Hi All,
How does tomcat access valves/logs work ?
Since it prints the whole URL , will it be any issue if the access logs are
using Log4j2 implementation?
Best Regards,
Saurav
On Sun, Dec 12, 2021 at 7:32 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Mark,
>
> On 12/11/21 18:
Hi everyone,
I am trying to verify the PGP signature on the latest Tomcat 9 release (9.0.56)
but unable to obtain it from a suggested key server (see command logs below).
Could you please clarify where to obtain and how to verify the authenticity of
that particular signature.
Thanks in advance!
P
Mark,
On 12/11/21 18:39, Mark Thomas wrote:
On 11/12/2021 22:04, Sebastian Hennebrüder wrote:
Hi all,
I reproduced the attack against Tomcat 9.0.56 with latest Java 8 and
Java 11. Actually the Java path version is not relevant.
Utter nonsense. Tomcat is not vulnerable to this attack.
It is
