On 08/02/2016 21:55, George Stanchev wrote:
>
>
> Hi,
>
> Recent changes to Tomcat altered the behavior of our applications a bit so
> I've got couple of questions. The versions in questions are 7.0.64 and
> 7.0.67. I am aware of which is also described in the changelog for 7.0.67.
There are
On 08.02.2016 23:31, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 2/8/16 3:43 PM, Mark Thomas wrote:
On 08/02/2016 18:41, Jason Ricles wrote:
I have an application that sends binary websocket messages
between a class and the web application using a websocke
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 2/8/16 3:43 PM, Mark Thomas wrote:
> On 08/02/2016 18:41, Jason Ricles wrote:
>> I have an application that sends binary websocket messages
>> between a class and the web application using a websocket server
>> written in java.
>>
>> The data
Hi,
Recent changes to Tomcat altered the behavior of our applications a bit so I've
got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am
aware of which is also described in the changelog for 7.0.67.
I have a filter acts on application "/myapp" that does a redirect in
In Tomcat 7.0.67 with no "useRelativeRedirects" set on the context (which
defaults it to "true"), I see
GET http://hostname/myapp?m=n&o=p
==> 302: "login?a=b&c=d"
Now, this is expected behavior given the fix for [1]
[1] http://bz.apache.org/bugzilla/show_bug.cgi?id=56917
I rer
On 08/02/2016 18:41, Jason Ricles wrote:
> I have an application that sends binary websocket messages between a
> class and the web application using a websocket server written in
> java.
>
> The data being sent from the java class is encoded in a binary buffer
> with the bytes in ISO8859_1. Howev
On 08.02.2016 20:27, Jason Ricles wrote:
The message is built and sent in a javaclass connected to a websocket
server for the web application also written in java then the message
is passed to the webpage which uses javascript
1) on this list, do not "top post". See :
http://tomcat.apache.org/l
Hi,
Recent changes to Tomcat altered the behavior of our applications a bit so I've
got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am
aware of which is also described in the changelog for 7.0.67.
I have a filter acts on application "/myapp" that does a redirect in t
The message is built and sent in a javaclass connected to a websocket
server for the web application also written in java then the message
is passed to the webpage which uses javascript
On Mon, Feb 8, 2016 at 2:25 PM, André Warnier (tomcat) wrote:
> On 08.02.2016 19:41, Jason Ricles wrote:
>>
>>
On 08.02.2016 19:41, Jason Ricles wrote:
I have an application that sends binary websocket messages between a
class and the web application using a websocket server written in
java.
The data being sent from the java class is encoded in a binary buffer
with the bytes in ISO8859_1. However, when I
I have an application that sends binary websocket messages between a
class and the web application using a websocket server written in
java.
The data being sent from the java class is encoded in a binary buffer
with the bytes in ISO8859_1. However, when I receive the bytes on the
websocket server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yasi,
On 2/1/16 8:17 PM, Yasi Xi (yxi) wrote:
> Hi, Dear Mark T and all
>
> Sorry to resend this mail. I don't quite understand Mark's comment
> on this problem.
>
> WHAT IS THE PROBLEM
>
> I'm doing Tomcat upgrade for my J2EE server. Whe
On Mon, Feb 8, 2016 at 6:53 PM, Peter Rifel wrote:
> Yuval,
>
>
>
> On 2/8/16, 6:57 AM, "Christopher Schultz"
> wrote:
>
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >Yuval,
> >
> >On 2/7/16 2:27 AM, Yuval Schwartz wrote:
> >> tomcat version: 8.0.22 java: jdk1.8.0_05 server: amazon
Yuval,
On 2/8/16, 6:57 AM, "Christopher Schultz" wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Yuval,
>
>On 2/7/16 2:27 AM, Yuval Schwartz wrote:
>> tomcat version: 8.0.22 java: jdk1.8.0_05 server: amazon linux ami
>>
>> This might be outside the scope of this forum. I have an ELB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo,
On 2/8/16 10:17 AM, Theo Sweeny wrote:
> Hello All - I'm running Tomcat 8.0.21 on Linux 64x and there is a
> recent issue where clients making requests and declaring the header
> - Transfer-Encoding:chunked, have their connections hang, with no
Hello!
Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature.
In your web.xml
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
hstsEnabled
true
hstsMaxAgeSeconds
3153
Hello All - I'm running Tomcat 8.0.21 on Linux 64x and there is a recent issue
where clients making requests and declaring the header -
Transfer-Encoding:chunked, have their connections hang, with no obvious leads
in the logs.
I'm aware that up to version 8.0.9 there was a Tomcat vulnerability
On 08/02/2016 14:49, dku...@ccilindia.co.in wrote:
> Hi,
>
> We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
That is a not a security vulnerability. It is a configuration choice.
> on apache tomcat 8.0.27 while running on unix operating system. Below is
> the system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yuval,
On 2/7/16 2:27 AM, Yuval Schwartz wrote:
> tomcat version: 8.0.22 java: jdk1.8.0_05 server: amazon linux ami
>
> This might be outside the scope of this forum. I have an ELB
> (Elastic Load Balancer) distributing load between two instances
> t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrishikesh,
On 2/8/16 9:50 AM, Christopher Schultz wrote:
> Hrishikesh,
>
> On 2/6/16 1:17 PM, Hrishikesh Gadre wrote:
>> Thanks for the reply. Let me try this out. But do you think its a
>> bug in Tomcat ?
>
> No. There's nothing Tomcat can do abou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrishikesh,
On 2/8/16 9:50 AM, Christopher Schultz wrote:
> Hrishikesh,
>
> On 2/6/16 1:17 PM, Hrishikesh Gadre wrote:
>> Thanks for the reply. Let me try this out. But do you think its
>> a bug in Tomcat ?
>
> No. There's nothing Tomcat can do abou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chiranga,
On 2/7/16 2:27 AM, Chiranga Alwis wrote:
> I think OpenSAML seems to be using
> org.apache.xerces.jaxp.DocumentBuilderFactoryImpl. I am actually
> having this class within the lib folder of Tomcat.
Replacing XML parsers within applications
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrishikesh,
On 2/6/16 1:17 PM, Hrishikesh Gadre wrote:
> Thanks for the reply. Let me try this out. But do you think its a
> bug in Tomcat ?
No. There's nothing Tomcat can do about this, aside from allowing your
application to load /more/ classes on
Hi,
We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
on apache tomcat 8.0.27 while running on unix operating system. Below is
the system configuration:
OS Name: HP-UX
OS Version:B.11.31
Architecture: IA64N
Java Home:/
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M3.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 9.0.0.M3 is a milestone release o
25 matches
Mail list logo
