Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context

I think I've narrowed the change down to this commit: https://github.com/apache/tomcat/commit/fdd86cf2e0b851aced2f460c765fea5293a30940#diff-8b91a9296e19012bf6be4bdf975fab0d *org.apache.catalina.core.ApplicationContext.java * *getRequestDispatcher(path) * In 7.0.78, this creates a dispatcher to t

Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 2/3/20 2:10 PM, Peter Rader wrote: >> Does it ever work? > > Yes, I deployed and redeployed much larger WARs (i.e. 107MiB) many > times to the same instance. > >> >> The Tomcat manager has a default limit of 50MiB for uploads. Your >> W

Re: HttpServletRequest.getRemoteAddr() sometimes returns NULL on Tomcat 9.0.30 and HTTP/2 secure requests

On 24/01/2020 12:26, Manuel Dominguez Sarmiento wrote: > Hi Mark, thanks for your feedback. Please see below: >> On 23/01/2020 13:40, Manuel Dominguez Sarmiento wrote: >>> Hi, we started >>> noticing that HttpServletRequest.getRemoteAddr() was >>> sometimes returning NULL (which is invalid accordin

Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

> Does it ever work? Yes, I deployed and redeployed much larger WARs (i.e. 107MiB) many times to the same instance. >  > The Tomcat manager has a default limit of 50MiB for uploads. Your WAR > file it larger than that, so it might be failing. Some weeks ago I changed this default limit to "abou

Re: Apache Tomcat 10 and Jakarta EE 9 - an update

On 24/01/2020 10:29, Mark Thomas wrote: > Hi all, > > There has been a fair amount of progress made both towards a Tomcat 10 > release and Jakarta EE 9 since my State of the Cat talk at ApacheCon EU > in October. For those of you that haven't seen it is is on YouTube: > https://www.youtube.com/wat

Re: SOLVED - Re: Aw: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 2/2/20 4:48 PM, Peter Rader wrote: > The old version of the application had a daemon that have not yet > finished his execution. Tomcat cannot detect this situation, so it's unlikely to be the direct problem. How did you come to your con

Re: cookie configurations for Tomcat 7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Lazar, On 2/3/20 5:42 AM, Lazar Kirchev wrote: > Chris, > > With "having control on the server but not on the application" I > meant that I could make changes on the server, but I have no > control to make modification on the application code. My c

Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 2/2/20 11:31 AM, Peter Rader wrote: > Hi, > > I am using maven to redeploy a application. > > Maven returning: [ERROR] Failed to execute goal > org.codehaus.mojo:tomcat-maven-plugin:1.1:redeploy (default-cli) on > project xxx: Cannot inv

Re: Tomcat 7: logs for failure request with unsupported cipher and unsupported SSL protocol

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Manish, On 2/2/20 11:20 PM, Palod, Manish wrote: > Thanks Chris for considering this for future release. > > In future will the fix be ported into Tomcat 7 also? Let's see if anyone wants to implement this in trunk, first. If you want to prepare s

Re: cookie configurations for Tomcat 7

Chris, With "having control on the server but not on the application" I meant that I could make changes on the server, but I have no control to make modification on the application code. My concern with the changed Chrome behavior regarding the same site cookie attribute (https://www.chromestatus.