On Wed, Jun 22, 2016 at 10:42 PM, Mark Thomas wrote:
> On 21/06/2016 17:36, Mark Thomas wrote:
>> On 21/06/2016 14:52, Mark Thomas wrote:
>>> On 21/06/2016 14:43, Andrei Ivanov wrote:
>>
>>
>>
21-Jun-2016 13:38:41.122 FINE [https-openssl-apr-8443-exec-6]
Mark,
Thanks for the hint! I added the following line to my connector and it did the
trick!
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
On 21/06/2016 17:36, Mark Thomas wrote:
> On 21/06/2016 14:52, Mark Thomas wrote:
>> On 21/06/2016 14:43, Andrei Ivanov wrote:
>
>
>
>>> 21-Jun-2016 13:38:41.122 FINE [https-openssl-apr-8443-exec-6]
>>> org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer
>>> An APR general
On 22/06/2016 16:47, James Wiley wrote:
> Hi Tomcat Users,
>
> Has anyone run into any issues supporting SSL using the JSSE Connector when
> upgrading from 7.0.68 to 7.0.69?
>
> I help maintain a web application that uses tomcat7. A recent upgrade from
> 7.0.68 to 7.0.69 has caused the
Hi Tomcat Users,
Has anyone run into any issues supporting SSL using the JSSE Connector when
upgrading from 7.0.68 to 7.0.69?
I help maintain a web application that uses tomcat7. A recent upgrade from
7.0.68 to 7.0.69 has caused the tomcat7 instance to throw an “Error during SSL
Handshake”
- On Jun 22, 2016, at 1:52 PM, Bernd Lentes
bernd.len...@helmholtz-muenchen.de wrote:
> Hi,
>
> i changed maxHttpHeaderSize in server.xml following the recommendation in
> CVE-2016-3092.
> I changed it to 2048 bytes.
>
>connectionTimeout="2"
>
Hi,
i changed maxHttpHeaderSize in server.xml following the recommendation in
CVE-2016-3092.
I changed it to 2048 bytes.
On 22/06/2016 11:29, Mark Thomas wrote:
> On 22/06/2016 09:28, Markus Näher wrote:
>> In the web console of firefox, I could see that the session cookie was
>> set with the path /jsf%5ftest, while other cookies (set by myfaces) were
>> correctly set with the path /jsf_test.
>> It looks like
On 22/06/2016 09:28, Markus Näher wrote:
> Hi,
>
> I'm working on a JSF (myfaces) project that runs on Tomcat. First I
> thought it was a myfaces issue, but they told me that the container is
> responsible for the session cookie, so now I'm here :-)
That is correct. To a point. There are some
Note: This announcement corrects several errors and omissions in the
Tomcat aspects of the announcement for CVE-2016-3092 from the Apache
Commons project that was recently forwarded to various Apache Tomcat
mailing lists.
For the sake of clarity, the Tomcat specific corrections are as follows:
1.
Hi,
I'm working on a JSF (myfaces) project that runs on Tomcat. First I thought it was a myfaces issue,
but they told me that the container is responsible for the session cookie, so now I'm here :-)
I've created a minimal JSF test project and I called it jsf_test. When I open the tomcat
Thanks for the info Mark.
Regards,
Chinoy
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, June 22, 2016 11:43 AM
To: Tomcat Users List
Subject: Re: CVE-2016-3092: Apache Commons Fileupload information disclosure
vulnerability
On 22/06/2016 05:51, Chinoy Gupta wrote:
> What about 8.5.x branch? Is that also affected.
Yes. 8.5.0 to 8.5.2 are affected.
> And I am not able to see this update on Tomcat security page. Any reasons for
> that?
Oversight. I'll get it added later today unless someone beats me to it.
I'll also
13 matches
Mail list logo