Product: Tomcat 4
glenn 02/05/13 07:29:36
Modified:webapps/tomcat-docs security-manager-howto.xml
Log:
Remove codebase trailing \!/-, only needed for jar: URL's
Revision ChangesPath
1.2 +3 -3
jakarta-tomcat-4.0/webapps/tomcat-docs/security-manager-howto.xml
Index
/show_bug.cgi?id=9023
Servlet Container does not convert the roles, which wherer specified in the Element
security-role-ref
[EMAIL PROTECTED] changed:
What|Removed |Added
Status
/show_bug.cgi?id=9023
Servlet Container does not convert the roles, which wherer specified in the Element
security-role-ref
--- Additional Comments From [EMAIL PROTECTED] 2002-05-14 01:04 ---
*** Bug 9027 has been marked as a duplicate of this bug. ***
--
To unsubscribe, e-mail: mailto
/show_bug.cgi?id=7092
socket error while trying write to response.getOutputStream() with
security-constraint on servlet
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
Cross Site scripting security vulnerabilities exist in the 'examples' web
application which is distributed along with Apache Tomcat. This affects all
released versions of Tomcat, including 3.x and 4.x.
No other components of Tomcat are currently known to be vulnerable to cross
site scripting
/show_bug.cgi?id=7532
App init problems results in Severe Security Exposure
Summary: App init problems results in Severe Security Exposure
Product: Tomcat 4
Version: 4.0.3 Final
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
/show_bug.cgi?id=7540
Tomcat 4.0.3 fails with -security
Summary: Tomcat 4.0.3 fails with -security
Product: Tomcat 4
Version: 4.0.3 Final
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Critical
Priority: Other
/show_bug.cgi?id=7540
Tomcat 4.0.3 fails with -security
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
/show_bug.cgi?id=7532
App init problems results in Severe Security Exposure
[EMAIL PROTECTED] changed:
What|Removed |Added
Severity|Major |Enhancement
Hi all,
There is a limitation on quantity of
web-resource-collection elements in
web.xml (Tomcat 3.2 - 3.3).
I received a ArrayIndexOfBoundsException when try to
add more. I have about
30 elements right now. It's look like Tomcat keep
these elements in a fixed
size array.
Hope for fixing
/show_bug.cgi?id=7052
Security manager not initialised or accessed properly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=7052
Security manager not initialised or accessed properly
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED|CLOSED
/show_bug.cgi?id=7092
socket error while trying write to response.getOutputStream() with
security-constraint on servlet
[EMAIL PROTECTED] changed:
What|Removed |Added
Component|HTTP
301 - 400 of 583 matches
Mail list logo
