Thanks again for the reply, Chris & Violeta!
Thanks for clarifying what the "protected directory" is, even i guessed it
to be same. Now i understood the fix for the directories protected by a
security constraint. I also verified this & the redirect is no more
happening for these protected ones. Rea
Greetings,
I have a javax.naming.spi.ObjectFactory implemented in a JAR file
sitting in $CATALINA_HOME/lib. I have declared it as a in
$CATALINA_HOME/conf/server.xml. Upon Tomcat startup, its
getObjectInstance(...) method is being invoked, and within that method,
some objects are bound int
On 11/03/2016 19:00, jimi.hulleg...@svensktnaringsliv.se wrote:
> On Friday, March 11, 2016 6:07 PM, ma...@apache.org wrote:
> I'm wasn't talking about gathering information regarding performance. I was
> talking about gathering information about what jsp/tag code and what EL
> variable names
On Friday, March 11, 2016 6:07 PM, ma...@apache.org wrote:
>
> And a debug log message is unlikely to tell you any more than the thread dump
> did.
That depends on what is actually being logged. If the class name is printed,
then one could immediately figure out the name of the EL variable (li
On 11/03/2016 14:17, jimi.hulleg...@svensktnaringsliv.se wrote:
> On Thursday, March 10, 2016 10:44 PM, ma...@apache.org wrote:
>>
>> We'll have to agree to disagree on that one. If you are concerned
>> about a performance issue then you need to know where to look to
>> enable debug logging. A prof
On Thursday, March 10, 2016 10:44 PM, ma...@apache.org wrote:
>
> We'll have to agree to disagree on that one. If you are concerned
> about a performance issue then you need to know where to look to
> enable debug logging. A profiler will tell you where to look and
> at that point you don't need t
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.5 stable.
The key features of this release are:
- Report OpenSSL runtime version in use rather than compile
time version used.
- Windows binaries built with APR 1.5.1 and OpenSSL 1.0.2g.
Note that users sho
On 11/03/2016 08:26, Subhro Paul wrote:
> Hi All,
>
> Our client has a simple website consists of some jsps, images, css,
> javascripts and html files. It has two Apache proxy(under loadbalancers)
> and two Tomcat6(under Loadbalancer). All servers are installed under Linux
> environment.This we
On 11/03/2016 01:43, Christopher Schultz wrote:
> 林慶龍,
>
> On 3/10/16 8:07 PM, 林慶龍 Barry Lin wrote:
>> These days, Everyone talks about the vulnerability in Tomcat, and
>> we found that we had the same problem with “deserialization
>> vulnerability”.
>
>> How can I fix deserialization vulnerabil
Barry,
The deserialization-vulnerability for RMI endpoints in your webapp can be
mitigated using our library at https://github.com/Servoy/rmi-whitelist
Add it to the tomcat system library and classes like the
commons-collections can no longer be used in the serialisation attacks over
RMI.
Rob
20
On 10/03/2016 22:16, Christopher Schultz wrote:
> Mark,
>
> On 3/10/16 4:43 PM, Mark Thomas wrote:
>> On 10/03/2016 21:16, jimi.hulleg...@svensktnaringsliv.se wrote:
>>> On Thursday, March 10, 2016 11:20 AM, ma...@apache.org wrote:
> 3. Why is the problem not limited to the first request
Hi All,
Our client has a simple website consists of some jsps, images, css,
javascripts and html files. It has two Apache proxy(under loadbalancers)
and two Tomcat6(under Loadbalancer). All servers are installed under Linux
environment.This website don't deal with any e-mailing or SMTP features
12 matches
Mail list logo
