Hi Guru's I have an application team having a strange issue post upgrade to Tomcat 8.5.58 and/or 8.5.59 (Happens with both) from Tomcat 8.5.57. See below:
"We are seeing issue in our application, where after upgrading from Tomcat 8.5.57 to 8.5.58 or 8.5.59, it randomly throws 400 error for below URL. There are no changes except the upgrade and it works some time and sometime it does not and throws 400. Switching back to 8.5.57 ensure it works fine all the time. logo.png >From changelog on 8.5.58 I see below [*] Improve the validation of entity tags provided with conditional requests. Requests with headers that contain invalid entity tags will be rejected with a 400 response code. Improve the matching algorithm used to compare entity tags in conditional requests with the entity tag for the requested resource. Based on a pull request by Sergey Ponomarev. (markt) " I have removed most of the name of the item giving the 400 error, but it's an image. Some additional information: NOTE: Some information "redacted" for safety. Header for good and bad one below. Good one: 1. <some uri>-logo.png 2. Request Method: GET 3. Status Code: 200 4. Remote Address: <some remote IP>:443 5. Referrer Policy: strict-origin-when-cross-origin 2. Response Headersview source 1. Accept-Ranges: bytes 2. Access-Control-Allow-Origin: <some URL> 3. Cache-Control: max-age=604800 4. Connection: Keep-Alive 5. Content-Encoding: gzip 6. Content-Type: image/png 7. Date: Mon, 23 Nov 2020 23:30:57 GMT 8. ETag: W/"1898-1605014636000"-gzip 9. Keep-Alive: timeout=15, max=100 10. Last-Modified: Tue, 10 Nov 2020 13:23:56 GMT 11. Strict-Transport-Security: max-age=31536000; includeSubDomains 12. Transfer-Encoding: chunked 13. Vary: Accept-Encoding 14. X-Content-Type-Options: nosniff 15. X-Frame-Options: SAMEORIGIN 16. X-Xss-Protection: 1; mode=block 3. Request Headersview source 1. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 2. Accept-Encoding: gzip, deflate, br 3. Accept-Language: en-US,en;q=0.9 4. Cache-Control: max-age=0 5. Connection: keep-alive 6. Cookie: PS_DEVICEFEATURES=width:1920 height:1080 pixelratio:1 touch:0 geolocation:1 websockets:1 webworkers:1 datepicker:1 dtpicker:1 timepicker:1 dnd:1 sessionstorage:1 localstorage:1 history:1 canvas:1 svg:1 postmessage:1 hc:0 maf:0; <something>=!zmR+O5lInwZQScXFysvE+ZLmn/jZYOMljJRe6zpgTCqT1vq+Nsi6whR90o96mjEzY6eOCcA5+5bBMok=; TS018aedd4=01f75e3a42044ffe4dec9dc58b085c5a587774d7d2291f65cc51c81218d60ff777ac912d6f4623836387cb50a5a4efe34d97b8ea8db7d92d4565c18fd52b1e5ae176edaa99; <something else>=!heE/SoIWn1XzFTnFysvE+ZLmn/jZYPwJaUx/NLmU09FX5SfwbV5ltQ7zTaDlkj3KsURmBocfo4UBEA== 7. Host: <somehost>.com 8. Sec-Fetch-Dest: document 9. Sec-Fetch-Mode: navigate 10. Sec-Fetch-Site: none 11. Sec-Fetch-User: ?1 12. Upgrade-Insecure-Requests: 1 13. User-Agent: Mozilla/5.0 (Windows NT 1 Failed one: 1. <some URI>-logo.png 2. Request Method: GET 3. Status Code: 400 4. Remote Address: <some remote IP>:443 5. Referrer Policy: strict-origin-when-cross-origin 2. Response Headersview source 1. Access-Control-Allow-Origin: <somehost> 2. Cache-Control: max-age=604800 3. Content-Language: en 4. Content-Length: 762 5. Content-Type: text/html;charset=utf-8 6. Date: Mon, 23 Nov 2020 23:30:06 GMT 7. Strict-Transport-Security: max-age=31536000; includeSubDomains 8. Vary: Accept-Encoding 9. X-Cnection: close 10. X-Content-Type-Options: nosniff 11. X-Frame-Options: SAMEORIGIN 12. X-Xss-Protection: 1; mode=block 3. Request Headersview source 1. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 2. Accept-Encoding: gzip, deflate, br 3. Accept-Language: en-US,en;q=0.9 4. Cache-Control: max-age=0 5. Connection: keep-alive 6. Cookie: PS_DEVICEFEATURES=width:1920 height:1080 pixelratio:1 touch:0 geolocation:1 websockets:1 webworkers:1 datepicker:1 dtpicker:1 timepicker:1 dnd:1 sessionstorage:1 localstorage:1 history:1 canvas:1 svg:1 postmessage:1 hc:0 maf:0; <something>=!zmR+O5lInwZQScXFysvE+ZLmn/jZYOMljJRe6zpgTCqT1vq+Nsi6whR90o96mjEzY6eOCcA5+5bBMok=; TS018aedd4=01f75e3a42044ffe4dec9dc58b085c5a587774d7d2291f65cc51c81218d60ff777ac912d6f4623836387cb50a5a4efe34d97b8ea8db7d92d4565c18fd52b1e5ae176edaa99; <something else>=!heE/SoIWn1XzFTnFysvE+ZLmn/jZYPwJaUx/NLmU09FX5SfwbV5ltQ7zTaDlkj3KsURmBocfo4UBEA== 7. Host: <somehost>wellsfargo.com 8. If-Modified-Since: Tue, 10 Nov 2020 13:23:56 GMT 9. If-None-Match: W/"1898-1605014636000"-gzip 10. Sec-Fetch-Dest: document 11. Sec-Fetch-Mode: navigate 12. Sec-Fetch-Site: none 13. Sec-Fetch-User: ?1 14. Upgrade-Insecure-Requests: 1 15. User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Saf Any assistance would be greatly appreciated. They have NOT yet tested with Tomcat 8.5.60. Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
