Hi Chris,
A little more digging in and I found out that only with SSL,tomcat is creating
a large number of sessions. I can see in the logs for HTTP:
INFO: SessionListener: sessionDestroyed('2E8DE01EE3F0D166FEFC8A45353CD9ED')
Now,in case of HTTPS I see a large number of such logs. So I believe
Hi Chris,
>
> On 6/11/13 1:05 AM, ruxing bao wrote:
> > Sorry,I can't get any more of the stack trace.
> >
> > We wrapped zookeepr client as a spring bean and invoked method
> > "close" of zookeeper in "destory-method" of bean,in that method
> > "close",zookeeper Send Thread was closed. When to
> > I'm fairly confident that the OpenSSL library I'm using is valid and
> > uncorrupted (I've used a couple different copies: an existing set of
> > binaries being used successfully in another product internally, and a
> > newly built version which I have successfully used the openssl utility
> >
> From: Jane Muse [mailto:jm...@rocketsoftware.com]
> Subject: RE: Class cast exception when starting tomcat 7.0.1
> Problem was solved by removing an old catalina.jar for WEB-INF/lib.
The fact that you had a Tomcat-supplied jar in WEB-INF/lib is even scarier than
using a three-year-old unrelea
Thanks much. Problem was solved by removing an old catalina.jar for WEB-INF/lib.
JMuse
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, June 11, 2013 7:38 PM
To: Tomcat Users List
Subject: RE: Class cast exception when starting tomcat 7.0.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Brandon,
On 6/12/13 12:33 PM, Brandon McCombs wrote:
> So it seems that although there is a chance of Tomcat being
> vulnerable [to Slowloris] it isn't a sufficiently large risk to
> warrant being addressed and is in fact categorized as a low risk
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, June 12, 2013 11:56 AM
To: Tomcat Users List
Subject: Re: is tomcat 6.0.35 vulnerable to CVE-2007-6750?
>
>Brandon,
>
>On 6/12/13 11:33 AM, Brandon McCombs wrote:
>> I don't know if this i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Brandon,
On 6/12/13 11:33 AM, Brandon McCombs wrote:
> I don't know if this is the correct list but it seem to be the
> best one.
>
> I'm trying to find evidence of whether tomcat 6.0.35 is vulnerable
> (and if so, was it fixed and in which versio
I don't know if this is the correct list but it seem to be the best one.
I'm trying to find evidence of whether tomcat 6.0.35 is vulnerable (and if so,
was it fixed and in which version?) to the issue identified in CVE-2007-6750?
"The Apache HTTP Server 1.x and 2.x allows remote attackers to cau
On 06/11/2013 06:42 AM, Rainer Jung wrote:
On 11.06.2013 00:58, Martin Knoblauch wrote:
Any plans when 1.2.38 will be released?
Not really, but it is overdue. So IMO we should release it during the
next few weeks.
Yeah. There are few more reported bugs for updating status
which I'd like to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chirag,
On 6/12/13 1:01 AM, Chirag Dewan wrote:
> I am facing an Out of Memory Issue with my application. I am using
> Embedded Tomcat 6.0.18. I have a simple servlet deployed which
> does nothing but set the HTTPResponse and return it.
Are you su
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/11/13 6:51 PM, Steve Nickels wrote:
> I've been trying to compile tcnative on Windows with a
> FIPS-compatible build of OpenSSL. I've been successful building
> and running tcnative this way, at least until I turn on FIPS mode
> on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jakob,
On 6/11/13 5:04 PM, Ja kub wrote:
> requirement is system should be possible to process 160 req/sec
> (200 is better to multiply) and system is kind of failover proxy
> itself
>
> there are 2 backing webservices, each can answer max 20s, it
Getting FIPS mode turned on and running is, unfortunately, far more complex
than getting the libs, or even building them, and installing them.
You need to follow the directions for building the FIPS module here:
http://www.openssl.org/docs/fips/fipsnotes.html
-and-
http://www.openssl.org/docs/fips
Oliver Tanglin | SAIC
Software Appl. Engineer | C3 Systems and Analysis Division
Phone: 703-676-7449 | Mobile: 727-207-1037
tangl...@saic.com
-Original Message-
From: users-return-242256-OLIVER.TANGLIN=saic@tomcat.apache.org on behalf
of Jane Muse
Sent: Tue 6/11/2013 7:42 PM
To: u
Thanks for the detail.
As a final note and in case you are not already doing this, I have found the
provided element in useful under similar
circumstances when building a war. This prevents bundling of dependencies
provided by the container such as catalina, servlet, etc.
Regards,
Oliver
-
I can confirm that the one liner patch fixes the problem for me as well.
Due to "policies", I have problems to roll this into the productive
environment, so a release would be highly welcome even if this is the only
fix (so it seems to me).
Cheers
Martin
On Tue, Jun 11, 2013 at 6:42 AM, Rainer
Hi,
Thanks for posting your results.
But I am thinking now that this may lead to a portability issue. Push to a
container other than Tomcat and 'org.apache.catalina.User' will not be
available on the classpath.
Yes, this is a portability issue. But to be honest, changing (assuming a
reasonabl
Thanks for posting your results.
But I am thinking now that this may lead to a portability issue. Push to a
container other than Tomcat and 'org.apache.catalina.User' will not be
available on the classpath.
Also, during development you are forced to include catalina as a dependency to
compil
19 matches
Mail list logo
