Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf" and the
value is correct.
But at the backend side I get
*
Hello,
I was testing out the "configtest" option of the catalina.sh/.bat and observed
that does not do validation for the shutdown port.
https://github.com/apache/tomcat/blob/8bbdabe02c384cf15aa43dafb66a5b42440edac3/java/org/apache/catalina/startup/Bootstrap.java
case "configte
Thank you Mark for the clarification.
Thanks,
Amit
From: Mark Thomas
Sent: Friday, June 13, 2025 12:57 PM
To: users@tomcat.apache.org
Subject: Re: TLS 1.3 and post handshake authentication (PHA)
On 13/06/2025 18:26, Amit Pande wrote:
> Hello,
>
> When using "pro
Hello,
I was testing out the "configtest" option of the catalina.sh/.bat and observed
that does not do validation for the shutdown port.
https://github.com/apache/tomcat/blob/8bbdabe02c384cf15aa43dafb66a5b42440edac3/java/org/apache/catalina/startup/Bootstrap.java
case "configte
Konstantin,
On 6/18/25 6:08 PM, Konstantin Kolinko wrote:
A quick review of all Filters that are running tells me that there are a
few that can set response headers, but mostly are not in this particular
case. The list of headers coming back in the response are:
HTTP/1.1 200
Via: HTTP/1.1
Hi,
On Tue, May 20, 2025 at 12:57 PM Rose Mary P T
wrote:
>
> HI Mark,
>
>
> Just a gentle reminder regarding my previous message. I’m following up to see
> if there’s any update on this as its pending for long.
>
> As per your previous suggestion ,I was able to fetch the connectioncount. But
>
All,
The Tomcat project has been using Bugzilla to track issues for more than
20 years.
Recently there has been a significant increase in abusive traffic
targetting the ASF's Bugzilla instances - mostly AI scraping.
To protect the ASF Bugzilla instances and ensure that they remain usable
f
