Re: Servlet 6.2 / Tomcat 12 - Welcome files

come file list since welcome-file's are processed first. Is the above interpretation correct? Use case where the above might occur: web.xml has index.html index.do Then there is an included fragment index.htm So that we have a welcome-file after a welcome servlet in the final config. -

Re: Tomcat 10.1 Upgrade & Uber JAR Error

The issue occurred again in Tomcat v10.1.40 but is fixed again in Tomcat v10.1.41 On Thu, Apr 3, 2025 at 7:52 PM Mark Thomas wrote: > On 03/04/2025 05:34, Tim N wrote: > > That should have been > >> Looks like this last worked Tomcat v10.1.20 and first failed v10.1.23 > &

Re: Classpath confusion between webapps

Wild guess. Does this library use tmp to extract binaries to run native code? If so, it might be a version collision of those tmp binaries? On Sat, Apr 12, 2025 at 4:23 PM Thad Humphries wrote: > I have a problem that appears to be one webapp in Tomcat 9 having a portion > of its classpath ma

Re: Tomcat Clustering Roadmap And Max Node Limit

04/2025 02:42, Chuck Caldarale wrote: > > > >> On 2025 Apr 3, at 19:57, Tim N wrote: > >> > >> For a long time up to the latest version 11 documentation, there has > been a > >> recommended maximum limit of 4 nodes per cluster. > >> > >

Tomcat Clustering Roadmap And Max Node Limit

For a long time up to the latest version 11 documentation, there has been a recommended maximum limit of 4 nodes per cluster. https://tomcat.apache.org/tomcat-11.0-doc/cluster-howto.html "This works great for smaller clusters, but we don't recommend it for larger clusters — more than 4 nodes or so

Re: Tomcat 10.1 Upgrade & Uber JAR Error

That should have been > Looks like this last worked Tomcat v10.1.20 and first failed v10.1.23 ...and now looks like this was first fixed again in v10.1.39 Any ideas why? On Sat, Feb 8, 2025 at 6:36 AM Tim N wrote: > Looks like this last worked Tomcat v10.1.20 and first failed v19.1.23

Re: [EXTERNAL] Re: Archive localhost_access_log

Nothing built in to move them. But the same advice applies. The find command chained with mv or mv+gzip could be a solution Or if your backup policy is good enough. Doing nothing and relying on backups to retrieve old logs would work too. But all of this depends on use case for need of retrieval.

Re: Archive localhost_access_log

Personally. I rely on a daily cron with a find by time and the -delete flag. Where the time to keeps is based on policy. -Tim On Tue, Mar 18, 2025 at 9:52 AM Nguyen, Quoc A. (QUANTUM MANAGEMENT, LLC) wrote: > Hello, > > Tomcat server version: 9.0.98. > > server.xml co

Re: Tomcat 10.1 Upgrade & Uber JAR Error

Looks like this last worked Tomcat v10.1.20 and first failed v19.1.23 On Fri, Feb 7, 2025 at 3:22 PM Tim N wrote: > I was launching my application successfully with Tomcat 10.1.16 using a > JAR with all dependencies in a single JAR via "maven-assembly-plugin". > > Sin

Tomcat 10.1 Upgrade & Uber JAR Error

I was launching my application successfully with Tomcat 10.1.16 using a JAR with all dependencies in a single JAR via "maven-assembly-plugin". Since upgrading to Tomcat 10.1.34, one of my applications is now throwing java.lang.NullPointerException: Cannot invoke "org.apache.jasper.compiler.TldCac

RE: RE: JspWriterImpl BufferSize And Flushing In Tomcat 10.1.16

I've replicated something similar on Tomcat 10.1.34 (and also 9.0.98). Steps 1 - Download and unzip Tomcat 10.1.34 2 - Create file "webapps/ROOT/include.jsp" with contents "I've been included!" 3 - Edit "webapps/ROOT/index.jsp" adding the following code at the bottom of the JSP ``` <% String

RE: JspWriterImpl BufferSize And Flushing In Tomcat 10.1.16

Just an update...I eliminated the tiles and spring:theme code, and still get the error by putting the same large content in the page with ". Again, this is resolved by increasing the buffer size. I've also noticed the response is marked as committed with the large output before the "jsp:include".

Re: JspWriterImpl BufferSize And Flushing In Tomcat 10.1.16

asier/quicker). On Thu, Jan 30, 2025 at 3:16 AM Rémy Maucherat wrote: > On Wed, Jan 29, 2025 at 5:45 AM Tim N wrote: > > > > I'm including the stack-trace in case that's helpful > > There are no differences in JspWriterImpl between 9.0 and the current > Tomcat 11

Re: JspWriterImpl BufferSize And Flushing In Tomcat 10.1.16

It is a stack-trace generated from a break-point that I thought might be useful. On Thu, Jan 30, 2025 at 12:13 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > Tim, > > Your original post says there is no error, so what exactly is this a > stack-trace OF? > &g

RE: JspWriterImpl BufferSize And Flushing In Tomcat 10.1.16

I'm including the stack-trace in case that's helpful Note references to tiles is for the Jakarta EE upgraded tiles at https://github.com/tntim96/tiles/tree/jakarta-upgrade writeMessage:385, MessageTag (org.springframework.web.servlet.tags) doEndTag:285, MessageTag (org.springframework.web.servlet

JspWriterImpl BufferSize And Flushing In Tomcat 10.1.16

I am migrating from SpringBoot 2.7.18 to 3.0.13 with the accompanying migration from Tomcat 9.0.83 to 10.1.16. I am trying to render a large message, around 8kB. In Tomcat 9, the content renders correctly, In Tomcat 10 the content doesn't render at all, and there's no error message. I noticed if I

Re: Max parameters limit

And use RequestWrapper to intercept getParameter() and provide your own parsed value. -Tim On Wed, Sep 11, 2024 at 12:31 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > All, > > Does anyone know if there is a way to limit the number of HTTP > parameters in a POST re

RE: Web browser clocking issue at Apache Tomcat 10.1.20 on Linux

ed and not responding. I also had a typo below about "TLS session tokens". I meant to say "TLS session tickets". -----Original Message- From: Tim Zielke Sent: Thursday, September 5, 2024 3:42 PM To: Tomcat Users List Subject: RE: Web browser clocking issue at Apache

RE: Web browser clocking issue at Apache Tomcat 10.1.20 on Linux

goes away. I don't really need the performance improvement of TLS session tickets, so this is a viable workaround for the issue. -Original Message- From: Tim Zielke Sent: Thursday, August 15, 2024 9:55 AM To: Tomcat Users List Subject: RE: Web browser clocking issue at Apache T

Re: Tomcat 9.0.93 Patching | Error- A fatal error has been detected by the Java Runtime Environment | Problematic frame:sigar-amd64-winnt.dll+0x14ed4

request was already completed. This is not allowed since 9.0.90. In particular - see the notes about "RECYCLE_FACADES" here https://tomcat.apache.org/tomcat-9.0-doc/changelog.html An alternative is removing "sigar-amd64-winnt.dll" from lib (but I suspect the application will be

RE: Web browser clocking issue at Apache Tomcat 10.1.20 on Linux

: users@tomcat.apache.org Subject: Re: Web browser clocking issue at Apache Tomcat 10.1.20 on Linux [You don't often get email from ma...@apache.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] [External] On 15/08/2024 14:36, Tim Zielke wrote: > web

Web browser clocking issue at Apache Tomcat 10.1.20 on Linux

wledge let me know if I am interpreting this trace data correctly? Thanks, Tim

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

I do not have a recommended vendor / solution) Conversely, this is a good time for the developers to review their server logging and tune it to be less verbose for these normal exceptions. As well as implementing logging frameworks and logging at the appropriate level (fatal through debug) -Tim

Re: Tomcat Internal Architect for JSP compilation?

One possible workaround is to precompile the JSP's at build time. https://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html#Web_Application_Compilation -Tim On Fri, Mar 22, 2024 at 1:37 AM Subodh Joshi wrote: > > Why i am doing this exercise? > In our some of the deployed lin

Re: Operation not permitted errors [EXTERNAL]

utimes) - And the CIFS mount doesn't support that. A quick test would be to write a "1 liner" java program that uses java.nio.file.Files.copy with paths in that CIFS mount -Tim On Wed, Feb 7, 2024 at 10:49 AM Beard, Shawn wrote: > It is on a Linux server, The file system mentions

Re: Rotating/archiving catalina.out

One option (hacky workaround) is to try using "swallowOutput" which may mitigate the worst of your issue. (Beyond a rewrite with a logging framework) https://tomcat.apache.org/tomcat-9.0-doc/config/context.html -Tim On Mon, Jan 29, 2024 at 3:28 PM Aryeh Friedman wrote: > We need

Re: How to access the request URL in a custom valve implementation?

return new ObfuscatedQueryElement(); Where ObfuscatedQueryElement is much like the existing QueryElement with your additional requirements. They both would implement AccessLogElement which has access to the Request object -Tim On Fri, Jan 26, 2024 at 7:58 AM Manak Bisht wrote: > I want to obfuscate

Re: How to access the request URL in a custom valve implementation?

My bad - AccessLogValve also supports that feature too - *%{xxx}r* write value of ServletRequest attribute with name xxx (escaped if required, value ?? if request is null) https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Logging -Tim On Fri, Jan 26, 2024 at 7:23 AM Tim

Re: How to access the request URL in a custom valve implementation?

. -Tim On Fri, Jan 26, 2024 at 5:47 AM Manak Bisht wrote: > Hi, > I am trying to extend the AccessLogValve to modify logging behaviour for > certain URLs. However, I don't have access to the request object in the > AccessLogValve API. So, I am left with regex matching on the

Re: Did something JSP related change between 9.0.71 and 9.0.73

on. (Ours is not a UI app) > > You can check the fixes section of release notes > > https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-820/ > > https://github.com/newrelic/newrelic-java-agent/pull/1225 > > வெள்., 1 செப்., 20

Re: Did something JSP related change between 9.0.71 and 9.0.73

Fixed by upgrading New Relic to 8.5.0! Other environments had this upgraded, but not the failing one. On Fri, Sep 1, 2023 at 5:26 PM Torsten Krah wrote: > Am Freitag, dem 01.09.2023 um 15:18 +1000 schrieb Tim N: > > We're seeing this too, but not in all our environment

Re: Did something JSP related change between 9.0.71 and 9.0.73

We're seeing this too, but not in all our environments. We also use NewRelic. JSP Previously rendered to Now renders to /path/style.css"/> Affected Tomcat version is 9.0.78

Solved: DataSource Connection pool [non] leak

pplication. There was some consternation about the approach but it was agreed that this was the least risk answer - for an application we're dropping support for in December, it is not worth rewriting. This will at least enable deployments to address vulnerabilities fixed in 9.0.71+. Thanks, Tim

RE: [EXTERNAL] RE: DataSource Connection pool leak

eable. Is it safe to check for either java.sql.Connection or java.lang.AutoCloseable? .. or should I just check for the "close()" method invocation, based on the fact that I'm not wrapping anything (here) that I shouldn't

RE: [EXTERNAL] RE: DataSource Connection pool leak

e SQL is. It's in the log file. The SQL isn't slow, it's called multiple times for different tables/data during startup but with the versions of Tomcat with which I am having problems, it only manages 20 calls before exhausting the pool. The SQL is run serially, not in pa

DataSource Connection pool leak

mine to a few hundred to complete the application startup and I'm not willing to try that without further insight. Thanks, Tim -- Tim Scott (he/him/his) OCLC * Lead Software Engineer / Technical Product Manager cc: IT file

OT: RE: [External] Re: Fail Timcat if any of the contexts fails?

Loving the typo in the subject :-). Tim. cc: IT file

Re: Excluded service.bat From Maven Artefact

> On 3/15/23 22:01, LANDER Tim wrote: > > Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's: > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fblob%2F6de806a21adc68a23aa4043c67c0d80bbab1c458%2Fbuild.

Excluded service.bat From Maven Artefact

Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's: https://github.com/apache/tomcat/blob/6de806a21adc68a23aa4043c67c0d80bbab1c458/build.xml#L2825-L2828) are excluded from the tomcat maven artefact (org.apache.tomcat:tomcat). What's the reason for this? I couldn't find it docum

Re: StaticMembers within Multiple Clusters

e at the same version, we have 4, they all get updated at the same time. > How did you upgrade (e.g. installer, unzip/untar/etc.)? untar Thanks, Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For a

Re: StaticMembers within Multiple Clusters

I hate to bring back my original thread and I am probably not doing this correctly, but I've been seeing this message occur on my cluster. My tomcat is now at 9.0.70. Possibly there was a breaking change since I first started using the cluster? java.lang.NoClassDefFoundError: Could not initialize

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

cat.start(Tomcat.java:486) Do you think I need to look into that more, or does it make sense that the Service.setParentClassLoader() prevents this? On Thu, Dec 22, 2022 at 9:49 PM Mark Thomas wrote: > On 21/12/2022 22:37, Tim N wrote: > > This was fixed by adding "--add-opens=

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

, ClassLoaderFactory.RepositoryType.JAR)); } ClassLoader myClassLoader = ClassLoaderFactory.createClassLoader(repositories, null); Thread.currentThread().setContextClassLoader(myClassLoader); SecurityClassLoad.securityClassLoad(myClassLoader); ... Tomcat tomcat = new Tomcat(); tomcat.getService().setPa

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

s.java:576) On Wed, Dec 21, 2022 at 3:33 PM Tim N wrote: > Sorry - more of the stack-trace: > Caused by: java.lang.IllegalAccessError: failed to access class > com.sun.activation.registries.LogSupport from class > javax.activation.MimetypesFileTypeMap > (com.sun.activation.

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

Looks like this is due to a conflict with EE JARs added to replace those removed when moving from Java 8 to 17. On Wed, Dec 21, 2022 at 3:33 PM Tim N wrote: > Sorry - more of the stack-trace: > Caused by: java.lang.IllegalAccessError: failed to access

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

(ConfigurableMimeFileTypeMap.java:150) On Wed, Dec 21, 2022 at 3:28 PM Tim N wrote: > I tried this: > > List repositories = new ArrayList<>(); > repositories.add(new ClassLoaderFactory.Repository(new > File("/dir1").getAbsolutePath(), ClassLoaderFactory.RepositoryType.DIR)); > repositories.add

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.startup.Tomcat.start(Tomcat.java:486) So the code looks closer to working, but still something major wrong.

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

e used to achieve what I'm after? If I could get this working, I could maybe contribute back with "how-to" documentation. Thoughts? Also, how do I make embedded Tomcat use my classloader? On Wed, Dec 14, 2022 at 9:19 PM Mark Thomas wrote: > On 14/12/2022 03:20, Tim N wrote:

Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

I'm currently using embedded Tomcat 9.0.68 and have encountered the infamous compatibility issue with ClassLoader.getSystemClassLoader when upgrading from Java 8 to Java 17. See https://stackoverflow.com/questions/46694600/java-9-compatability-issue-with-classloader-getsystemclassloader for a good

Tomcat 9.0.N SimpleTcpCluster Max Cluster Sizing

>From the official documentation "The all-to-all replication is an algorithm that is only efficient when the clusters are small. For larger clusters, you should use the BackupManager" Any ideas on what the limit is or how to measure it? Any good articles?

Tomcat 9.0.N Upgrading Minor Version In A Cluster

Will session fail-over work b/w minor versions? i.e. can you cycle through upgrading Tomcat in a cluster from say 9.0.67 to 9.0.68? Also, is there any official documentation on this?

RE: [External] Re: [ANN] Apache Tomcat 9.0.67 available

vising of the bug and fix. I will await ..68 with anticipation. It’s curious how it only happened on my Windows systems and not my RedHat one but I’ll happily leave that nuance to those who know the code. The systems in question are test and not critical, so I can wait a week or so. Until ..68, Tim cc: IT file

Re: Secondary Authentication method for application

to a specific url. Eventually, my custom realm (form login) may go away and the login for my app will be done by this external app which will be the only thing that will be able to call this new "backdoor" way. Tim

Secondary Authentication method for application

s done... Also, I'm getting a 405 error on the actual POST, even though it appears the principal gets established for that request... Not sure if this has something to do with the JSESSIONID cookie... Thanks, Tim - To u

RE: [External] Re: Apache Tomcat 8 - Require Tomcat configuration to restrict exe's from downloading

, Tim From: Mark Thomas Sent: 22 June 2022 10:56 To: users@tomcat.apache.org Subject: [External] Re: Apache Tomcat 8 - Require Tomcat configuration to restrict exe's from downloading On 22/06/2022 10:37, bharath Kumar wrote: > Hi team, > > Any help on this ? > > Furth

Re: Conditional access logs

environment variable" https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html You can submit a feature enhancement request in the bug database https://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests -Tim On Thu, Apr 21, 2022 at 5:08 PM Chris Cheshire wrote: &g

RE: Problems deploying new .war application on Linux

Hi all, If only for the email archives – just a note to say that I have not yet found a solution. Thanks, Tim -- Tim Scott OCLC · Senior Software Engineer / Technical Product Manager cc: IT file OCLC COVID-19 resources: oc.lc/covid19-service-info<https://oc.lc/covid19-service-info>

RE: [External] Re: RemoteAddrFilter (org.apache.catalina.filters)

and I don’t know what the load balancer is going to deliver as I don’t have one in my development environment. I also don’t know the network route the calling service will take. Thanks, Tim -- Tim Scott OCLC · Senior Software Engineer / Technical Product Manager cc: IT file OCLC COVID-19

Re: [External] Re: RemoteAddrFilter (org.apache.catalina.filters)

t be configured programmatically? I could then read a setting from the database. (Apologies for not describing all the requirements at the outset - users, eh?) Thanks, Tim -- Tim Scott OCLC · Senior OLIB Software Engineer City Gate · 8 St. Mary's Gate · Sheffield S1 4LW · United

RemoteAddrFilter (org.apache.catalina.filters)

(or some variations thereof – “sru”, “/sru”, “/sru/”, “/sru*”, …) … then both applications are equally accessible from other clients. Is what I’m trying to do possible? I’m using Tomcat 9.0.54. If it should work – can anyone spot what I’ve missed? Thanks, Tim -- Tim Scott

RE: Problems deploying new .war application on Linux

pin down the problem. I had not expected an absence of a call to the method! Any further ideas? Thanks, Tim -- Tim Scott OCLC · Senior Software Engineer / Technical Product Manager cc: IT file OCLC COVID-19 resources: oc.lc/covid19-service-info<https://oc.lc/covid19-service-info>

RE: [External] Re: Problems deploying new .war application on Linux

> From: Greg Huber gregh3...@gmail.com > Sent: Monday, March 14, 2022 3:01 PM > >I’ve tried renaming the war file as ‘sru.war’ and placing it in webapps, > >removing other references to ‘sru’ in the configuration. > I use ROOT.war and have no stuff, just copy it into

RE: [External] Re: Problems deploying new .war application on Linux

> From: Greg Huber > Sent: Monday, March 14, 2022 2:23 PM > To: Tomcat Users List users@tomcat.apache.org > Subject: [External] Re: Problems deploying new .war application on Linux > On the sever where did tomcat come from? a rpm? > Maybe as a test, download tomca

RE: Problems deploying new .war application on Linux

files in the same way, there’s no different there either. > Another approach is to do remote debugging and step into the class with the > error > (javax.enterprise.inject.se.SeContainerInitializer.findSeContainerInitializer) I’ll need to work out how to do that and get back to you. Th

Problems deploying new .war application on Linux

application works in one place with as close a configuration as I can get. Annoyingly, I only need Linux for development and QA testing. It will be only deployed on Windows 2016 in phase 1 (and may never reach phase 2). Any ideas where I should tweak next? Thank you, Tim In case it helps, my

Re: Tomcat 7 - Log4j Vulnerability Guide Request

Out of the box, no version of Apache Tomcat uses any log4j version. If log4j is used, it is by a specific application (not provided by the ASF) deployed to Tomcat. (Or an admin changed the default install to add it) -Tim On Fri, Jan 28, 2022 at 10:36 AM Samuel Anderson-Burrell | Cloud21 wrote

RE: [External] Re: Tomcat jdbc connections

> Would it be along the lines of Wireshark or TCP dump to see what's > occurring as I gather this won't be captured in tomcat logging via > Catalina.out? Or can it be. Have you explored Oracle listener / client tracing? Ref: https://docs.oracle.com/cd/E11882_01/network.112/e10835/sqlnet.htm#NETRF3

RE: [External] Re: Plugging a memory leak - where?

vise our team who deals with Dependency Tracker, too. Thanks, Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Plugging a memory leak - where?

ating the deployment version would remedy the memory leak in the Tomcat service itself - but I don't like to leave this to guesswork. We've had reports of memory leaks causing problems. Thank you, Tim -- Tim Scott OCLC * Senior Software Engineer / Technical Product Manager CityGate, 8 St.

Re: CVE-2021-44228 Log4j 2 Vulnerability -- How does this affect Tomcat?

er chaining opportunities still out there. A key takeaway is you might judge individual single exploits not to be bad. But if you can easily chain multiple ones together, then the black hat party can begin. -Tim On Mon, Dec 13, 2021 at 7:24 PM James H. H. Lampert wrote: > > I c

RE: [External] Re: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs compile time Java version

in. Versions after these JDKs remove the LDAP vector: 6u211 7u201 8u191 11.0.1" No doubt you can review the release notes for, e.g., 8u191/192 for further clues. Notwithstanding Mark's notes earlier that updating your JRE may not resolve everything. > Cheers, > Juri Thanks, Tim

RE: [External] Re: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs compile time Java version

some protection, it’s not everything. Thanks, Tim -- Tim Scott OCLC · Senior Software Engineer / Technical Product Manager cc: Product Management file OCLC COVID-19 resources: oc.lc/covid19-service-info<https://oc.lc/covid19-service-info> From: Mark Thomas Sent: 13 December 2021 09

CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs compile time Java version

ch does this? Thank you, Tim -- Tim Scott OCLC * Senior Software Engineer / Technical Product Manager CityGate, 8 St. Mary's Gate, Sheffield S1 4LW, UK cc: Product Management file OCLC COVID-19 resources: oc.lc/covid19-service-info<https://oc.lc/covid19-service-info> [COVI

Re: Setting a Request Attribute from a custom Realm

On Tue, Apr 13, 2021 at 9:22 PM Tim K wrote: > > On Fri, Apr 9, 2021 at 7:48 AM Tim K wrote: > > As mentioned in that url, doing a pre-login of sorts before calling > > HttpServletRequest.login() may be a workaround to accomplish this, but > > then I would need to call m

Re: Potential Memory Leak with StandardManager [EXTERNAL]

On Mon, Oct 18, 2021 at 2:51 PM Beard, Shawn wrote: > Update to Tomcat 9.0.54. This could be a known security bug that is fixed > in this version. > > https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54 > I tried updating to that version but it does not appear to be related;

Potential Memory Leak with StandardManager

out of the box with tomcat or do I need to define that in order for it to happen? Thanks, Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

reporting a problem with LDAP auth to Windows Active Directory with Kerberos using the default spnegoDelegationQop="auth-conf" value for Tomcat 9.0.31 and 9.0.52

=64011 This may well be some subtle interaction between Tomcat, the JVM and our Active Directory servers and may not be a Tomcat problem at all. I wanted to report it for comment and to let others know who may find the same issue in their own environments what worked for me so far. Reg

RE: Re-Use TCP Source Ports if the Socket is Unique?

ve until Tomcat is shut down. Does that help? Thanks, Tim -- Tim Scott OCLC · Senior Software Engineer / Technical Product Manager cc: IT file OCLC COVID-19 resources: oc.lc/covid19-service-info   -Original Message- From: Eric Robinson Sent: 25 June 2021 04:19 To: Tomcat Users

Re: Strange error with JSP

{} catch blocks{} even if you think they don't need wrapped in those blocks. -Tim On Wed, Jun 2, 2021 at 1:53 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > > I'm getting this error in production, and I can reproduce it every time > I access the page. H

RE: [External] Re: Zip file upload corruption on Linux

ing environment? I'll bet we can write a > Filter or Valve which can catch this bug red-handed. I'd love to have the time to do this, but my motivation to do so has all but been killed by pragmatism. I could send you the two Java classes off-list if you&#

RE: [External] Re: Zip file upload corruption on Linux

is process. My code writes the data to an Oracle database, binding as a binary (RAW) value. Thanks, Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [External] Re: Zip file upload corruption on Linux

rkaround and do not anticipate it worthwhile me spending any more time on the matter. Thanks, Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [External] Re: Zip file upload corruption on Linux

he.tomcat.util.http.fileupload." and tried again. I found no change in behaviour: Leaving file.encoding to default to UTF-8 still corrupted the content. Setting it to ISO-8859-1 again resolved it. Was that the Servlet API you were meaning? Thanks, Tim -

RE: [External] Re: Zip file upload corruption on Linux

Hi Mark, Thanks for the prompt response. >On 24/05/2021 10:58, Scott,Tim wrote: >> Hi experts, >> >> First time poster, here, so I know I'm risking not providing nearly >> enough of the right information. Please let me know what I can send to >> help you h

Zip file upload corruption on Linux

've put some details / "evidence" below should you wish to read further. Thank you, Tim This morning, with Tomcat 9.0.45, I again captured a tcpdump to show that the browser is sending the correct data. The temp file which Tomcat created prior to passing the stream t

Re: Setting a Request Attribute from a custom Realm

On Fri, Apr 9, 2021 at 7:48 AM Tim K wrote: > As mentioned in that url, doing a pre-login of sorts before calling > HttpServletRequest.login() may be a workaround to accomplish this, but > then I would need to call my backend authentication service twice for > each login. > &g

Re: Setting a Request Attribute from a custom Realm

est.login() may be a workaround to accomplish this, but then I would need to call my backend authentication service twice for each login. -Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting a Request Attribute from a custom Realm

ris Would it be possible to implement a new feature to the existing realm API so it can accommodate messages passed back to the front end? For example, when using the LockoutRealm, is there from the front-end to alert the user that they are actually locked out? - Tim

Setting a Request Attribute from a custom Realm

I have a custom realm which I'm receiving custom messages back within the realm code and I want to display these messages on the login page, but I have no idea how this can be accomplished with a custom realm which is overriding the Principle authenticate method. Any help would be appreciated, Tom

Re: Tomcat 9.0.37 Clustered DeltaManager Duplicates Session And Loses Session Attributes

etHost(serverProperties.getProperty("tomcat-clusterAddress")); localMember.setDomain("publish-cluster"); localMember.setUniqueId(serverProperties.getProperty("tomcat-clusterMemberUniqueId")); interceptor.setLocalMember(localMember); } ...and it seems to be fine now. O

Re: Tomcat 9.0.37 Clustered DeltaManager Duplicates Session And Loses Session Attributes

n Fri, Oct 9, 2020 at 11:40 AM Tim N wrote: > > Can you show us how you configured this cluster please? > > Sure. > > Tomcat tomcat = new Tomcat(); > tomcat.setBaseDir(baseDir); > tomcat.getServer().setAddress("127.0.0.1"); > tomcat.getServer().setPort(shutDow

Re: Tomcat 9.0.37 Clustered DeltaManager Duplicates Session And Loses Session Attributes

clusterAddress=192.168.0.2 tomcat-clusterMemberUniqueId={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1} tomcat-clusterMemberCount=1 tomcat-clusterMemberAddress1=192.168.0.3 tomcat-clusterMemberUniqueId1={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2} This was initially converted from a server.xml configuration a year ago on Tomc

Tomcat 9.0.37 Clustered DeltaManager Duplicates Session And Loses Session Attributes

run:748, Thread (java.lang) Any help would be appreciated. I can replicate this every time and spend some time investigating this. Cheers, Tim

Re: Append content to OutputStream after RequestDispatcher#forward

Forward needed to be used due to this in the original email > I also tried using RequestDispatcher#include but I need to keep response > headers, added during the forward And include() is not allowed to set headers. -Tim On Tue, Sep 29, 2020 at 2:27 PM Christopher Schultz wrote: >

Re: Append content to OutputStream after RequestDispatcher#forward

, wrappedResponse); // Add code to loop over all headers set during forward() and set them on response now response.getWriter().append("prepend string"); response.getWriter().append(wrappedResponse.yourBuffer()); response.getWriter().append("postpend string"); // newly invented word

Re: hiding tomcat version from error pages

It should be ... http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve On Thu, Sep 17, 2020 at 10:40 AM Rathore, Rajendra wrote: > > Hi Tim, > > I am using tomcat 8.5.x, will that availabl

Re: hiding tomcat version from error pages

It should a tweak to the ErrorReportValve as documented here: (inside of server.xml) https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Error_Report_Valve You'll want to set showServerInfo and showReport to false -Tim On Thu, Sep 17, 2020 at 8:20 AM Rathore, Rajendra wrote: >

Re: Intermittent JSP Caching/Compiling Issue while under load

Was the fix for this added to 9.0.28 or 9.0.29 official releases? Thanks, Tim

Re: Intermittent JSP Caching/Compiling Issue while under load

On Thu, Nov 7, 2019, 1:58 PM Mark Thomas wrote: > On 07/11/2019 18:04, Mark Thomas wrote: > > On 07/11/2019 16:44, Mark Thomas wrote: > >> On 07/11/2019 14:14, Tim K wrote: > >> > >> > >>> I pulled the latest code from GitHub, I see the commit

Re: Intermittent JSP Caching/Compiling Issue while under load

On Thu, Nov 7, 2019, 6:40 AM Mark Thomas wrote: > On 06/11/2019 20:04, Mark Thomas wrote: > > I've found the root cause. > > > > When checking the timestamps of JSPs, the JSP engine (because it has to > > access all resources via the Servlet API) requests a URL for the JSP, > > opens a connection

  1   2   3   4   5   6   7   8   9   10   >