One more related changes :
https://bz.apache.org/bugzilla/show_bug.cgi?id=63041
Please suggest the probable fix to make this smooth.
On Sat, Jul 25, 2020 at 11:03 AM Kushagra Bindal
wrote:
> Thanks Martin,
>
> By looking at the change log I found few relevant items.
>
> 1. https://bz.apache.org
Thanks Martin,
By looking at the change log I found few relevant items.
1. https://bz.apache.org/bugzilla/show_bug.cgi?id=55969
2. https://bz.apache.org/bugzilla/show_bug.cgi?id=62515
3. https://bz.apache.org/bugzilla/show_bug.cgi?id=48655
4. https://bz.apache.org/bugzilla/show_bug.cgi?id=63210
Chris,
This is just silly. The code change is there. If I am rouge actor, I can and I
will understand issue and try to produce exploit. With explanation like this
legitimate Tomcat users are left to scratch their head if they are vulnerable
or not especially as the explanation says that a 3rd p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 7/24/20 15:15, George Stanchev wrote:
> The description for this CVE is pretty vague (as perhaps
> necessary) but we have a customer that is trying to assess their
> risk for this CVE.
Their risk is probably very low. Their risk of a bun
The description for this CVE is pretty vague (as perhaps necessary) but we have
a customer that is trying to assess their risk for this CVE. They are behind a
reverse-proxy. Even though the description on Tomcat's security page states
that the risk is low it doesn't describe how would a reverse-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I have a JNDI which is a JDBC DataSource. It is set to
singleton="true" via defaults (not explicitly set).
The JDBC Connections in this DataSource pool (using dbcp2 as provided
by Tomcat) have TLS configuration including client certificates,
On Fri, Jul 24, 2020 at 9:36 AM Christopher Schultz wrote:
Note that everything you can configure using tomcatXw.exe //ES/svcname
> you can also install from the command-line.
>
Correct. See the InstallService PascalScript procedure in the installer
which performs the equivalent:
https://github.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Bill, Hans,
On 7/24/20 09:42, Bill Stewart wrote:
> On Fri, Jul 24, 2020 at 2:26 AM Hans Schou wrote:
>
> "document" manually? Like copy&paste into a text file?
>>
>
> Yes, however you customarily do so.
Note that everything you can configure using
On Fri, Jul 24, 2020 at 2:26 AM Hans Schou wrote:
"document" manually? Like copy&paste into a text file?
>
Yes, however you customarily do so.
> > 2. If you used Apache's Windows installer, uninstall it (unfortunately
> this removes the service and service configuration info).
>
> I use the zip
Fra: Bill Stewart
> https://github.com/Bill-Stewart/ApacheTomcatSetup/releases
I will look into that.
> Basically the steps would be:
> 1. Back up/document your 8.x configuration.
"document" manually? Like copy&paste into a text file?
> 2. If you used Apache's Windows installer, uninstall i
10 matches
Mail list logo