Re: Win10 installation progress

Dear Chuck, All good news.There were only a few bad entries in the web.xml file.Replacing j2eer.jar with:    servlet-api.jar    javax.mail.jar    javax.activation.jarwas not necessary for my code written during 1999-2005.The Java code had warnings due to deprecated constructs, but it

RE: Reg: tomcat CPU spikes

This is the warning message we get when cachingAllowed is not set to false org.apache.catalina.webresources.Cache.getResource Unable to add the resource at [/WEB-INF/classes/] to the cache for web application [/x] because there was insufficient free space available after evicting expired

Intermittent Missing Content-Type

Greetings folks, According to JavaServer Pages™ specs v2.3 #JSP4.2, when a JSP page does not provide the TYPE value of the contentType attribute, "the initial content type is “text/html” for JSP pages in standard syntax" With our relatively big web application, we are experiencing an

Re: Issue with JDK 11 and tomcat-embed-core 9.0.91

Greg, On 7/15/24 5:01 PM, Greg Eschbacher wrote: Hi all, I'm hoping you all can help me: Our JDK 11 application uses tomcat-embed-core, and we're upgrading from 9.0.88 to 9.0.91 and we can no longer compile. After some investigation, I believe the issue is that the tomcat-embed-core jar

Re: Ubuntu Tomcat package maintenance

I don't, no. That's one of the things I'd expect to learn from the listed Ubuntu package maintainer if I could contact them. I've given up trying again for the year, and I'm working on a workaround. Joel On Fri, Jul 12, 2024 at 4:08 PM Christopher Schultz < ch...@christopherschultz.net> wrote:

Re: Win10 installation progress

> On Jul 16, 2024, at 18:45, DdC wrote: > > Link to catalina log is below Which shows this error: Caused by: java.lang.IllegalArgumentException: Invalid [com.ZAjax] in servlet mapping > Thanks for all your advice.Progress here.The port regards hck app (for > medical diagnosis) with

Re: Win10 installation progress

Dear Christopher, Link to catalina log is below Thanks for all your advice.Progress here.The port regards hck app (for medical diagnosis) with 6.1Mb source ofwhich 4.6Mb java code.Have been able to compile without using j2ee.jar (with a dos .batscript tackling 19 directories, etc.)Used instead

Re: Win10 installation progress

> On Jul 16, 2024, at 15:57, DdC wrote: > > Dear Christopher, > > Thanks for all your advice. > Progress here. > The port regards hck app (for medical diagnosis) with 6.1Mb source of > which 4.6Mb java code. > Have been able to compile without using j2ee.jar (with a dos .bat > script tackling

Re: Win10 installation progress

Dear Christopher, Thanks for all your advice.Progress here.The port regards hck app (for medical diagnosis) with 6.1Mb source ofwhich 4.6Mb java code.Have been able to compile without using j2ee.jar (with a dos .batscript tackling 19 directories, etc.)Used instead in CLASSPATH files in lib: 

RE: Reg: tomcat CPU spikes

> space". Which was very quickly filling up our disk space as well as > increasing disk IO causing latency concerns. 1. Also interesting. Can you post one of those messages here? Was there a stack trace shown or just the warning? It is just the warning. No stack trace. I will work on

Re: Reg: tomcat CPU spikes

Jalaj, On 7/15/24 18:18, Jalaj Asher wrote: We ran into 2 issues 1. We needed to allocate significant amount of -XMX for heap space, if we allowed caching, since increasing memory by a few hundred MB as well was not enough. Interesting. How much static content do you have? This seems like a

Re: CVE-2019-0232 & CVE-2020-1938

> On Jul 15, 2024, at 12:24, Jurevich, Aidan > wrote: > > My organization has a few devices that have the file tomcat-juli-8.5.57.jar > installed on them via the program Altair and are showing up as vulnerable to > CVE-2019-0232 and CVE-2020-1938, which according to your documentation seems

RE: Reg: tomcat CPU spikes

Christopher, We ran into 2 issues 1. We needed to allocate significant amount of -XMX for heap space, if we allowed caching, since increasing memory by a few hundred MB as well was not enough. 2. Also with the setting being enabled, it generated logs stating "could not add a resource as

Issue with JDK 11 and tomcat-embed-core 9.0.91

Hi all, I'm hoping you all can help me: Our JDK 11 application uses tomcat-embed-core, and we're upgrading from 9.0.88 to 9.0.91 and we can no longer compile. After some investigation, I believe the issue is that the tomcat-embed-core jar file no longer contains a module-info.class file.

Re: [OT] CVE-2019-0232 & CVE-2020-1938

All, On 7/15/24 13:24, Jurevich, Aidan wrote: Hi, My organization has a few devices that have the file tomcat-juli-8.5.57.jar installed on them via the program Altair and are showing up as vulnerable to CVE-2019-0232 and CVE-2020-1938, which according to your documentation seems to be fixed

Re: CVE-2019-0232 & CVE-2020-1938

Aiden, On 7/15/24 16:36, Christopher Schultz wrote: Aiden, On 7/15/24 13:24, Jurevich, Aidan wrote: My organization has a few devices that have the file tomcat-juli-8.5.57.jar installed on them via the program Altair and are showing up as vulnerable to CVE-2019-0232 and CVE-2020-1938, which

Re: CVE-2019-0232 & CVE-2020-1938

Aiden, On 7/15/24 13:24, Jurevich, Aidan wrote: My organization has a few devices that have the file tomcat-juli-8.5.57.jar installed on them via the program Altair and are showing up as vulnerable to CVE-2019-0232 and CVE-2020-1938, which according to your documentation seems to be fixed for

Re: Reg: tomcat CPU spikes

Jalaj, On 7/15/24 15:03, Jalaj Asher wrote: Yeah I was wondering the same as this has been in place since a few years now atleast 4 years since cachingAllowed had some changes in tomcat 8 which was resulting in it caching all static content as well as jsps and jars and our though process was if

RE: Reg: tomcat CPU spikes

Thank you Christoper for the insight. Yeah I was wondering the same as this has been in place since a few years now atleast 4 years since cachingAllowed had some changes in tomcat 8 which was resulting in it caching all static content as well as jsps and jars and our though process was if we

CVE-2019-0232 & CVE-2020-1938

Hi, My organization has a few devices that have the file tomcat-juli-8.5.57.jar installed on them via the program Altair and are showing up as vulnerable to CVE-2019-0232 and CVE-2020-1938, which according to your documentation seems to be fixed for this version of the file. This seems to be an

Re: Tomcat http header size too large!

пн, 15 июл. 2024 г. в 11:24, Mark Thomas : > > On 14/07/2024 00:28, Pradeep wrote: > > Hi, > > > > I need some tips to solve below issue. > > I am getting 431 http error in API (code running in tomcat) when header > > size crosses 8KB. Tomcat server doesn't process request if header size is > >

Re: Tomcat http header size too large!

On 14/07/2024 00:28, Pradeep wrote: Hi, I need some tips to solve below issue. I am getting 431 http error in API (code running in tomcat) when header size crosses 8KB. Tomcat server doesn't process request if header size is more than 8KB. I tried adding below properties to increase the header

Tomcat http header size too large!

Hi, I need some tips to solve below issue. I am getting 431 http error in API (code running in tomcat) when header size crosses 8KB. Tomcat server doesn't process request if header size is more than 8KB. I tried adding below properties to increase the header size in Springboot application.yaml:

Re: Ubuntu Tomcat package maintenance

Joel, On 7/11/24 16:13, Joel Griffith wrote: A year and a half ago I had to stop updating Tomcat because a Ubuntu packaging bug force-changes file ownership of the Tomcat installation. I'm trying to get in touch with the package maintainers to have that fixed. `apt-cache show tomcat` gives

Re: Reg: tomcat CPU spikes

Jalaj, On 7/12/24 10:19, Jalaj Asher wrote: Thank you Chuck and John for the responses. Just a few points from the things you highlighted and wanted me to check 1. unpackwar is set to true. I checked and was informed that we need that to be true for a specific war file. 2.

Re: [EXTERNAL EMAIL] Ubuntu Tomcat package maintenance

On 7/11/24 13:13, Joel Griffith wrote: A year and a half ago I had to stop updating Tomcat because a Ubuntu packaging bug force-changes file ownership of the Tomcat installation. I'm trying to get in touch with the package maintainers to have that fixed. `apt-cache show tomcat`

RE: Reg: tomcat CPU spikes

Thank you Chuck and John for the responses. Just a few points from the things you highlighted and wanted me to check 1. unpackwar is set to true. I checked and was informed that we need that to be true for a specific war file. 2. cachingAllowed=false. We keep it as false across the board. Also

Re: Tomcat 10.x over 9.x

On Fri, Jul 12, 2024 at 1:04 PM Dimitris Soumis wrote: > > Hello, > > Regarding the end-of-life date for Tomcat 9.0.x, you can find the relevant > information in this link, which contains an email from the mailing list: End > of Lifecycle for Tomcat 9.0.x >

Re: Tomcat 10.x over 9.x

Hello, Regarding the end-of-life date for Tomcat 9.0.x, you can find the relevant information in this link, which contains an email from the mailing list: End of Lifecycle for Tomcat 9.0.x . As for the necessity of upgrading to

Re: Tomcat 10.x over 9.x

Hi https://googlethatforyou.com?q=tomcat%20lifecycle Result: https://endoflife.date/tomcat Regarding "necessity of upgrading tomcat to 10.1.x from 9.x": https://tomcat.apache.org/whichversion.html Specifically: * Apache Tomcat 9.x builds on Tomcat 8.0.x and 8.5.x and implements the

Tomcat 10.x over 9.x

Hi, Can you please share the end of lifecycle date for tomcat 9.x. Also, please share the necessity of upgrading tomcat to 10.1.x from 9.x Thanks, Sai -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended

Ubuntu Tomcat package maintenance

A year and a half ago I had to stop updating Tomcat because a Ubuntu packaging bug force-changes file ownership of the Tomcat installation. I'm trying to get in touch with the package maintainers to have that fixed. `apt-cache show tomcat` gives ubuntu-devel-disc...@lists.ubuntu.com as the

Re: Reg: tomcat CPU spikes

> On Jul 10, 2024, at 17:02, Jalaj Asher > wrote: > > Sharing another stack to see if this can give any more insights.this thread > is the tomcat main thread was loading about 65MB of data. > > "main" #1 prio=5 os_prio=0 > java.lang.Thread.State: RUNNABLE > at

RE: Reg: tomcat CPU spikes

I don’t know about your most recent stack trace, but the first one had this frame: at javax.xml.parsers.FactoryFinder$1.run(FactoryFinder.java:293) What’s the rest of the stack trace? I suspect you’re recreating a SAX parser or parser factory over and over. The intent of those factories is

Re: Reg: tomcat CPU spikes

> On Jul 10, 2024, at 15:19, Jalaj Asher > wrote: > > We are using tomcat version 9.0.80. > > We are seeing intermittent CPU spikes with the requests having the following > stack and it is also causing disk spikes on our end because of this call > stack . > > at

RE: Reg: tomcat CPU spikes

Sharing another stack to see if this can give any more insights.this thread is the tomcat main thread was loading about 65MB of data. "main" #1 prio=5 os_prio=0 java.lang.Thread.State: RUNNABLE at java.util.zip.ZipFile.getEntry(Native Method) at

Reg: tomcat CPU spikes

Hello, We are using tomcat version 9.0.80. We are seeing intermittent CPU spikes with the requests having the following stack and it is also causing disk spikes on our end because of this call stack . at java.util.zip.ZipFile.getEntry(Native Method) at

Re: Apache Tomcat Default Files - TEN-12085

He's a contractor, what do you expect? At best someone logs in via SSH and solves the problem for him. On 2024/07/08 19:58:42 Chuck Caldarale wrote: > > > On Jul 8, 2024, at 14:54, Pramod Kumar Adhi > > wrote: > > > > We are using tomcat version 9.87 can you guide on the same. > > >

Re: Win10 installation progress

Dennis, On 7/8/24 17:05, DdC wrote: Still struggling launching my hck app on Win10 & tomcat 9.0.88.It runs (dont laugh) on: XP/Win7 & tomcat 4.0.4 Linux-gnu & tomcat 6.0.32 Tomcat 9 ought to be able to run a Servlet-2.0-era application just fine unless you use one or two things that have been

Re: Win10 installation progress

Still struggling launching my hck app on Win10 & tomcat 9.0.88.It runs (dont laugh) on: XP/Win7 & tomcat 4.0.4 Linux-gnu & tomcat 6.0.32 Tomcat 9.0.88 displays fine with localhost:8080. App hck compiles OK (dont laugh) with a script

Re: [EXTERNAL EMAIL] Apache Tomcat Default Files - TEN-12085

On 7/8/24 11:56, Pramod Kumar Adhi wrote: HI Team, We have one vulnerability related to the TEN-12085. Could you please advise on the below on how can we remediate this vulnerability. Vulnerability Description The server is not configured to return a custom page in the event of a client

Re: Apache Tomcat Default Files - TEN-12085

> On Jul 8, 2024, at 14:54, Pramod Kumar Adhi > wrote: > > We are using tomcat version 9.87 can you guide on the same. Seriously? You can’t find the 9.0.x documentation on the Tomcat web site yourself? Ok… https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html - Chuck > From:

RE: Apache Tomcat Default Files - TEN-12085

Hi Chuck, We are using tomcat version 9.87 can you guide on the same. Thanks & Regards, Pramod Kumar Adhi From: Chuck Caldarale Sent: Tuesday, July 9, 2024 12:31 AM To: Tomcat Users List Subject: Re: Apache Tomcat Default Files - TEN-12085 [External Email] > On Jul 8, 2024, at 13:56, Pramod

Re: Apache Tomcat Default Files - TEN-12085

> On Jul 8, 2024, at 13:56, Pramod Kumar Adhi > wrote: > > We have one vulnerability related to the TEN-12085.Could you please advise on > the below on how can we remediate this vulnerability. > > Vulnerability Description > > The server is not configured to return a custom page in the

Apache Tomcat Default Files - TEN-12085

HI Team, We have one vulnerability related to the TEN-12085.Could you please advise on the below on how can we remediate this vulnerability. Vulnerability Description The server is not configured to return a custom page in the event of a client requesting a non-existent resource. This may

Re: Persistent Manager Implementation Question

Miguel, On 2/19/24 11:50, Miguel Vidal wrote: hey one question regarding this topic I'm facing an issue where my old app is doing a creation of multiple sessions but just one is the correct one or at least is who contains the data and works fine. the others sessions that are created contains

Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

Peyton, On 7/7/24 23:50, Zhong, Peyton wrote: Because OpenSSL is one of the most widely used open-source cryptographic libraries for implementing secure communications on the internet, it is essential for us to upgrade to secure versions to mitigate various threats, especially for software

Re: [ANN] New committer: Dimitris Soumis

Thank you very much for the warm welcome. I look forward to collaborating with all of you and continuing the great work that has made Tomcat a cornerstone project. Best regards, Dimitris On Sat, Jul 6, 2024 at 7:14 AM Igal Sapir wrote: > Congrats Dimitris! > > Welcome to the team! > > Igal >

Re: Errors after upgrading to Tomcat 9.0.90

On 2024/07/03 20:17:06 Christopher Schultz wrote: > Francesco, > > On 7/2/24 05:44, Francesco Chicchiriccò wrote: > > On 2024/06/27 14:47:48 Christopher Schultz wrote: > >> Rainer, > >> > >> On 6/21/24 07:55, Rainer Jung wrote: > >>> Am 20.06.24 um 17:52 schrieb Christopher Schultz: >

[ANN] Apache Tomcat 9.0.91 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.91. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.91 is a bugfix and

Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

On 2024/07/08 03:50:44 "Zhong, Peyton" wrote: > Hi Mark, > > Thanks for your information. Let me briefly explain for myself. > > Because OpenSSL is one of the most widely used open-source cryptographic > libraries for implementing secure communications on the internet, it is > essential for us

Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

Hi Mark, Thanks for your information. Let me briefly explain for myself. Because OpenSSL is one of the most widely used open-source cryptographic libraries for implementing secure communications on the internet, it is essential for us to upgrade to secure versions to mitigate various threats,

Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

Chris, thanks for your comprehensive explanation about these various mitigation measures. Best regards, Peyton Zhong From: Christopher Schultz Date: Sunday, 7 July 2024 at 1:23 AM To: users@tomcat.apache.org Subject: Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

On 06/07/2024 05:08, Zhong, Peyton wrote: Dear Tomcat Community, I am writing to inquire about the potential impact of the recently detected critical vulnerability: CVE-2024-5535 (9.1 CRITICAL / CVSS v3), in OpenSSL 3.0.13 on the Tomcat 10.1.20

Re: Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

Peyton, On 7/6/24 00:08, Zhong, Peyton wrote: I am writing to inquire about the potential impact of the recently detected critical vulnerability: CVE-2024-5535 (9.1 CRITICAL / CVSS v3), in OpenSSL 3.0.13 on the Tomcat 10.1.20 version. According

Re: Tomcat silently shuts down after 10 minutes - SOLVED

Bryan, On 7/5/24 17:08, Bryan Buchanan wrote: Thanks all for the replies. Turns out I needed to execute my "C" program with a "nohup" i.e. $ nohup /usr/local/bin/ManageTomcat START Tomcat was only stopping after about 10 mins because that's when I logged out. Doh ! In the business app code

Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

Dear Tomcat Community, I am writing to inquire about the potential impact of the recently detected critical vulnerability: CVE-2024-5535 (9.1 CRITICAL / CVSS v3), in OpenSSL 3.0.13 on the Tomcat 10.1.20 version. According to Black Duck Binary

Re: [ANN] New committer: Dimitris Soumis

Congrats Dimitris! Welcome to the team! Igal On Fri, Jul 5, 2024, 13:25 Mark Thomas wrote: > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. > > Please join me in congratulating Dimitris. > > Kind

Re: [ANN] New committer: Dimitris Soumis

Congratulations!!! From: Jonathan S. Fisher Sent: Friday, July 5, 2024 6:00:30 PM To: Tomcat Users List Cc: Tomcat Developers List Subject: Re: [ANN] New committer: Dimitris Soumis Many new committers lately, congrats to everyone! On Fri, Jul 5, 2024 at 2: 25

Re: [ANN] New committer: Dimitris Soumis

Many new committers lately, congrats to everyone! On Fri, Jul 5, 2024 at 2:25 PM Mark Thomas wrote: > > On behalf of the Tomcat committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. > > Please join me in congratulating Dimitris. > >

Re: Tomcat silently shuts down after 10 minutes - SOLVED

Thanks all for the replies. Turns out I needed to execute my "C" program with a "nohup" i.e. $ nohup /usr/local/bin/ManageTomcat START Tomcat was only stopping after about 10 mins because that's when I logged out. Doh ! In the business app code I now execute the above and regular users can

[ANN] New committer: Dimitris Soumis

On behalf of the Tomcat committers I am delighted to announce that Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer. Please join me in congratulating Dimitris. Kind regards, Mark - To unsubscribe, e-mail:

[ANN] Apache Tomcat 11.0.0-M22 (beta) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M22 (beta). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: Tomcat silently shuts down after 10 minutes

Bryan, I would set Tomcat up as a service and let systemd handle startup and shutdown. Create a unit file for tomcat: /etc/systemd/system/tomcat.service - Begin Unit File Contents [Unit] Description=Tomcat 9.0 After=network.target [Service] Type=forking User=joe Group=joe

Re: Tomcat silently shuts down after 10 minutes

Hi, This looks like an orderly shutdown of tomcat, can you attach strace and see if tomcat process does receive a signal from somewhere? Mfg Thomas Am 4. Juli 2024 14:46:17 MESZ schrieb Bryan Buchanan : >I'm running Tomcat 9.0.14 on Centos 8 with JDK 15. > >Tomcat is loaded in /opt/tomcat,

Re: Tomcat silently shuts down after 10 minutes

> I think you should check the return value of setuid. > > I don't think you can change the uid of a process that easily. > > Otherwise you could also write setuid(0), become root and that would look to > me as a huge security hole. > You need to be root to "chmod u+s [your_program]" so

Re: Tomcat silently shuts down after 10 minutes

On 04.07.24 15:27, Zerro wrote: On 7/4/24 2:46 PM, Bryan Buchanan wrote: I'm running Tomcat 9.0.14 on Centos 8 with JDK 15. Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login as "joe" and start Tomcat, everything is fine. We have people login to the Centos system to

Re: Tomcat silently shuts down after 10 minutes

On 7/4/24 2:46 PM, Bryan Buchanan wrote: I'm running Tomcat 9.0.14 on Centos 8 with JDK 15. Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login as "joe" and start Tomcat, everything is fine. We have people login to the Centos system to run the business application as

Tomcat silently shuts down after 10 minutes

I'm running Tomcat 9.0.14 on Centos 8 with JDK 15. Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login as "joe" and start Tomcat, everything is fine. We have people login to the Centos system to run the business application as "mary", "jane", "fred" etc. Sometimes they

Re: Errors after upgrading to Tomcat 9.0.90

Francesco, On 7/2/24 05:44, Francesco Chicchiriccò wrote: On 2024/06/27 14:47:48 Christopher Schultz wrote: Rainer, On 6/21/24 07:55, Rainer Jung wrote: Am 20.06.24 um 17:52 schrieb Christopher Schultz: Francesco, On 6/20/24 09:03, Francesco Chicchiriccò wrote: On 2024/06/20 12:18:15

Re: Many CLOSE_WAIT connections causing the app not available

Stephen, On 6/29/24 07:57, Stephen Stevie wrote: Tomcat not configured on default port Which port is most often showing in the CLOSE_WAIT state? [...] it was working fine until the start of this year. After that, it was once a month and now every alternate day, we are seeing this. Has

[SECURITY] CVE-2024-34750 Apache Tomcat - Denial of Service

CVE-2024-34750 Apache Tomcat - Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M20 Apache Tomcat 10.1.0-M1 to 10.1.24 Apache Tomcat 9.0.0-M1 to 9.0.89 Description: When processing an HTTP/2 stream, Tomcat did

Re: [ANN] New committer: Chuck Caldarale

Congrats Chuck and thanks for all these years of support. I think this is totally deserved and I guess that it it another start in your life. Cheers, Pierre On Wed, Jul 3, 2024 at 7:54 PM Terence M. Bandoian wrote: > Congratulations, Chuck! > > -Terence Bandoian > > On 7/3/2024 7:24 AM,

Re: [ANN] New committer: Chuck Caldarale

Congratulations, Chuck! -Terence Bandoian On 7/3/2024 7:24 AM, Mark Thomas wrote: On behalf of the Tomcat committers I am delighted to announce that Chuck Caldarale (n828cl) has been voted in as a new Tomcat committer. Please join me in congratulating Chuck. Kind regards, Mark

RE: [ANN] New committer: Chuck Caldarale

Congratulations Chuck! From: Mark Thomas Sent: Wednesday, July 3, 2024 7:25 AM To: Tomcat Developers List ; Tomcat Users List Subject: [ANN] New committer: Chuck Caldarale Importance: High On behalf of the Tomcat committers I am delighted to announce that Chuck Caldarale (n828cl) has been

Re: [ANN] New committer: Chuck Caldarale

Congratulations On Wed, Jul 3, 2024 at 5:54 PM Mark Thomas wrote: > On behalf of the Tomcat committers I am delighted to announce that > Chuck Caldarale (n828cl) has been voted in as a new Tomcat committer. > > Please join me in congratulating Chuck. > > Kind regards, > > Mark > >

[ANN] New committer: Chuck Caldarale

On behalf of the Tomcat committers I am delighted to announce that Chuck Caldarale (n828cl) has been voted in as a new Tomcat committer. Please join me in congratulating Chuck. Kind regards, Mark - To unsubscribe, e-mail:

Re: How to comment out JSP directives

Those are XML / HTML comments. Try using JSP comments to wrap what you want to comment out: <%-- --%> On Tue, Jul 2, 2024 at 4:40 PM Aryeh Friedman wrote: > When I do the following the include is still done short of rewriting > it to not be a include how do I comment it out correctly: > > > >

How to comment out JSP directives

When I do the following the include is still done short of rewriting it to not be a include how do I comment it out correctly: -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org - To unsubscribe, e-mail:

Re: Errors after upgrading to Tomcat 9.0.90

On 2024/06/27 14:47:48 Christopher Schultz wrote: > Rainer, > > On 6/21/24 07:55, Rainer Jung wrote: > > Am 20.06.24 um 17:52 schrieb Christopher Schultz: > >> Francesco, > >> > >> On 6/20/24 09:03, Francesco Chicchiriccò wrote: > >>> On 2024/06/20 12:18:15 Konstantin Kolinko wrote: > чт, 20

Re: Tomcat 10.1.25 - How to enable access to the "/examples/jsp/security/protected/index.jsp"?

Hi, I think that I found the problem. The web.xml file has and auth-constraint: ``` tomcat role1 ``` If I log in as a user that has one of those roles, then the access is successful ! Jim On Mon, Jul 1, 2024 at 5:59 PM o haya wrote: > Hi, > > I just deployed Tomcat 10.1.25 to my

Tomcat 10.1.25 - How to enable access to the "/examples/jsp/security/protected/index.jsp"?

Hi, I just deployed Tomcat 10.1.25 to my Windows machine, and I want to test the FORMS example (/examples/jsp/security/protected/index.jsp) , but I am getting a 403 error: "You are not authorized to view this page. By default the examples web application is only accessible from a browser

Re: Many CLOSE_WAIT connections causing the app not available

Tomcat not configured on default port On Thu, Jun 27, 2024 at 9:58 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Stephen, > > On 6/26/24 01:18, Stephen Stevie wrote: > > We are using Apache Tomcat 8.5.49 and sometimes in a day, we see the > > application is going

Re: Many CLOSE_WAIT connections causing the app not available

This was working fine for the last 2-3 years and no change in the server configs at all. This started all of a sudden. On Wed, Jun 26, 2024 at 7:02 PM Chuck Caldarale wrote: > > > On Jun 26, 2024, at 00:18, Stephen Stevie > wrote: > > > > We are using Apache Tomcat 8.5.49 > > > Stop right

Re: Compatibility Check Tomcat 10.1.x with IBM MQ 9.3.0.20

Mohit, On 6/27/24 14:31, Chaudhary, Mohit wrote: We have installed Tomcat 10.1.1 in RHEL 8 server so we needed to check if tomcat 10.1.1 is compatible with IBM MQ 9.3.0.20. Tomcat doesn't have any message-queue-related components out of the box, so I would say "maybe?" Is Google Chrome or

Re: Compatibility Check Tomcat 10.1.x with IBM MQ 9.3.0.20

On 6/28/24 06:59, Chaudhary, Mohit wrote: Hello Team, Please let us know on below query. Thanks & Regards, Mohit Chaudhary -Original Message- From: Chaudhary, Mohit Sent: Friday, June 28, 2024 12:01 AM To: users@tomcat.apache.org Subject: Compatibility Check Tomcat 10.1.x with

RE: Compatibility Check Tomcat 10.1.x with IBM MQ 9.3.0.20

Hello Team, Please let us know on below query. Thanks & Regards, Mohit Chaudhary -Original Message- From: Chaudhary, Mohit Sent: Friday, June 28, 2024 12:01 AM To: users@tomcat.apache.org Subject: Compatibility Check Tomcat 10.1.x with IBM MQ 9.3.0.20 Hi Team, We have installed

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

If they are serious they use multiple IP addresses.  If you are self hosting, for a DOS case their is not much you can do other than blocking the ip address(s) on the router. Usually after a couple of days they get bored and try some where else. It is worth having some internal filter

Compatibility Check Tomcat 10.1.x with IBM MQ 9.3.0.20

Hi Team, We have installed Tomcat 10.1.1 in RHEL 8 server so we needed to check if tomcat 10.1.1 is compatible with IBM MQ 9.3.0.20. Thanks & Regards, Mohit Chaudhary

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

James, On 6/27/24 11:47, James H. H. Lampert wrote: On 6/27/24 8:01 AM, Christopher Schultz wrote: "100 404s in a minute per-IP" Actually, what I was seeing, once the webapp developer pointed me in the right direction, was several dozen 404s per *second* from a single IP. Not sure if

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

James, On 6/27/24 11:36, James H. H. Lampert wrote: On 6/27/24 8:01 AM, Christopher Schultz wrote: Why aren't you seeing the source-IP in your own logs? Because our webapp developer hadn't thought to put them into the log messages we generate. He did, however, direct us to the

Re: Many CLOSE_WAIT connections causing the app not available

Stephen, On 6/26/24 01:18, Stephen Stevie wrote: We are using Apache Tomcat 8.5.49 and sometimes in a day, we see the application is going unresponsive though the service is up and running and giving 503 (service unavailable error). When netstat for the port is run, we see many CLOSE_WAIT

Re: Many CLOSE_WAIT connections causing the app not available

Stephen, On 6/26/24 09:31, Chuck Caldarale wrote: On Jun 26, 2024, at 00:18, Stephen Stevie wrote: We are using Apache Tomcat 8.5.49 Stop right there. Tomcat 8.5.x reached end-of-life earlier this year and is no longer supported. The particular version you’re running is over 4.5 years

Re: Isolating the Root Cause of "Connection Refused"

Eric, On 6/26/24 01:43, Eric Robinson wrote: What is impact on memory utilization if we increase the acceptCount value? There are 100 tomcat instances on the server. And would maxThreads have to be increased to accommodate the extra connections? After reading more, I guess that's a dumb

Re: Isolating the Root Cause of "Connection Refused"

Eric, On 6/25/24 20:10, Eric Robinson wrote: No - Tomcat passes the acceptCount value to the TCP/IP stack of the OS as part of listener socket initialization. I thought of that after I sent my previous message. the OS won't log this, since it's considered to be an application error.

Re: Isolating the Root Cause of "Connection Refused"

Eric, On 6/25/24 14:22, Chuck Caldarale wrote: On Jun 25, 2024, at 13:12, Eric Robinson wrote: I'm obviously not getting something. If I understand correctly, the purpose of the acceptCount param is to allow tomcat to reject connections even after the TCP stack has passed them to the java

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

Gavioto, On 6/25/24 13:51, Gavioto  wrote: Finally, I got a configuration that works with Certificate Storage. It is very specific, and I couldn't find any other until date. It works, but in our environment there is a required manual step yet. I think it should be configured in Windows and is

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

On 6/27/24 8:01 AM, Christopher Schultz wrote: "100 404s in a minute per-IP" Actually, what I was seeing, once the webapp developer pointed me in the right direction, was several dozen 404s per *second* from a single IP. Not sure if Fail2ban would even work in this situation: like the

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

On 6/27/24 8:01 AM, Christopher Schultz wrote: Why aren't you seeing the source-IP in your own logs? Because our webapp developer hadn't thought to put them into the log messages we generate. He did, however, direct us to the localhost_access_log files (where I quite frankly hadn't thought

Re: PKCS#8 encryption algorithm unrecognized

Timothy, On 6/25/24 10:39, Timothy Resh wrote: In the SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}" we defined a Class to convert the Encrypted password and set the following properties: public class MyPropertySource implements

  1   2   3   4   5   6   7   8   9   10   >