The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.21
Apache Tomcat 7.0.21 includes security fixes, bug fixes and new features
compared to version 7.0.20 including:
- A fix for CVE-2011-3190 that allowed an attacker to inject requests
when Tomcat was configured
On 02/09/2011 01:21, Chris Burroughs wrote:
In tomcat 6 Http11NioProtocol defines a socketCloseDelay field. But as
far as I and grep can tell it is not used anywhere [1]. Is this field
supposed to be doing something?
Not that I can tell. It looks to be have been present in the NIO
connector
Hi,
I have a tomcat 6.0.20 where I have next config in server.xml:
Connector port=8010 protocol=AJP/1.3 redirectPort=8443
maxThreads=1024 connectionTimeout=6 /
Today I found this is in catalina.out:
12-ago-2011 9:22:32 org.apache.jk.common.
ChannelSocket init
INFO: Port busy 8010
Ok, I downloaded tomcat source code and found maxPort which I think is the
parameter I need.
I think this should be documented in
http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html or in mod_jk from
apache.
Thanks!
On Fri, Sep 2, 2011 at 11:17 AM, Javier Barroso javibarr...@gmail.comwrote:
Searching by maxport in google, I found
http://marc.info/?l=tomcat-userm=119266319507127w=2 thread, but seems like
there is not answer to this question :(
Any tip ?
On Fri, Sep 2, 2011 at 11:22 AM, Javier Barroso javibarr...@gmail.comwrote:
Ok, I downloaded tomcat source code and found maxPort
On 02/09/2011 02:37, Chris Burroughs wrote:
Looking at the Connector configuration options I'm having trouble
reconciling the description of socket.soLingerOn and connectionLinger [1]
The documentation is a bit of a mess here. I'll explain what should
happen below and try and clean up the
On 02/09/2011 10:38, Javier Barroso wrote:
Searching by maxport in google, I found
http://marc.info/?l=tomcat-userm=119266319507127w=2 thread, but seems like
there is not answer to this question :(
Any tip ?
Try reading the 6.0x. changelog.
Mark
On Fri, Sep 2, 2011 at 11:22 AM, Javier
That mean that I can use channelSocket.maxPort in tomcat 6.0.20 ? I
read about an new alias maxport, but I suppose I can use still
channelSocket.maxPort. Upgrading all tomcats here could be a problem
with applications :(
Thank you very much
Regards
On Fri, Sep 2, 2011 at 12:07 PM, Mark Thomas
Hi there,
I was testing out the packet forgery example (at
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698)
to see if my site was vulnerable and got the following results.
I'm not sure looking at the code comments in ForwardRequestForgeryExample.java
if the output below means it's
On 02/09/2011 14:12, Edward Quick wrote:
Hi there,
I was testing out the packet forgery example (at
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698)
to see if my site was vulnerable and got the following results.
I'm not sure looking at the code comments in
Background:
We have a moderately high traffic web application (between 8 to 21 million
hits/day) running Apache to serve static content (also to load balance and
create a DMZ) and Weblogic to serve dynamic content (Struts 1.1 based Java web
application).
We are trying to replace Weblogic with
Thanks Mark. The report says this makes (previous versions of) Apache Tomcat
vulnerable to an authentication bypass and information disclosure, so I'm was
just trying to understand how the example demonstrates that?
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent:
Hello Talha,
from a quick glance at your post, do you have the same 30 max threads
limit in weblogic?
Because sending 525 users through 2x30=60 max threads seems a little
bottlenecky.
Which software are you using to produce the load? Does it keepalive
the connections?
regards
Leon
On Fri, Sep
On 02/09/2011 14:33, Edward Quick wrote:
Thanks Mark. The report says this makes (previous versions of) Apache Tomcat
vulnerable to an authentication bypass and information disclosure, so I'm was
just trying to understand how the example demonstrates that?
The example shows that Tomcat
From: Talha Fazal [mailto:tfa...@credera.com]
Subject: Tomcat Performance Turning.
In our staging environment for load testing, when we run the load
test using 525 concurrent users, the app doesn't perform at all.
The CPU usage (on Apache and Tomcat Servers) hovers between 7% to
8%. The
Plz. see my answers below in UPPERCAPS.
Thanks!
-Original Message-
From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com]
Sent: Friday, September 02, 2011 8:35 AM
To: Tomcat Users List
Subject: Re: Tomcat Performance Turning.
Hello Talha,
from a quick glance at your post, do you have
Thx Charles! We did take a thread dump and we found a lot of threads locked.
Please see a short sample below:
http-8014-9 daemon prio=10 tid=0x60965c00 nid=0x6c83 in Object.wait()
[0x4c688000..0x4c688c90]
java.lang.Thread.State: WAITING (on object monitor)
at
Hello Talha,
seems that your tomcats are fine.
Question, you mention that the tomcat do not perform, but you don't
tell us how you come to this conclusion except for cpu load.
What is the difference in response times between weblogic and tomcat?
Maybe your tomcat just perform the job MUCH faster
From: Talha Fazal [mailto:tfa...@credera.com]
Subject: RE: Tomcat Performance Turning.
We did take a thread dump and we found a lot of threads locked.
http-8014-9 daemon prio=10 tid=0x60965c00 nid=0x6c83 in
Object.wait()
at
Hi Leon,
Please see any answers in CAPS below.
-Original Message-
From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com]
Sent: Friday, September 02, 2011 9:06 AM
To: Tomcat Users List
Subject: Re: Tomcat Performance Turning.
Hello Talha,
seems that your tomcats are fine.
Question,
WE GENERATE REPORT ON NETWORK BACKLOG USING ADVANCED TOOLS, WHICH INDICATE
NEGLIGIBLE NETWORK DELAY. AT ONE POINT TO TIME THIS WAS AN ISSUE. WE INCREASED
THE BANDWIDTH FROM 45 MBPS TO 100 MBPS WHICH RESOLVED THE ISSUE.
THANKS, TALHA.
-Original Message-
From: Caldarale, Charles R
Hello Talha,
well... the quickshots are through.
You should really create some threaddumps after each other (for
example with jstack) and try to find out which thread is slowing the
app down.
For starters you could try with code you changed for tomcat
adaptations if any. The problem seems to lie
Have you ruled out issues with db connection pooling?
You might consider setting your dbcp maxWait to 8000 or less and watch
for timeout waiting for idle object exceptions. Also, you could
monitor database connections/active-users on the DB side to see if your
dbcp pools are max'd but all the
What would I need to do to change TC 7.0.20 from using a 64-bit JRE to a
32-bit one on a 64-bit windows 2008 machine?
I tried changing the JVM setting in tomcat7w, but the service wouldn't
start. What else do I need to change?
D
On 02/09/2011 17:01, David kerber wrote:
What would I need to do to change TC 7.0.20 from using a 64-bit JRE to a
32-bit one on a 64-bit windows 2008 machine?
I tried changing the JVM setting in tomcat7w, but the service wouldn't
start. What else do I need to change?
If you are running as
On 9/2/2011 12:04 PM, Mark Thomas wrote:
On 02/09/2011 17:01, David kerber wrote:
What would I need to do to change TC 7.0.20 from using a 64-bit JRE to a
32-bit one on a 64-bit windows 2008 machine?
I tried changing the JVM setting in tomcat7w, but the service wouldn't
start. What else do I
PLEASE SEE MY ANSWERS BELOW IN UPPER CAPS.
ONE IMPORTANT OBSERVATION: Even though, tomcat's response time is decent, for
some reason, apache is taking a lot longer to serve requests. We are using
mod_jk with Tomcat using AJP1.3 protocol in the connector setting in
server.xml. We plan to try
2011/9/2 Javier Barroso javibarr...@gmail.com:
That mean that I can use channelSocket.maxPort in tomcat 6.0.20 ? I
read about an new alias maxport, but I suppose I can use still
channelSocket.maxPort.
Only if you are lucky, because it depends whether port or maxPort is
set first (in that old
Hello Talha,
On Fri, Sep 2, 2011 at 6:16 PM, Talha Fazal tfa...@credera.com wrote:
PLEASE SEE MY ANSWERS BELOW IN UPPER CAPS.
ONE IMPORTANT OBSERVATION: Even though, tomcat's response time is decent, for
some reason, apache is taking a lot longer to serve requests. We are using
mod_jk with
On Fri, Sep 2, 2011 at 9:26 PM, Konstantin Kolinko
knst.koli...@gmail.com wrote:
2011/9/2 Javier Barroso javibarr...@gmail.com:
That mean that I can use channelSocket.maxPort in tomcat 6.0.20 ? I
read about an new alias maxport, but I suppose I can use still
channelSocket.maxPort.
Only if
Q. Have you tried running directly against tomcat without apache inbetween?
A. Yes; this resolves the performance bottleneck.
Q. holywarfrom my experience there is no need for apache in your setup anyway
/holywar.
A. :-) The reasons for having apache in front: A) Create a DMZ and protect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jess,
On 9/1/2011 7:06 PM, Jess Holle wrote:
So form-based authentication is an obnoxious mutt -- but a mutt
that everyone seems to have fallen in love with.
This isn't Tomcat's fault, however, and Tomcat is doing the normal
thing by returning
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leon,
On 9/2/2011 4:19 PM, Leon Rosenberg wrote:
holywarfrom my experience there is no need for apache in your
setup anyway /holywar.
Uh, load-balancing?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG
Hi,
I have a working file upload servlet, with the exception that it calls the uploaded file
samplefile instead of using the name of the file. So if I upload different
files, they all overwrite each other. Any ideas on how to fix this? I used this
tutorial to get it working:
Never mind...I see the example hard codes the name of the file. Sorry for the
noise.
On 09/02/2011 05:50 PM, Ole Ersoy wrote:
Hi,
I have a working file upload servlet, with the exception that it calls
the uploaded file samplefile instead of using the name of the file. So
if I upload
Hi all:
An update I entered the following directly into my browser:
http://localhost:8080/secondDynamicWeb/cgi-bin/echoInfo.php
And got the a 404 Error - Servlet CGI not available.
From this it appears that the servlet is not available but has been defined
because the URL pattern
On Fri, Sep 2, 2011 at 5:06 PM, throwsCode donmillho...@yahoo.com wrote:
I'm trying to implement PHP on tomcat 7.0.20
Dear god, why?
I would rather duct-tape rabid weasels inside my shorts than do, well,
anything with PHP again, but if you must -- just use Apache HTTPD.
Seriously.
--
Hassan
Hi Hassan:
I am predominantly a JSF/Facelets/IceFaces developer but recently I have
been asked to assist some non-profits which calls for php. I would like to
use my existing development environment which is Eclipse and Tomcat. If I
can discover the secrets to php in Tomcat that would be the
On Fri, Sep 2, 2011 at 9:25 PM, throwsCode donmillho...@yahoo.com wrote:
I am predominantly a JSF/Facelets/IceFaces developer but recently I have
been asked to assist some non-profits which calls for php.
Yeah, that's similar to how I got sucked into doing PHP too :-)
(Fool me once, shame on
39 matches
Mail list logo