I am looking at security steps to mitigate issues with a 1.x Struts based app.
I have recommended the following until an upgrade resource is available
Remove application from current shared datasource
Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating)
Reduce exposure to int
We have some applications which are pushing out to their own applogs clearly
showing 'Debug' on most lines with a large amount of data and CI.
I would like to find out where the app team are setting this level, I have
check in the obvious in the war files as it's a Spring Boot app in
applicatio
Users List
Subject: AW: Tomcat Deployment scripts
Hello Alan,
> Von: Alan F
> Gesendet: Mittwoch, 28. Juni 2023 18:24
> An: users@tomcat.apache.org
> Betreff: Tomcat Deployment scripts
>
> Anyone have an example deployment script or method used to deploy a simple
> war and c
Anyone have an example deployment script or method used to deploy a simple war
and context root, also with rollback preferably.
Thanks
Tomcat logging
I would like to add a delimiter or characters " " around {user-agent} for
logging, I wanted it in double quotes for example "Mozilla 5.0.." but can't
seem to make it work. Or even adding a # symbol before would help any ideas?
Thanks
---
HI I have a Tomcat clustered pair running, I see this 3 times a minute in the
logs. I don't see this IP in server.xml I do have a DEV Tomcat pair is this
somehow interfering?
06-Jun-2022 11:15:18.836 WARNING [Catalina-utility-2]
org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.
Im trying to read robots.txt from '/' on a few tomcat servers to block web
search engines. Obviously placed the txt file in ./webapps/ROOT/
Works fine on a few tomcat hosts that have identical server.xml / web.xml so
im puzzled as to why these two Tomcat servers are blocking requests, obviously
This works good for long lasting threads. If the CPU eating thread changes
quickly, it's harder to figure out.
Greetings,
Thomas
____
Von: Alan F
Gesendet: Freitag, 4. Februar 2022 00:02:49
An: Tomcat Users List
Betreff: Re: help with high cpu usage
John thanks
John thanks so much !! Will pass this on tomorrow. Cheers.
From: john.e.gr...@wellsfargo.com.INVALID
Sent: 03 February 2022 22:45
To: users@tomcat.apache.org
Subject: RE: help with high cpu usage
Alan,
> -Original Message-
> From: Alan F
sp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRiLTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&;
-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID
Sent: 03 February 2022 19:33
To: users@tomcat.apache.org
Subject: RE: help with high cpu usage
Alan,
> -Original Message-----
> From: Alan F
> Sent: Thursday, February 03, 2022 12:1
pu usage
Alan,
> -Original Message-----
> From: Alan F
> Sent: Thursday, February 03, 2022 12:19 PM
> To: Tomcat Users List
> Subject: help with high cpu usage
>
> Had some issues today with one prod host. One is fine the other has
> stuck around 80%Cpu.
> Ive take
Had some issues today with one prod host. One is fine the other has stuck
around 80%Cpu.
Ive taken a thread dump from both hosts and would appreciate someone give a
once over what it may be before I kill and restart. They are clustered nodes so
running identical apps and loadbalanced by a hardw
Many thanks Mark!
-Original Message-
From: Mark Thomas
Sent: 01 February 2022 09:25
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
On 31/01/2022 14:54, Alan F wrote:
> Many thanks Chris,
>
> Don't laugh I was looking at those values after
to be that the membership
should remain static and therefore no membership comms shuould be required. Are
those important to ensure that the cluster members (through static) are
actually present during operation?
-chris
> 2022年1月31日(月) 16:47 Alan F :
>
>> OK with your advice I tri
users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
On 28/01/2022 17:05, Alan F wrote:
> We are currently getting traffic from all cluster members in other
> environments using .staticmember opposed to multicast can I confirm why this
> is see below.
>
> What do we need to set
We are currently getting traffic from all cluster members in other environments
using .staticmember opposed to multicast can I confirm why this is see below.
What do we need to set here for a clustered pair to make them unique and talk
to eachother only without seeing traffic from other members
s due to connections being used!
-Original Message-
From: Christopher Schultz
Sent: 24 January 2022 22:42
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections
Alan,
On 1/23/22 09:17, Alan F wrote:
> Can I just follow up here what would be the next steps how would I go
ogging via Catalina.out? Or can it
be.
-Original Message-
From: Phil Steitz
Sent: 21 January 2022 17:50
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections
On 1/21/22 9:28 AM, Alan F wrote:
> Ok thanks Phil ok I checked other connections in the same host and see
Thanks for your input Phil! Arghh will keep looking.
-Original Message-
From: Phil Steitz
Sent: 21 January 2022 17:50
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections
On 1/21/22 9:28 AM, Alan F wrote:
> Ok thanks Phil ok I checked other connections in the same h
inutes! And diff is identical apart from Cluster ips.
-Original Message-
From: Phil Steitz
Sent: 21 January 2022 16:10
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections
On 1/21/22 8:19 AM, Alan F wrote:
> Thanks John,
>
> Here is an exampl
?
-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID
Sent: 21 January 2022 14:50
To: users@tomcat.apache.org
Subject: RE: Tomcat jdbc connections
Alan,
> -Original Message-
> From: Alan F
> Sent: Friday, January 21, 2022 6:53 AM
> To: Tomcat Users List
&
: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections
Alan,
On 1/20/22 09:33, Alan F wrote:
> I have an issue with connections on Tomcat9 Oracle showing connections
> made for about 2seconds then dropped again. Is this normal when the
> server is not being used?
You mean like
I have an issue with connections on Tomcat9 Oracle showing connections made for
about 2seconds then dropped again. Is this normal when the server is not being
used?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
F
OK thanks Bill!
-Original Message-
From: Bill Stewart
Sent: 14 January 2022 19:02
To: Tomcat Users List
Subject: Re: Tomcat 9 Encrpytion of JDBC
On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote:
> Interested to know your best practices on securing jdbc plain text
> passwords,
All,
Interested to know your best practices on securing jdbc plain text passwords,
in my last place they used a mechanism to encrypt all passwords. Is this the
best method as I read some people don't recommend this. Any details or procs on
best practice appreciated.
Thanks
Ken
--
25 matches
Mail list logo