Thanks Mark, your answer is very helpful. I tried many scenarios using your
inputs.
I want Tomcat to NOT perform reload but it needs to perform a redeploy when
context.xml is changed. So i set autoDeploy=true and commented out below
section in context.xml to server my purpose.
WEB-INF/web.xml
${c
I noticed on ssllabs.com that when I upgrade from java 8 to java 9 (9.0.4
to be exact) that without changing any other variables I start to get
"Session resumption (caching) No (IDs assigned but not accepted)" as a
warning.
I also tried explicitly setting the sessionCacheSize (even tho docs say
de
On 5/16/2018 11:13 AM, Kiran Badi wrote:
> Yes tomcat is not starting up. I am also suspecting that EC2 instance was >
> probably compromised. Not sure as how but I see some rogue programs
were > running under tomcat user. I use putty with private keys to login
and those > keys are not in public v
Yes tomcat is not starting up. I am also suspecting that EC2 instance was
probably compromised. Not sure as how but I see some rogue programs were
running under tomcat user. I use putty with private keys to login and those
keys are not in public view for sure.
These program were talking to some se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Kiran,
On 5/15/18 5:58 PM, Kiran Badi wrote:
> For some reason my application hosted on ec2 is just not starting
> up. I know I never had any memory issues in last 1 year or so.
>
> I see below trace in catalina.out file. I am not sure if I need to
CVE-2018-8014 Insecure defaults for CORS filter
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.8
Apache Tomcat 8.5.0 to 8.5.31
Apache Tomcat 8.0.0.RC1 to 8.0.52
Apache Tomcat 7.0.41 to 7.0.88
Description:
The defaults settings for the CORS
