Am 2020-04-19 um 19:51 schrieb Martin Grigorov:
Hi Emilio,
On Fri, Apr 17, 2020 at 2:14 PM Emilio Fernandes <
emilio.fernande...@gmail.com> wrote:
Hola Tomcat community!
We consider using AWS Graviton [1] based instances which use ARM64
processors for our backend services.
I've googled
Am 2020-04-16 um 00:01 schrieb [ext] Osipov, Michael:
Seekings advise whether it is me/my understanding or some flaw in
Tomcat's class loader hierarchy. The test happens on Tomcat 8.5.54 with
Java 13 for JDK-8160768.
My implementation of javax.naming.ldap.spi.LdapDnsProvider is packed
along
ich the file was actually loaded.
My code uses classes from the bootstrap class loader which uses service
loader to load, but since my provider is in a hierarchy way up, not
system class loader or below, the provider is not visible to it?
Michael
[1] https://stackoverflow.com/a/46494370/696
Added as https://bz.apache.org/bugzilla/show_bug.cgi?id=64353
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Mark,
Am 2020-04-15 um 13:44 schrieb Mark Thomas:
> On 15/04/2020 12:06, Osipov, Michael wrote:
>> Folks,
>>
>> is there any way to access the server certififace from a valve which has
>> been used to establish the TLS context? I haven't found an easy way.
,
especially when SANs are used.
I'd like to evaluate RFC 5929 for the paranoid.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2020-04-14 um 01:45 schrieb Manuel Dominguez Sarmiento:
Hi, we are in the middle of a thorough review to fully support IPv6
across our platform. It has come to our attention that Java does not
fully conform to RFC 5952 section 4 which deals with IPv6 zero
compression (i.e. ::1 instead of
Am 2020-03-26 um 16:03 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm developing my first multipart handler since .. I dunno, maybe
2005? This is the first time I'll be using the Servlet 3.0 multipart
handling, of course through Tomcat. Some of these
Hello all,
I found out that I've trouble in uploading multipart messages with TLS in
Tomcat 9.0.31 (Windows server 2012/2016, Java 1.8.0_241, also 221). With the
same server config in 9.0.30 it works well. Uploading multipart messages in
9.0.31 without TLS works also. This can be reproduced
Am 2020-02-29 um 15:12 schrieb Mark Thomas:
On 29/02/2020 13:05, Thomas Meyer wrote:
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
On 29/02/2020 11:23, Michael Osipov wrote:
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12
Am 2020-02-29 um 14:05 schrieb Thomas Meyer:
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
On 29/02/2020 11:23, Michael Osipov wrote:
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Tomcat does not support renegotiation of TLS contexts based
on URLs like HTTPd.
Yes it does.
If you specify
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Tomcat does not support renegotiation of TLS contexts based
on URLs like HTTPd.
Yes it does.
If you specify
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
Hi,
Instead of configuring the container for client cert Auth change the
webapp:
1) define a realm in local context.xml
2) add resp security constraint only
Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius"
:
Hi list,
I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
end-user facing webapp but also as a REST API which authenticates
using client certificates. The same URLs
Am 2020-02-18 um 23:43 schrieb Mark Thomas:
On 18/02/2020 19:47, Michael Osipov wrote:
Am 2020-02-18 um 20:28 schrieb Mark Thomas:
Got it - I think. Let me re-phrase to see if I understand correctly.
You have a code fragment that issues a redirect.
The app submits a request
Am 2020-02-18 um 20:28 schrieb Mark Thomas:
On 18/02/2020 18:13, Michael Osipov wrote:
Am 2020-02-18 um 10:00 schrieb Mark Thomas:
On 17/02/2020 20:17, Michael Osipov wrote:
I have continued some tests on 8.5.51 with PUT requests and Expect: 100
continue header from HttpClient 5.0.
I have
Am 2020-02-18 um 10:00 schrieb Mark Thomas:
On 17/02/2020 20:17, Michael Osipov wrote:
I have continued some tests on 8.5.51 with PUT requests and Expect: 100
continue header from HttpClient 5.0.
I have noticed that the very same code code fragment
What code fragment?
My bad, here
<<
"[0x9]java.nio.file.Files.copy(Files.java:2735)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 <<
"[0x9]java.nio.file.Files.copy(Files.java:2854)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 <<
"[0x9]aa.Test2.doPut(Test2.java:68)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 <<
"[0x9]javax.servlet.http.HttpServlet.service(HttpServlet.java:663)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 <<
"[0x9]javax.servlet.http.HttpServlet.service(HttpServlet.java:741)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 <<
"[0x9]aa.RedirectFilter.doFilter(RedirectFilter.java:39)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 <<
"[0x9]org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)[\r][\n]"
[main] DEBUG org.apache.http.wire - http-outgoing-1 << "Note The full stack trace of the root cause is available
in the server logs.Apache Tomcat/8.5.51"
[main] DEBUG org.apache.http.headers - http-outgoing-1 << HTTP/1.1 500
[main] DEBUG org.apache.http.headers - http-outgoing-1 << Content-Type: text/html;charset=utf-8
[main] DEBUG org.apache.http.headers - http-outgoing-1 << Content-Language: en
[main] DEBUG org.apache.http.headers - http-outgoing-1 << Content-Length: 3291
[main] DEBUG org.apache.http.headers - http-outgoing-1 << Date: Mon, 17 Feb
2020 20:15:15 GMT
[main] DEBUG org.apache.http.headers - http-outgoing-1 << Connection: close
Is that intended?
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2020-02-17 um 16:47 schrieb Mark Thomas:
On 17/02/2020 15:07, Michael Osipov wrote:
Folks,
I am recently working an issue with Maven Wagon and HttpClient and
noticed that Tomcat responds with 500 while I would expect 408 in this
case.
Tried very simple code on Tomcat 8.5.51
tpClientConnectionManager - Connection manager shut down
So the server tries to read those advertised 15 bytes from the client
while the input stream on client side has been exhausted. The reqest
times out.
I don't understand why I don't get a 408 according to RFC 7231, s
Am 2020-01-22 um 23:30 schrieb Norbert Elbanbuena:
Hello and greetings,
I'm running tomcat 9.0.27 using APR and OpenSSL and get intermittent crashes
with the hs_err log always pointing that the problematic frame is libapr-1.so.
Our machine details:
OS: CentOS Linux release 7.6.1810 (Core)
Am 2020-01-12 um 19:26 schrieb M. Manna:
Hey All,
Just trying to get a timeline (or possible release time) for next 8.5.x.
The latest release is 8.5.50 from December 2020. I am assuming there is one
imminent for January 2020?
This is purely for individual interest as my dev cycle requires a
customize the socket or modify the STARTTLS negotiation?
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2020-01-07 um 21:58 schrieb Jerry Malcolm:
This may be more of a Java question than Tomcat. But I'm not sure. I
have the same code, talking to the same MySql Linux (AWS) database. I
read a date column value in a Tomcat app. After calling
resultSet.getDate(...) I printed the date
Am 2020-01-06 um 21:13 schrieb Zahid Rahman:
That must be the reason why Apache Netbeans is using a version from 2015
and Apache Struts is recommending to use jdk 8.
Because there is somebody like you keeps telling people it is off topic
and Giant IT companies are not releasing jdk further
consider such a shim to
be dangerous at some point in time.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
knew or don't understand where "catalina"
comes from.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
their own, e.g., commercial vendors or Undertow, Netty, Jetty,
etc.?! (Mainly portability within the API)
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
Am 2019-10-22 um 16:43 schrieb Christopher Schultz:
Robert,
On 10/18/19 11:46, Robert Hicks wrote:
Thanks!
Further, releases of the servlet spec seem to be published approximately
every 4 years in recent memory[1]. Tomcat 9 implements spec version 4.0,
released in Sept 2017. If that
I need to communicate securely between two Tomcat servers running in two
different environments. I have control of both servers.
I would like to do this through a simple REST call from Server-B to
Server-A.
On the server I am communicating to, Server-A, I can easily set up HTTPS
with a
What problem are you trying to solve?
Bandwidth requirements for a data intensive web application?
On Fri, Aug 30, 2019 at 9:22 AM calder wrote:
> On Thursday, August 29, 2019, Michael Duffy wrote:
>
> > Is there a simple tool that will show bandwidth utilization to and from
&g
Thx Guido.
I would appreciate more details.
You could post them as a reply to this email or if you are on StackOverflow
I will post the question there. I think your answer would get a lot of up
votes.
Mike
On Fri, Aug 30, 2019 at 6:01 AM Jäkel, Guido wrote:
> Dear Michael,
>
> you
There is a " Bytes received: 0.00 MB Bytes sent: 12.03 MB" in the Tomcat
Manager; however, the received count does not change and the sent count
seems low.
On Thu, Aug 29, 2019 at 7:09 PM Michael Duffy wrote:
> Is there a simple tool that will show bandwidth utilization to and from
There is a,
On Thu, Aug 29, 2019 at 7:09 PM Michael Duffy wrote:
> Is there a simple tool that will show bandwidth utilization to and from
> the Tomcat server?
>
> I am looking for something that will provide an exact byte count of the
> TCP/IP packets.
>
> I would ha
Is there a simple tool that will show bandwidth utilization to and from the
Tomcat server?
I am looking for something that will provide an exact byte count of the
TCP/IP packets.
I would have thought this would be an easy find; however, after hours of
Googling around I have not yet been
I have searched for a good profiler for Tomcat with little success.
I am looking for an application that will profile internal memory and
bandwidth utilized (data transfer rates from Tomcat).
Any help would be greatly appreciated.
Thx!
PR03MB60075E5A12F40DAB9281E073BEC00%40AM6PR03MB6007.eurprd03.prod.outlook.com%3E
The OpenJdk installers don't configure the registry the same way as as Java 8
did. procrun doesn't cope with it.
Workaround is to mess with JAVA_HOME or to install Java 8.
procrun needs to be fixed.
Michael
Am 2019-08-01 um 21:19 schrieb Mark Thomas:
On 01/08/2019 20:07, Justiniano, Tony wrote:
And that is what I was thinking, inadvertently, our scanning tool just found
the apache version during a scan and corresponded it (the apache version) with
a CVE.
Do you concur?
Sounds likely. Most low
have
these almost every day in access.log and via SSH.
Ask your network department who's IP this is and you should get better
information.
See also: https://bz.apache.org/bugzilla/show_bug.cgi?id=55372
Michael
On July 19, 2019 6:26 PM Michael Lemke wrote:
>On July 19, 2019 5:51 PM André Warnier wrote:
>>For some maybe useful background information, it may be useful to read this :
>>https://cwiki.apache.org/confluence/display/TOMCAT/Windows#Windows-Q11
>
>Thanks. Actually, I kn
ons, at least since 8.0.x.
For backward compatibility to the above documentation, RewriteRule needs
the `positive` variable and logic found in the RewriteCond class.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63608
Thanks
--Michael
.
--
CONFIDENTIALITY NOTICE: This e-mail, including attachme
oesn't find the OpenJdk.
So doesn't this boil down to why procrun doesn't pick up the OpenJdk
installation?
I verified that the ojdkbuild installer sets the appropriate Registry keys. Is
this a bug in procrun or does Oracle play some additional tricks?
Michael
>
>On 19.07.2019 14:01, M
hat am I doing wrong?
Thanks,
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Thanks Mark. I would like to deny access if an unknown response is received.
From: Mark Thomas
Sent: Thursday, July 11, 2019 12:59 PM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 11/07/2019 17:46, Michael Magnuson wrote
The OCSP function is working as expected for both "good" and "revoked"
responses. However, I find that it also allows "unknown" responses. Is the
"unknown" response behavior adjustable?
Thanks,
Mike
____
From: Michael Magnus
Christopher,
Am 2019-07-08 um 19:55 schrieb Christopher Schultz:
Michael,
On 7/8/19 03:58, Osipov, Michael wrote:
Christopher,
Am 2019-07-05 um 19:07 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/5/19 11:00, Osipov, Michael wrote:
Hi
Christopher,
Am 2019-07-05 um 19:07 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/5/19 11:00, Osipov, Michael wrote:
Hi Christopher,
Am 2019-07-02 um 17:49 schrieb [ext] Osipov, Michael:
[...]
During your ~1min stall, Tomcat is still waiting
Hi Christopher,
Am 2019-07-02 um 17:49 schrieb [ext] Osipov, Michael:
[...]
During your ~1min stall, Tomcat is still waiting for data, right? When
the connection fails, Tomcat drops its error message at the same time,
right? Can you post a stack trace of what the Tomcat thread is doing
Am 2019-07-02 um 17:18 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/2/19 10:40, Osipov, Michael wrote:
Hi folks,
I am trying to understand a sporadic failure (several times a day)
where a request proxied by HTTPd takes so long that the default
sing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
real1m0,175s
user0m0,047s
sys 0m0,007s
Where can I start digging? Tomcat? HTTPd? Maybe I should run HTTPd in
debug mode for a day and analyze that?
Pointers greatly appreciated.
Reg
Thomas
Sent: Tuesday, June 25, 2019 12:41 PM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 20:22, Michael Magnuson wrote:
>
>
> Mark, thanks for the further clarification. With that setup, it prompts for
> the smart card PIN and yo
no OCSP action.
From: Mark Thomas
Sent: Tuesday, June 25, 2019 11:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 19:24, Michael Magnuson wrote:
>
>
> Oh I see. I was trying to use those fields for
On 25/06/2019 18:04, Michael Magnuson wrote:
>
>
> Mark, are you defining your server SSL certificate someplace else, other than
> within the connector in server.xml?
No.
> From your example connector config, I'm not seeing it defined.
Server key is defined by cer
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 17:12, Michael Magnuson wrote:
>
>
> Can I point certificateRevocationListFile= to an empty file so it always
> reverts to OCSP?
Just don't specify it at all.
I've confirmed this lo
Can I point certificateRevocationListFile= to an empty file so it always
reverts to OCSP?
From: Mark Thomas
Sent: Friday, June 21, 2019 9:10 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 16:46, Michael
Thanks. Is that setup using a CRL instead of OCSP?
From: Mark Thomas
Sent: Friday, June 21, 2019 8:44 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 16:31, Michael Magnuson wrote:
> Hmm. It's st
Thomas wrote:
> On 20/06/2019 18:27, Michael Magnuson wrote:
>> Thanks Mark. A couple clarifications on your example first. You don't list
>> the clientAuth= attribute. I assume this was a simple oversight.
>
> It is replaced by certificateVerification="required"
Am 2019-06-21 um 14:33 schrieb Mark Thomas:
On 21/06/2019 13:13, Osipov, Michael wrote:
Folks,
we're migrating off old hosts to new ones, but remain at 8.5.x (.34 to
.42 at the moment) and Java 8. Surprisingly, an empty Tomcat wih just
manager installed takes way too long too start. More
I have compiled all native components myself, except for Java and
OpenSSL. They are provided by HPE in binary form.
Note: OpenSSL update to 1.0.2r is pending, but this should not be cause
here.
Michael
-
To unsubscribe, e-m
bute, is the correct syntax "require" or
"required"?
Thanks,
Mike
From: Mark Thomas
Sent: Thursday, June 20, 2019 10:00 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 17:24, Michael Magnus
"want" has no effect either way.
Mike
From: Mark Thomas
Sent: Thursday, June 20, 2019 9:02 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 16:19, Michael Magnuson wrote:
> Mark,
>
> Tomca
Thomas
Sent: Thursday, June 20, 2019 3:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
Tomcat version?
Tomcat Native version?
Mark
On 19/06/2019 23:46, Michael Magnuson wrote:
> Hi,
>
> I'm running Tomcat 8.5 on RHEL 7.6. I'm successfully usi
Hi,
I'm running Tomcat 8.5 on RHEL 7.6. I'm successfully using client certificate
validation from the smart card, but I would like to add client-cert OCSP
revocation checking. I *think* I've set up the connector correctly in the
server.xml file, but although the server starts and operates
i recently did a JASPIC plugin for OIDC.
ended writing a simple authorization class that returned user roles based
on the request/Principal instead of trying to add JACC
arjan tijms guide is what i used for the most part
but you're right there is no decent Tomcat tutorial yet
On Wed, Jun 5,
there
must be a bug in security:jee, you should debug that. I had to debug
this many many times due to a lot of issues with security:jee.
See [1] the attention admonition, you may suffer from one of those.
Michael
[1] http://tomcatspnegoad.sourceforge.net/
ing my custom Tomcat authentication
implementation.
If someone knows better, I'd be glad to hear his/her approach.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2019-03-29 um 22:07 schrieb Mark Thomas:
On 29/03/2019 12:28, Michael Osipov wrote:
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
It seems
1.073 "PUT
/backend-dev/manager-1/text/deploy?path=%2Fbackend-dev=false=003
HTTP/1.1" 101 - 0
147.54.64.55 osipo...@ad001.siemens.net 2019-03-30T21:58:31.819 "PUT /backend-dev/manager-1/text/deploy HTTP/2.0&qu
Am 2019-03-29 um 22:07 schrieb Mark Thomas:
On 29/03/2019 12:28, Michael Osipov wrote:
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
It seems
Am 2019-03-29 um 22:07 schrieb Mark Thomas:
On 29/03/2019 12:28, Michael Osipov wrote:
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
It seems
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
It seems to be related to the use of kerberos. I don't see any errors
when I provide the user name
sitex-ldadw.ad001.siemens.net
> * Connected to sitex-ldadw.ad001.siemens.net (147.54.64.55) port 443 (#0)
> * Server auth using Negotiate with user ''
> * Using Stream ID: 3 (easy handle 0x800d65000)
> } [5 bytes data]
> > PUT /webhooks/upload.py HTTP/2
> > Host: sitex-ldadw.ad001.siemens.net
> > Authorization: Negotiate YIISJQYGKwYBBQUCoI...
> > User-Agent: curl/7.64.0
> > Accept: */*
> > Expect: 100-continue
> > Content-Length: 6502195
> >
> } [5 bytes data]
> < HTTP/2 100
> } [5 bytes data]
> 3 6349k0 03 191k 0 1432k 0:00:04 --:--:--
0:00:04 1432k* We are completely uploaded and fine
> { [5 bytes data]
> < HTTP/2 204
> < date: Thu, 28 Mar 2019 14:36:56 GMT
> < server: Apache/2.4.38 (FreeBSD) OpenSSL/1.1.1a-freebsd
mod_auth_gssapi/1.6.1
> < www-authenticate: Negotiate oYG3MIG0oAMKA...
> < x-frame-options: SAMEORIGIN
> <
> { [5 bytes data]
> 100 6349k0 0 100 6349k 0 15.3M --:--:-- --:--:--
--:--:-- 22.2M
> * Connection #0 to host sitex-ldadw.ad001.siemens.net left intact
>
> real0m0,420s
> user0m0,212s
> sys 0m0,169s
It works, even without "Expect: 100-continue".
As far as I understand the HTTP/2 spec, the header is not necessary
anymore and this is builtin into the protocol.
Any ideas?
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2019-03-11 um 09:03 schrieb Rainer Jung:
Am 11.03.2019 um 08:09 schrieb Michael Osipov:
Am 2019-03-10 um 22:29 schrieb Mark Thomas:
On 10/03/2019 20:54, Michael Osipov wrote:
Am 2019-03-10 um 12:16 schrieb Mark Thomas:
On 10/03/2019 09:08, Guido Jäkel wrote:
Dear John, Hi Rainer,
Thank
Am 2019-03-10 um 22:29 schrieb Mark Thomas:
On 10/03/2019 20:54, Michael Osipov wrote:
Am 2019-03-10 um 12:16 schrieb Mark Thomas:
On 10/03/2019 09:08, Guido Jäkel wrote:
Dear John, Hi Rainer,
Thank you for your hints. I leaned to used this features on Github
locate the commit - it's
Am 2019-03-10 um 12:16 schrieb Mark Thomas:
On 10/03/2019 09:08, Guido Jäkel wrote:
Dear John, Hi Rainer,
Thank you for your hints. I leaned to used this features on Github locate the
commit - it's
https://github.com/apache/tomcat/commit/fd2abbb525660a9968694afd99a58f8c22cb54c6
and
: [External] Re: Question regarding mitigating the CVE-2017-12617
vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 2/13/19 13:35, Adams, Michael wrote:
> I currently am running Apache Tomcat 8.5.13.0 on Windows Server
> 2012 R2 servers to support a NCR Aptra
, Michael wrote:
> TomCat users.
> I currently am running Apache Tomcat
> https://urldefense.proofpoint.com/v2/url?u=http-3A__8.5.13.0=DwICaQ=LkAXfnqL6_MvrMPL5JzdE3Ild0DUTpmjbCJvMv5_TcQ=p3_goTYT-PvEzXC6jGr9rg=EyqQRJjlE-MS2UtSwB36b0JrzdT5stm5F4mjaEAE7Mw=_4_hoZTjRXAb-gUL3WJvsPiWcIqUBuEFWb
TomCat users.
I currently am running Apache Tomcat 8.5.13.0 on Windows Server 2012 R2 servers
to support a NCR Aptra Vision application. A Tripwire vulnerability scan
showed the servers have the Apache Tomcat CVE-2017-12617 Vulnerability. To
mitigate I see I could upgrade to Apache Tomcat
as soon as the
security context has been established and the GSS src name has been
obtained.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On Thursday, December 27, 2018 5:35 PM, Mark H. Wood wrote:
>On Wed, Dec 19, 2018 at 06:52:20PM +, Lemke, Michael ST/HZA-ZIC2 wrote:
>> On December 19, 2018 6:54 PM Lemke, Michael wrote:
>> >On December 18, 2018 8:52 PM Christopher Schultz wrote:
>> >>On 12/18/18
On December 19, 2018 6:54 PM Lemke, Michael wrote:
>On December 18, 2018 8:52 PM Christopher Schultz wrote:
>>On 12/18/18 12:42, Lemke, Michael ST/HZA-ZIC2 wrote:
>>> I have an old webapp that uses log4j 1.2 and which I am trying to
>>> deploy on tomcat. For the he
Christopher,
On December 18, 2018 8:52 PM Christopher Schultz wrote:
>On 12/18/18 12:42, Lemke, Michael ST/HZA-ZIC2 wrote:
>> I have an old webapp that uses log4j 1.2 and which I am trying to
>> deploy on tomcat. For the heck of it I can't get tomcat to use the
>> log4.pro
Thanks, Ryan, this JULI thing actually is what worries me. I don't care about
tomcat's logging at the moment. It is my webapp's logging I can't figure out.
It worked on other containers.
-Original Message-
From: Ryan Palmer
Sent: Tuesday, December 18, 2018 7:49 PM
Michael,
Tomcat uses
18, 2018, at 9:42 AM, "Lemke, Michael ST/HZA-ZIC2" wrote:
>
>I have an old webapp that uses log4j 1.2 and which I am trying to deploy on
>tomcat. For the heck of it I can't get tomcat to use the
>log4.properties<http://log4.properties> file. What am I doing wrong?
>
I have an old webapp that uses log4j 1.2 and which I am trying to deploy on
tomcat. For the heck of it I can't get tomcat to use the log4.properties file.
What am I doing wrong?
tomcat 9.0.6 is installed as a Windows service and does serve my webapp, so the
app is working fine. The project is
On Wed, Oct 3, 2018 at 12:50 PM Mark Thomas wrote:
> CVE-2018-11784 Apache Tomcat - Open Redirect
Is it possible to get more information on the "specially crafted URL"?
I'd like more information so that I can test if some of our apps are
vulnerable.
In addition, I'd like to verify that the
s is not defined and do not expect it to work properly. The best and
morstreliable you can do is to encode your values with
https://tools.ietf.org/html/rfc5987. This is the same approach done for
Content-Disposition filename qualifier. You may want to evaluate mod_lua
for that.
only once in the
webapp classloader. No one is creating a new instace on each an every
request. You *cannot* share a variable like that, it is not threadsafe.
This is your problem. You have to fix that. You also *must* review the
rest of your code. Here is your exact problem:
ht
at would
make it very clear that this is code you are not supposed to touch. But I have
the feeling that tomcat isn't too strict about such a concept and might require
you to do so anyway.
Michael
>
>Cheers,
>
>On 07/30/2018 09:22 AM, Marek Czernek wrote:
>> Hi there,
>&g
Am 2018-08-02 um 16:30 schrieb Mark Thomas:
On 02/08/18 11:15, Mark Thomas wrote:
On 30/07/18 19:48, Michael Osipov wrote:
Am 2018-07-25 um 22:13 schrieb Michael Osipov:
Hi folks,
I might have found a bug and looking for someone to confirm. (Tested
in Tomcat 8.5.32).
I agree
Am 2018-07-25 um 22:13 schrieb Michael Osipov:
Hi folks,
I might have found a bug and looking for someone to confirm. (Tested in
Tomcat 8.5.32).
Consider the following servlet:
@WebServlet("/request-dispatcher")
public class TestServlet extends HttpServlet {
private static
f your application.
The current valve shows you consicely status -- reason phrease, message,
status description and the stacktrace if given.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
report shall look like, it is at the
discretion of the container, you should rely on that at all.
Though, I'd be very greatful if you can isolate the case, I'd really want to fix
this.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
I consider this to be a bug, I know that Tomcat has its own URLEncoder,
but it seems that we need a compliant URLDecoder or use UDecoder?.
Can someone confirm?
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Just did the test. Zero changed, broken as before.
Anyway, thanks for helping. I will try to continue with Yann on the Bugzilla
issue.
Michael
>
> Dear Michael,
>
> did you give it a try, also? To my knowledge the keyword "early" may hide
> this header from th
Am 2018-07-05 um 14:44 schrieb Jäkel, Guido:
Dear Michael,
I wasn't faced by this yes, but what's about adding something like
RequestHeader unset Expect early
at the Apache httpd?
I know that tip, but it makes no sense at all. The client expected
100-continue
> Dear Michael,
>
> i don't know if this issue also take happen with it, but may be using mod_jk
> an option for you, also?
Hi Guido,
just installed mod_jk through ports and configured it. No avail, I have the
very same issue.
I will raise this on the HTTPd mailing li
p tomorrow. If no
solution is available, this will basically mean that I have to drop
HTTPd proxying the requests and lose potential balancing features in the
future for this service.
Michael
-
To unsubscribe, e-mail: user
I'm using Tomcat 8.5.4. I've got a JASPIC question
When I call AuthConfigFactory#registerConfigProvider() if I pass null for the
3rd parameter (the appContext) there is no registration. The registrationID
returned by calling registerConfigProvider() is null. And in testing I can
verify the
101 - 200 of 1071 matches
Mail list logo