Hi,
I have a problem with the Catalina’s security manager.
We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My
app works very well when I run my app with the security manager disable.
The problem presents when I enable the security manager of Tomcat. My app fails
whe
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: Tomcat thread dump analysis
> > It would appear that logic in your application threads has either
> > created a deadlock, or failed to unlock something before
> > returning,
> That's a tall order unless native code
> From: suresh babu yella [mailto:suresh.b.ye...@gmail.com]
> Subject: Remove default files, example JSPs and Servlets from the Tomcat
> Servlet/JSP container.
> We are using tomcat 6.0.18
If you actually had any concern for security, you would not be using a version
that's nearly five years o
Hi,
We are using tomcat 6.0.18 and we got common vulnerability reported for
having default files, example JSPs and Servlets from the Tomcat
Servlet/JSP container.
I need a steps to Remove default files, example JSPs and Servlets from the
Tomcat Servlet/JSP container.
Thanks
Sures
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Charles,
On 5/8/13 1:57 PM, Charles Richard wrote:
> I appreciate the friendly feedback! How do I show a lock? I don't
> see any threads that have a "BLOCKED" status. I do get this when I
> do a grep:
>
> [root@web01 stacks]# grep locked tomcat1_20
On Wed, May 8, 2013 at 2:33 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Chuck,
>
> On 5/8/13 11:25 AM, Caldarale, Charles R wrote:
> >> From: Charles Richard [mailto:charle...@thelearningbar.com]
> >> Subject: Re: Tomcat th
On May 8, 2013, at 12:40 PM, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Nick,
>
> On 5/8/13 1:34 PM, Nick Williams wrote:
>>
>> On May 8, 2013, at 12:08 PM, Michael-O wrote:
>>
>>> Am 2013-05-08 14:38, schrieb Christopher Schultz:
-BEGIN PGP SI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 5/8/13 1:14 PM, Michael-O wrote:
> Christopher,
>
> Am 2013-05-08 13:54, schrieb Christopher Schultz:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Michael,
>>
>> On 5/8/13 3:01 AM, Michael-O wrote:
>>> I recently have star
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nick,
On 5/8/13 1:34 PM, Nick Williams wrote:
>
> On May 8, 2013, at 12:08 PM, Michael-O wrote:
>
>> Am 2013-05-08 14:38, schrieb Christopher Schultz:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>>
>>> Nick,
>>>
>>> On 5/8/13 8:08 AM, N
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Suresh,
On 5/8/13 12:11 PM, suresh babu yella wrote:
> We are using tomcat 6.0.18 and we found below number of Common
> Vulnerabilities and Exposures (CVE).
>
> High Vulns: 98
>
> Medium Vulns: 50
>
> Low Vulns: 6 We cannot upgrade/patch any of
On 5/8/13 1:17 PM, suresh babu yella wrote:
> Hi Dan,
>
> We might consider for upgrading the tomcat later, due to to supportability
> concerns from Autonomy we cannot upgrade it to any of the higher version.
>
> but right now we are looking to apply the fix for all CVE's we identified,
> it will b
On May 8, 2013, at 12:08 PM, Michael-O wrote:
> Am 2013-05-08 14:38, schrieb Christopher Schultz:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Nick,
>>
>> On 5/8/13 8:08 AM, Nick Williams wrote:
>>>
>>> On May 8, 2013, at 6:54 AM, Christopher Schultz wrote:
>>>
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chuck,
On 5/8/13 11:25 AM, Caldarale, Charles R wrote:
>> From: Charles Richard [mailto:charle...@thelearningbar.com]
>> Subject: Re: Tomcat thread dump analysis
>
>> Here is a full thread dump
>
> Which again shows no Tomcat involvement in the l
On May 8, 2013, at 1:17 PM, suresh babu yella wrote:
> Hi Dan,
>
> We might consider for upgrading the tomcat later, due to to supportability
> concerns from Autonomy we cannot upgrade it to any of the higher version.
I don't know that vendor, but it sounds like you might need to have a
convers
suresh babu yella wrote:
>Hi Dan,
>
>We might consider for upgrading the tomcat later, due to to
>supportability
>concerns from Autonomy we cannot upgrade it to any of the higher
>version.
>
>but right now we are looking to apply the fix for all CVE's we
>identified,
>it will be great if you can
Hi Dan,
We might consider for upgrading the tomcat later, due to to supportability
concerns from Autonomy we cannot upgrade it to any of the higher version.
but right now we are looking to apply the fix for all CVE's we identified,
it will be great if you can let me know the procedure.
Thanks
Su
Christopher,
Am 2013-05-08 13:54, schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 5/8/13 3:01 AM, Michael-O wrote:
I recently have started using the SlowQueryReport to tackle
performance issues. The log message, unfortunately, does not
contain the para
On May 8, 2013, at 12:11 PM, suresh babu yella wrote:
> We are using tomcat 6.0.18 and we found below number of Common
> Vulnerabilities and Exposures (CVE).
Not surprising given the version that you are using. Latest version is 6.0.37.
>
> High Vulns: 98
>
> Medium Vulns: 50
>
> Low Vulns:
Am 2013-05-08 14:38, schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nick,
On 5/8/13 8:08 AM, Nick Williams wrote:
On May 8, 2013, at 6:54 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
Michael,
On 5/8/13 3:01 AM, Michael-O wrot
Am 2013-05-08 14:08, schrieb Nick Williams:
On May 8, 2013, at 6:54 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
Michael,
On 5/8/13 3:01 AM, Michael-O wrote:
I recently have started using the SlowQueryReport to tackle
performance issues. The log message, un
We are using tomcat 6.0.18 and we found below number of Common
Vulnerabilities and Exposures (CVE).
High Vulns: 98
Medium Vulns: 50
Low Vulns: 6
We cannot upgrade/patch any of those components due to supportability
concerns from Autonomy.
How can I apply a fix for all the CVE, I see the build
> From: Charles Richard [mailto:charle...@thelearningbar.com]
> Subject: Re: Tomcat thread dump analysis
> Top-posting is a post after another one I'm assuming?
No, it's doing what you keep on doing - posting the response before the query
it applies to (you could have looked it up). It's obnox
Chris,
Top-posting is a post after another one I'm assuming? And sorry if it
wasn't related to Tomcat, I was just excited to finally making a bit of
headway on this issue.
Here is a full thread dump, sorry in advance if this doesn't follow the
etiquette on posting thread dumps:
"TP-Processor396"
On Tue, May 07, 2013 at 04:45:39PM +, Jeffrey Janner wrote:
> > -Original Message-
> > From: Mark H. Wood [mailto:mw...@iupui.edu]
> > Sent: Tuesday, May 07, 2013 8:41 AM
> > To: users@tomcat.apache.org
> > Subject: Re: Why is context.xml no longer copied to
> > Catalina/localhost/myapp
On Tue, May 07, 2013 at 01:17:40PM -0400, Jesse Barnum wrote:
> On May 7, 2013, at 9:40 AM, "Mark H. Wood" wrote:
> > Well, the developer can simply pack into the app. whatever internal
> > configuration is needed, since he has ready access to the interior of
> > the app and can deposit on the cla
On May 8, 2013, at 9:09 AM, Lutischán Ferenc wrote:
> Dear Dan,
>
> Thank for your reply.
>
> 1. This site is a dictionary:
> - Windows users often enter a "\" in place of "/"
> - Rarely there are "\" in the phrases
I think what you're looking for is this…
org.apache.tomcat.util.buf.UDecoder
Thanks Dan,
I would like to test it more, but I think it works.
2013.05.08. 15:01 keltezéssel, Daniel Mikusa írta:
On May 8, 2013, at 8:54 AM, Lutischán Ferenc wrote:
Dear Users,
Tomcat 7.0.39.
I have the following configuration in META-INF/context.xml:
The situation:
- The database
Dear Dan,
Thank for your reply.
1. This site is a dictionary:
- Windows users often enter a "\" in place of "/"
- Rarely there are "\" in the phrases
2. The returned status code is: 400 Bad Request
3. Mappings:
index
com.ys.dictzone.Index
index
/*
On May 8, 2013, at 8:54 AM, Lutischán Ferenc wrote:
> Dear Users,
>
> Tomcat 7.0.39.
>
> I have the following configuration in META-INF/context.xml:
>
>
> driverClassName="org.postgresql.Driver"
> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" initialSize="2"
> maxIdle="20" maxA
Dear Users,
Tomcat 7.0.39.
I have the following configuration in META-INF/context.xml:
driverClassName="org.postgresql.Driver"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" initialSize="2"
maxIdle="20" maxActive="20" maxWait="5000" password=""
type="javax.sql.DataSource" u
On May 8, 2013, at 8:46 AM, Lutischán Ferenc wrote:
> Dear Users,
>
> Tomcat 7.0.39.
>
> I have problem with the following url in firefox 20:
> http://dictzone.com/english-german-dictionary/a\ (it resulted in the
> http://dictzone.com/english-german-dictionary/a%5C request).
Why do you have a
On May 8, 2013, at 8:39 AM, Charles Richard wrote:
> Just saw this which I believe describes exactly what is happening:
>
> http://forums.terracotta.org/forums/posts/list/6470.page
>
> We are using Spring as well. Trying to understand the solution:
If this is the problem that you're experienci
Dear Users,
Tomcat 7.0.39.
I have problem with the following url in firefox 20:
http://dictzone.com/english-german-dictionary/a\ (it resulted in the
http://dictzone.com/english-german-dictionary/a%5C request).
It results is an emtpy page. This request don't arrive my servelt /
filter codes.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Charles,
On 5/8/13 8:31 AM, Charles Richard wrote:
> On Wed, May 8, 2013 at 9:27 AM, Daniel Mikusa
> wrote:
>> On May 8, 2013, at 8:20 AM, Charles Richard wrote:
>>
>>> Hi,
>>>
>>> We have a weird issue on our site which some random trigger
>>> e
Just saw this which I believe describes exactly what is happening:
http://forums.terracotta.org/forums/posts/list/6470.page
We are using Spring as well. Trying to understand the solution:
Charles
On Wed, May 8, 2013 at 9:31 AM, Charles Richard <
charle...@thelearningbar.com> wrote:
> We are u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nick,
On 5/8/13 8:08 AM, Nick Williams wrote:
>
> On May 8, 2013, at 6:54 AM, Christopher Schultz wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Michael,
>>
>> On 5/8/13 3:01 AM, Michael-O wrote:
>>> I recently have started us
We are using Terracotta which is a bit of a black box to me (setup I've
inherited). Terracotta helps us with the Tomcat sessions being
"transportable" across front end servers.
Cheers!
Charles
On Wed, May 8, 2013 at 9:27 AM, Daniel Mikusa wrote:
>
> On May 8, 2013, at 8:20 AM, Charles Richard
On May 8, 2013, at 8:20 AM, Charles Richard wrote:
> Hi,
>
> We have a weird issue on our site which some random trigger event will
> backup all c3p0 connections until it hits the max pool size.
>
> I have scripts that will do a softReset on the c3p0 connection pool when
> they hit their max so
Oh and sorry, we are using Tomcat 6.0.30 .
Cheers!
On Wed, May 8, 2013 at 9:20 AM, Charles Richard <
charle...@thelearningbar.com> wrote:
> Hi,
>
> We have a weird issue on our site which some random trigger event will
> backup all c3p0 connections until it hits the max pool size.
>
> I have sc
Hi,
We have a weird issue on our site which some random trigger event will
backup all c3p0 connections until it hits the max pool size.
I have scripts that will do a softReset on the c3p0 connection pool when
they hit their max so help us manage the issue and to also help me have
time to hopefull
On May 8, 2013, at 6:54 AM, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Michael,
>
> On 5/8/13 3:01 AM, Michael-O wrote:
>> I recently have started using the SlowQueryReport to tackle
>> performance issues. The log message, unfortunately, does not
>> cont
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 5/8/13 3:01 AM, Michael-O wrote:
> I recently have started using the SlowQueryReport to tackle
> performance issues. The log message, unfortunately, does not
> contain the parameters passed to the prepared statements. Though
> Abstract
Hi,
I recently have started using the SlowQueryReport to tackle performance issues.
The log message, unfortunately, does not contain the parameters passed to the
prepared statements. Though AbstractQueryReport receives this information in
protected String report*Query(String query, Object[] arg
43 matches
Mail list logo
