I have a Java application running under Tomcat 9. One component of this
application is OpenID authentication, in which my application is a relying
party.
It sends a POST request to https://login.microsoftonline.com, but in one
scenario I'm getting an error back from Microsoft.
I need to see exac
> -Original Message-
> From: jonmcalexan...@wellsfargo.com.INVALID
>
> Sent: Thursday, March 16, 2023 1:54 PM
> To: users@tomcat.apache.org
> Subject: RE: Quick Question with Tomcat 10.1x
>
> > -Original Message-
> > From: Torsten Krah
> > Sent: Thursday, March 16, 2023 1:40 PM
> -Original Message-
> From: Torsten Krah
> Sent: Thursday, March 16, 2023 1:40 PM
> To: Tomcat Users List
> Subject: Re: Quick Question with Tomcat 10.1x
>
> schrieb am Do., 16. März 2023,
> 19:32:
>
>
> Please read
> https://urldefense.com/v3/__https://tomcat.apache.org/whichversio
schrieb am Do., 16. März 2023,
19:32:
> Hi,
> I have a really simple war file I created to "test" that Tomcat is coming
> up and running. It works fine on Tomcat 8.5x, 9.0x, AND 10.0x, however on
> 10.1.7 I am getting this strange stack trace. I'm not able to determine
> just what is being called
Hi,
I have a really simple war file I created to "test" that Tomcat is coming up
and running. It works fine on Tomcat 8.5x, 9.0x, AND 10.0x, however on 10.1.7 I
am getting this strange stack trace. I'm not able to determine just what is
being called out.
SEVERE: Servlet.service() for servlet [j
I did some tests with several different commits in 9.0.71, I think my issue
is caused by this
https://github.com/apache/tomcat/commit/10a1a6d46d952bab4dfde44c3c0de12b0330da79
the "toBytesSimple" change has not been added to the repo yet, so the
change in 9.073 doesn't solve the problem.
Next I will
Thanks Mark
-Original Message-
From: Mark Thomas
Sent: Thursday, March 16, 2023 2:34 PM
To: users@tomcat.apache.org
Subject: Re: CVE-2023-24998 : Apache Denial of Service
On 16/03/2023 05:33, S Abirami wrote:
> Hi All,
>
> Currently, In our product we are using 9.0.65 version of Tomcat
On 16/03/2023 05:33, S Abirami wrote:
Hi All,
Currently, In our product we are using 9.0.65 version of Tomcat.
We are not using FileUpload option in any of our application and in Servlet.
We don't have any config to limit the file uploads also.
Whether our attacker still able to perform a malic
On 16/03/2023 04:01, LANDER Tim wrote:
Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's:
https://github.com/apache/tomcat/blob/6de806a21adc68a23aa4043c67c0d80bbab1c458/build.xml#L2825-L2828)
are excluded from the tomcat maven artefact (org.apache.tomcat:tomcat). What's
the
