I know it has been asked dozens of times but the response is always "Cannot
be done in a standard way".
But why can't we change Tomcat to provide further details to the error page
of why the login failed?
I would have thought tomcat can support that easily without any backward
compatibility issue:
Gerhardt,
On 10/12/21 13:27, Martin, Gerhardt A wrote:
Running Tomcat 9.0.50 on Centos 7.9.x Linux and using Tomcat JDBC connection
pool to connect to my application's databases. My app connects to about a dozen
read only databases and one read/write database. Here is a typical resource
defin
CVE-2021-42340 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M5
Apache Tomcat 10.0.0-M10 to 10.0.11
Apache Tomcat 9.0.40 to 9.0.53
Apache Tomcat 8.5.60 to 8.5.71
Description:
The fix for bug 63362 introduced a
CVE-2021-41079 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M5
Apache Tomcat 10.0.0-M10 to 10.0.11
Apache Tomcat 9.0.40 to 9.0.53
Apache Tomcat 8.5.60 to 8.5.71
Description:
The fix for bug 63362 introduced a
On 14/10/2021 10:28, Natraj Thekkan wrote:
Hi,
We are using tomcat version 9.0.46.
Could you please provide suggestion to restrict the TLS version in HTTP2 over
HTTPS with OpenSSL implementation?.
The code below is sufficient, assuming that is then the connector that
is being used by the cli
Hi,
We are using tomcat version 9.0.46.
Could you please provide suggestion to restrict the TLS version in HTTP2 over
HTTPS with OpenSSL implementation?.
Regards,
Natraj
From: Natraj Thekkan
Sent: Wednesday, October 13, 2021 10:15 AM
To: 'users@tomcat.apache.org'
Subject: Restriction of TLS ver
