Re: ColdFusion10 custom mod_jk difference

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Doug, On 4/8/14, 3:44 PM, Doug Strick wrote: > We're moving from ColdFusion8 to CF10 where I work and ran into a > strange issue. We tried using mod_jk-1.2.39 and it compiled fine. > We were able to get the communication working, but ran into stran

Re: SQLNestedException in Connection Pooling With Tomcat 7.0.39

Chris, Thanks for your regular guidance and valuable suggestions! On Fri, Apr 11, 2014 at 11:33 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Daniel, > > On 4/8/14, 6:36 AM, Daniel Mikusa wrote: > > On Apr 8, 2014, at 8:22

Re: SQLNestedException in Connection Pooling With Tomcat 7.0.39

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 4/8/14, 6:36 AM, Daniel Mikusa wrote: > On Apr 8, 2014, at 8:22 AM, Saurabh Saraswat > wrote: > >> Dear Dan, >> >> Thanks for taking time to respond me. >> >> My updated Resource Tag is - >> >> > type="javax.sql.DataSource" maxActive

Re: SQLNestedException in Connection Pooling With Tomcat 7.0.39

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Saurabh, On 4/8/14, 6:22 AM, Saurabh Saraswat wrote: > Thanks for taking time to respond me. > > My updated Resource Tag is - > > type="javax.sql.DataSource" maxActive="100" maxIdle="30" > maxWait="1" That's a lot of connections. Are you sur

Re: How to monitor performance of tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 4/8/14, 5:24 PM, Christopher Schultz wrote: > Randir, > > On 4/8/14, 5:05 AM, Randhir Singh wrote: >> We have an application which has JBoss as the application server >> with Tomcat as the web server, our application has Oracle 11g as >>

Re: [OT] How can I tell which version of OpenSSL is being used with tomcat?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 4/10/14, 3:06 AM, Konstantin Kolinko wrote: > 2014-04-10 12:25 GMT+04:00 Christopher Schultz > : >> >> (...) >> >> Andrew, if you haven't changed the Tomcat default configuration >> and you used the service installer, you likely hav

Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 4/10/14, 3:32 PM, James H. H. Lampert wrote: > On 4/10/14 2:10 PM, Ji Song wrote: >> Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I >> noticed that Tomcat native connector version 1.1.22 uses : >> OpenSSL 0.9.8 which doesn't

Re: Does the HeartBleed vulnerability affect Apache Tomcat servers using Tomcat Native?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 4/10/14, 10:39 AM, David Landis wrote: > On Wed, Apr 9, 2014 at 1:24 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: >> >> >>> (Checked http://filippo.io/Heartbleed before and after) I built >>> APR and Tomcat Native fr

Re: Tomcat 8.0.5 and web resource cache

On 10/04/2014 02:02, Thomas Scheffler wrote: > Hi, > > I recently noticed that Tomcat 8.0.5 does not invalidate cache entries > for web resources. The cache has a default TTL of 5 seconds. > Here are the steps to reproduce: > > 1. make "/foo.html" available through a jar file -> > META-INF/reso

Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

On 4/10/14 2:10 PM, Ji Song wrote: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed that Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8 which doesn't have the heartbleeding bug, but 1.1.24 and 1.1.29 also include the buggy openssl. If you use JSSE for your SSL

RE: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

Hi I think it is tcnative.dll. You should find the tar.gz file attached with the source, which says you the version. Best Regards, Sasi Eswaravaka -Original Message- From: Ji Song [mailto:s...@glimmerglass.com] Sent: Thursday, April 10, 2014 4:11 PM To: 'users@tomcat.apache.org' Subje

Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

On Thu, Apr 10, 2014 at 2:10 PM, Ji Song wrote: > > > Hi, > > > > Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed that > Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8 which doesn't > have the heartbleeding bug, but 1.1.24 and 1.1.29 also include the buggy > ope

Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

Hi, Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed that Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8 which doesn't have the heartbleeding bug, but 1.1.24 and 1.1.29 also include the buggy openssl. How can I find which version of Tomcat uses which ver

Re: 7.0.23 vs. 7.0.52 startup times

2014-04-10 22:28 GMT+04:00 Shanti Suresh : > Greetings, > > There appears to be a hold up in 7.0.52 at startup as compared to 7.0.23 - > a matter of several seconds initializing each context. In 7.0.52, the > delay appears to happen at "findResources" when the > "javax.servlet.ServletContainerInit

7.0.23 vs. 7.0.52 startup times

Greetings, There appears to be a hold up in 7.0.52 at startup as compared to 7.0.23 - a matter of several seconds initializing each context. In 7.0.52, the delay appears to happen at "findResources" when the "javax.servlet.ServletContainerInitializer" is identified. Such a things does not happen

Re: Does the HeartBleed vulnerability affect Apache Tomcat servers using Tomcat Native?

On Wed, Apr 9, 2014 at 1:24 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > > > > (Checked http://filippo.io/Heartbleed before and after) I built APR > > and Tomcat Native from source on the server, so I assume it's doing > > dynamic library loading. > > > > Is the binary build sta

Best practice to programmatically get the disableURLRewriting context attribute value

Tomcat version 6.0.x on Linux OS Hi all, I have an application deployed on several customers Tomcat servers. The Tomcat versions are different (6.0.16, 6.0.37, etc.) and asking all customers to upgrade to the latest Tomcat version would be too tricky. I would like to programmatically get the di

Re: Windows tcnative openssl ciphers question

On 04/09/2014 04:36 PM, Jeffrey Janner wrote: Per someone (Mladen?) the capability wasn't enabled at build. Last notice I received is he's addressing that in the next release. Yes, feel free to test candidate at http://people.apache.org/~mturk/native/1.1.30 which I hope will be voted as offic

Re: How can I tell which version of OpenSSL is being used with tomcat?

2014-04-10 12:25 GMT+04:00 Christopher Schultz : > > (...) > > Andrew, if you haven't changed the Tomcat default configuration and > you used the service installer, you likely have a vulnerable server > depending upon exactly which version you installed, because the > installer automatically instal

Re: Temporary mitigation of Heartbleed?

2014-04-09 23:18 GMT+04:00 Jeffrey Janner : > > Much as I loathe downgrading, would it be possible/advisable to downgrade the > native libraries to 1.1.23 with Tomcat 7.0.50? 1. There is a minimum required version of TCNative for every Tomcat. See constants in AprLifecycleListener source. 2. Old

Re: Temporary mitigation of Heartbleed?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/9/14, 1:18 PM, Jeffrey Janner wrote: > Much as I loathe downgrading, would it be possible/advisable to > downgrade the native libraries to 1.1.23 with Tomcat 7.0.50? Check the security and changelog pages? > That version is the last

Re: How can I tell which version of OpenSSL is being used with tomcat?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/9/14, 12:59 PM, Jeffrey Janner wrote: >> -Original Message- From: Andrew Russell >> [mailto:andrew.russ...@gmail.com] Sent: Wednesday, April 09, 2014 >> 12:02 PM To: users@tomcat.apache.org Subject: How can I tell >> which vers

Tomcat 8.0.5 and web resource cache

Hi, I recently noticed that Tomcat 8.0.5 does not invalidate cache entries for web resources. Here are the steps to reproduce: 1. make "/foo.html" available through a jar file -> META-INF/resources/foo.html 2. Open foo.html in your browser 3. Add a new file "foo.html" inside you webapp di