Re: global web.xml question

ABT, On 4/29/25 11:25 AM, A Name wrote: On Tue, Apr 29, 2025 at 10:54 AM Christopher Schultz < ch...@christopherschultz.net> wrote: Are you able to view the sources of the application? Are you (or your team) knowledgeable enough about the code to make such changes? IMHO, I would take the time t

Re: global web.xml question

On Tue, Apr 29, 2025 at 10:54 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > > ABT, > > > On 4/29/25 8:23 AM, A Name wrote: > > > On Mon, Apr 28, 2025 at 1:07 PM Mark Thomas wrote: > > > > > >>> On 28/04/2025 16:35, Christopher Schultz wrote: > > ABT, > > > > On 4/

Re: global web.xml question

ABT, On 4/29/25 8:23 AM, A Name wrote: On Mon, Apr 28, 2025 at 1:07 PM Mark Thomas wrote: On 28/04/2025 16:35, Christopher Schultz wrote: ABT, On 4/28/25 9:05 AM, A Name wrote: We are looking at adding a second instance of our app (named differently -- myappA and myappB) to our Tomcat 9.

Re: When was the first stable GA release of Apache Tomcat 11.0.x?

Chris, Beautiful answer and exactly what I was looking for. Thank you. Regards, William Crowell From: Christopher Schultz Date: Tuesday, April 29, 2025 at 10:32 AM To: Tomcat Users List , William Crowell Subject: Re: When was the first stable GA release of Apache Tomcat 11.0.x? William, On

Re: When was the first stable GA release of Apache Tomcat 11.0.x?

William, On 4/29/25 7:04 AM, William Crowell wrote: Just for my clarification: When was the first stable GA release of Apache Tomcat 11.0.x? I believe it was October 9th, 2024, but I did see the Jakarta EE Platform Web Profile 11 was released on March 30th, 2025: https://projects.eclipse.org/p

Re: global web.xml question

On Mon, Apr 28, 2025 at 1:07 PM Mark Thomas wrote: > > On 28/04/2025 16:35, Christopher Schultz wrote: > > > ABT, > > > > > > On 4/28/25 9:05 AM, A Name wrote: > > >> We are looking at adding a second instance of our app (named > > >> differently -- > > >> myappA and myappB) to our Tomcat 9. We

When was the first stable GA release of Apache Tomcat 11.0.x?

Good morning, Just for my clarification: When was the first stable GA release of Apache Tomcat 11.0.x? I believe it was October 9th, 2024, but I did see the Jakarta EE Platform Web Profile 11 was released on March 30th, 2025: https://projects.eclipse.org/projects/ee4j.jakartaee-platform/releas

Re: [SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header

On 29/04/2025 08:16, Zdeněk Henek wrote: Hi, I have looked at the commits and all have in changes http2. Is this an issue in case we don't use http2? No. It only affects h2/h2c. Mark Thank you. Regards, Zdenek Henek On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote: CVE-2025-31650 Apa

Re: [SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header

Hi, I have looked at the commits and all have in changes http2. Is this an issue in case we don't use http2? Thank you. Regards, Zdenek Henek On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote: > CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header > > Severity: High > > V