Re: Are there any known class loader leaks in Tomcat 9?

2023-11-06 Thread Suvendu Sekhar Mondal
Hello William, On Mon, Nov 6, 2023 at 11:25 PM William Crowell wrote: > > Good afternoon, > > I am running Tomcat 9.0.78 with JDK 1.8.0_371 (running with G1GC), and I am > loading some very large Java classes into Metaspace. I know this is not good > practice, but I inherited this library. Th

Re: Admin password for Tomcat

2023-11-06 Thread Jerry Malcolm
On 11/5/2023 11:54 AM, Jerry Malcolm wrote: On 11/5/2023 9:26 AM, Christopher Schultz wrote: Jerry, On 11/4/23 20:17, Jerry Malcolm wrote: My support team needs to be able to log in to our site as various users (on behalf of...) to be able to see exactly what they are seeing since roles, a

Re: Vulnerabilities Patches

2023-11-06 Thread James H. H. Lampert
On 11/6/23 5:21 PM, Nithiyanandam BALASUBRAMANIYAN (Oneberry) wrote: I am using Tomcat Apache Version 8.5.94 in Windows server 2012. Recently received following vulnerabilities alert to fix : Short answer: you're already there. And the latest Tomcat 8 (which I just bumped a customer up to) is

Re: Vulnerabilities Patches

2023-11-06 Thread Chuck Caldarale
> On Nov 6, 2023, at 19:27, Nithiyanandam BALASUBRAMANIYAN (Oneberry) > wrote: > > May I know how to apply to windows as my system is no internet allowed. > Thanks If you’re running 8.5.94, those four CVEs are already fixed in that version. - Chuck > -Original Message- > From

RE: Vulnerabilities Patches

2023-11-06 Thread Nithiyanandam BALASUBRAMANIYAN (Oneberry)
Hi Even, Thanks for the reply. May I know how to apply to windows as my system is no internet allowed. Thanks -Original Message- From: Evan Rempel Sent: Tuesday, November 7, 2023 9:24 AM To: users@tomcat.apache.org Subject: Re: Vulnerabilities Patches https://tomcat.apache.org/secur

Re: Vulnerabilities Patches

2023-11-06 Thread Evan Rempel
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 On 2023-11-06 17:21, Nithiyanandam BALASUBRAMANIYAN (Oneberry) wrote: Hi , I am using Tomcat Apache Version 8.5.94 in Windows server 2012. Recently received following vulnerabilities alert to fix : 1. *Request smugglin

Vulnerabilities Patches

2023-11-06 Thread Nithiyanandam BALASUBRAMANIYAN (Oneberry)
Hi , I am using Tomcat Apache Version 8.5.94 in Windows server 2012. Recently received following vulnerabilities alert to fix : 1. Request smuggling CVE-2023-45648 2. Denial of Service CVE-2023-44487

TLD jar scanning at Tomcat Startup

2023-11-06 Thread charles didonato
Good Evening, Tomcat 9.082 on Windows 11. Tomcat runs as a Windows service. When I start Tomcat and deploy my war file, it hangs at the following in the Catalina Log: 06-Nov-2023 15:21:59.819 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet conta

Are there any known class loader leaks in Tomcat 9?

2023-11-06 Thread William Crowell
Good afternoon, I am running Tomcat 9.0.78 with JDK 1.8.0_371 (running with G1GC), and I am loading some very large Java classes into Metaspace. I know this is not good practice, but I inherited this library. These classes have business rules and are doing some basic primitive and array manip

Re: WebApp Mutual TLS for connecting to thrid party REST service

2023-11-06 Thread Mark Thomas
On 06/11/2023 17:03, Brian Wolfe wrote: Is there a way to use JSSE in tomcat to manage TLS mutual auth for when a process in tomcat is acting as a client during a REST call to use a client certificate from a keystore to authenticate to the third party? Or is this something that has to be handled

WebApp Mutual TLS for connecting to thrid party REST service

2023-11-06 Thread Brian Wolfe
Is there a way to use JSSE in tomcat to manage TLS mutual auth for when a process in tomcat is acting as a client during a REST call to use a client certificate from a keystore to authenticate to the third party? Or is this something that has to be handled at the application level? I know in Java

Re:

2023-11-06 Thread Mark Thomas
On 06/11/2023 10:57, Greg Huber wrote: >> The maximum useful size will be the total size of static resources (i.e. everything NOT under WEB-INF/lib or WEB-INF/classes). Since I have nothing in either of these, its all mapped in the PostResources,  I can just calculate the size of the jars, an

Re:

2023-11-06 Thread Greg Huber
>> The maximum useful size will be the total size of static resources (i.e. everything NOT under WEB-INF/lib or WEB-INF/classes). Since I have nothing in either of these, its all mapped in the PostResources,  I can just calculate the size of the jars, and add a bit for luck.  (ie 85mb +5mb).🙂

Re:

2023-11-06 Thread Suvendu Sekhar Mondal
On Mon, Nov 6, 2023 at 3:15 PM Mark Thomas wrote: > > On 05/11/2023 17:23, Greg Huber wrote: > > Thanks Mark and Chris. > > > >>> >>> base="/home/devuser/git/myproject/target/classes" > >>> className="org.apache.catalina.webresources.DirResourceSet" > >>> webAppMount="

Re: tomcat 10

2023-11-06 Thread Mark Thomas
On 06/11/2023 06:46, 一直以来 wrote: Why do I print System. out. println (request) as different objects in the servlet for the request in tomcat10? Is the request object not reused in tomcat10? There is a pool of cached request objects. Each request is also accessed via a facade (which is probab

Re:

2023-11-06 Thread Mark Thomas
On 05/11/2023 17:23, Greg Huber wrote: Thanks Mark and Chris. I have not noticed any slowness yet. There are alot of jars (approx 160), but the target/classes folder are my app's classes that I am working on. These can change (ie not static), so may be better to switch it off. Is there an