Re: Precompile JSP error using webapp-jspc.ant.xml (tomcat stuffed)

yes, it seems that in the pom tomcat 10 is specified, does this make any difference? 10.0.18 Am Do., 23. Juni 2022 um 08:30 Uhr schrieb Rob Sargent < rsarg...@xmission.com>: > > > > On Jun 22, 2022, at 11:36 PM, Markus Reich > wrote: > > > > Hi, > > > > I'm trying to precompile a JSF applicatio

RE: Are Apache versions cumulative ?

Thank you so much, Mark. Much appreciated. -Original Message- From: Mark Thomas Sent: Wednesday, 22 June 2022 7:00 PM To: Tomcat Users List Subject: Re: Are Apache versions cumulative ? On 22/06/2022 09:20, Jason Tan wrote: > Hi there, > Sorry to trouble you folks but I could not find o

Re: Precompile JSP error using webapp-jspc.ant.xml (tomcat stuffed)

> On Jun 22, 2022, at 11:36 PM, Markus Reich wrote: > > Hi, > > I'm trying to precompile a JSF application, I follow the instructions on > https://tomcat.apache.org/tomcat-9.0-doc/graal.html. > > I got a lot of errors like > Caused by: java.lang.ClassCastException: class > com.sun.faces.tag

Precompile JSP error using webapp-jspc.ant.xml (tomcat stuffed)

Hi, I'm trying to precompile a JSF application, I follow the instructions on https://tomcat.apache.org/tomcat-9.0-doc/graal.html. I got a lot of errors like Caused by: java.lang.ClassCastException: class com.sun.faces.taglib.jsf_core.CoreValidator cannot be cast to class jakarta.servlet.jsp.tagex

RE: How to configure Tomcat 8.5.x to run in with a different windows service user, and what are minimum permissions

After a quick meeting with client this may be a moot point. On this page: https://tomcat.apache.org/tomcat-8.5-doc/windows-service-howto.html I saw command line references (and as I'm reviewing, it's becoming more clear that I'm not understanding use) for: -User User account used for r

Re: How to configure Tomcat 8.5.x to run in with a different windows service user, and what are minimum permissions

On 22/06/2022 17:02, paul@stgconsulting.com wrote: Hello all, I been tasked with researching options for running Tomcat 8.5.x as a windows service, but with a different user. I need to know what minimum rights for user would be, and also how to pass user & password. I think I see how to pa

How to configure Tomcat 8.5.x to run in with a different windows service user, and what are minimum permissions

Hello all, I been tasked with researching options for running Tomcat 8.5.x as a windows service, but with a different user. I need to know what minimum rights for user would be, and also how to pass user & password. I think I see how to pass user and password. I don't see how to encrypt pa

RE: [External] Re: Apache Tomcat 8 - Require Tomcat configuration to restrict exe's from downloading

Hi all, As a side note, can we all try not to have a URL with something like “abc.exe” in? Several firewall implementations will refuse to navigate there, even though we all know the intention is not to have it download. Trying to explain that to some people is more difficult than avoiding the

AW: Apache Tomcat 8 - Require Tomcat configuration to restrict exe's from downloading

Hello, if I place e.g. calc.exe in the root folder of a stock Tomcat, it doesn’t seem to work: curl http://localhost/calc.exe -vv --> exe is found curl http://localhost/calc.exe/ -vv --> I receive a 404 error It seems your application is somehow allowing the download or your configuration. Pe

Re: CVE-2022-29885

thank you Mark Le 2022-06-22 à 11:52, Mark Thomas a écrit : On 22/06/2022 10:18, Stephane Passignat wrote: Hello, I'm trying to understand this CVE and EncryptInterceptor. So far my understanding is EncryptInterceptor is used in clustered environment. Am I right ? Reading the content of th

Re: Apache Tomcat 8 - Require Tomcat configuration to restrict exe's from downloading

On 22/06/2022 10:37, bharath Kumar wrote: Hi team, Any help on this ? Further this exe(*abc.exe*) downloads when i hit on the url* http://server_name/abc.exe/ * and is happening only in *Tomcat *not with *IIS*. Tomcat : *http:///abc.exe* -- exe is not gett

Re: CVE-2022-29885

On 22/06/2022 10:18, Stephane Passignat wrote: Hello, I'm trying to understand this CVE and EncryptInterceptor. So far my understanding is EncryptInterceptor is used in clustered environment. Am I right ? Reading the content of the commit and release content, that's only look like a documen

Re: Apache Tomcat 8 - Require Tomcat configuration to restrict exe's from downloading

Hi team, Any help on this ? Further this exe(*abc.exe*) downloads when i hit on the url* http://server_name/abc.exe/ * and is happening only in *Tomcat *not with *IIS*. Tomcat : *http:///abc.exe* -- exe is not getting downloaded *http:///abc.exe/*-- exe

CVE-2022-29885

Hello, I'm trying to understand this CVE and EncryptInterceptor. So far my understanding is EncryptInterceptor is used in clustered environment. Am I right ? Reading the content of the commit and release content, that's only look like a documentation issue. Are there really any DDOS weakness

Re: Are Apache versions cumulative ?

On 22/06/2022 09:20, Jason Tan wrote: Hi there, Sorry to trouble you folks but I could not find on Google any proof/info that state Apache Tomcat fixes are cumulative. I have a customer asking me if fixes listed in https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.109 cumula

Are Apache versions cumulative ?

Hi there, Sorry to trouble you folks but I could not find on Google any proof/info that state Apache Tomcat fixes are cumulative. I have a customer asking me if fixes listed in https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.109 cumulative ? E.g. Cumulative as meaning fixes