Hi,
Mamy thanks for your email.
On Fri, May 2, 2025 at 1:42 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Ernesto,
>
> On 5/1/25 8:51 PM, Ernesto Reinaldo Barreiro wrote:
> > We have an Apache Wicket application that I just ported to wicket 10. The
> > application works as expe
Ernesto,
On 5/1/25 8:51 PM, Ernesto Reinaldo Barreiro wrote:
We have an Apache Wicket application that I just ported to wicket 10. The
application works as expected with the latest Tomcat 10.1.40. But our
application does not work with Tomcat 11.0.6 because file upload (multipart
processing is b
process/captureandconfirm.vpp
>
>
>
> This part we have. Using annotations.
>
>
>
>
> Rick Noel
> Systems Programmer | Westwood One
> rn...@westwoodone.com
>
> -----Original Message-
> From: Ernesto Reinaldo Barreiro
> Sent: Thursday, May 1,
uploadfile
/record/process/captureandconfirm.vpp
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Ernesto Reinaldo Barreiro
Sent: Thursday, May 1, 2025 8:51 PM
To: users@tomcat.apache.org
Subject: [EXT]multipart and Apache Tomcat 11
Hi,
We have an Apache Wicket application that I just ported to wicket 10. The
application works as expected with the latest Tomcat 10.1.40. But our
application does not work with Tomcat 11.0.6 because file upload (multipart
processing is broken).
Apache wicket 10.x uses fileupload2.jakarta.servle
gards,
William Crowell
From: Christopher Schultz
Date: Tuesday, April 29, 2025 at 10:32 AM
To: Tomcat Users List , William Crowell
Subject: Re: When was the first stable GA release of Apache Tomcat 11.0.x?
William,
On 4/29/25 7:04 AM, William Crowell wrote:
Just for my clarification: When wa
Chris,
Beautiful answer and exactly what I was looking for. Thank you.
Regards,
William Crowell
From: Christopher Schultz
Date: Tuesday, April 29, 2025 at 10:32 AM
To: Tomcat Users List , William Crowell
Subject: Re: When was the first stable GA release of Apache Tomcat 11.0.x?
William
William,
On 4/29/25 7:04 AM, William Crowell wrote:
Just for my clarification: When was the first stable GA release of
Apache Tomcat 11.0.x?
I believe it was October 9th, 2024, but I did see the Jakarta EE
Platform Web Profile 11 was released on March 30th, 2025:
https://projects.eclipse.org
Good morning,
Just for my clarification: When was the first stable GA release of Apache
Tomcat 11.0.x?
I believe it was October 9th, 2024, but I did see the Jakarta EE Platform Web
Profile 11 was released on March 30th, 2025:
https://projects.eclipse.org/projects/ee4j.jakartaee-platform
31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.5
Apache Tomcat 10.1.10 to 10.1.39
Apache Tomcat 9.0.76 to 9.0.102
Description:
Incorrect error handling for some invalid
Hi,
I have looked at the commits and all have in changes http2. Is this an
issue in case we don't use http2?
Thank you.
Regards,
Zdenek Henek
On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote:
> CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
>
>
CVE-2025-31651 Apache Tomcat - Rewrite rule bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.5
Apache Tomcat 10.1.0-M1 to 10.1.39
Apache Tomcat 9.0.0.M1 to 9.0.102
Description:
For a subset of unlikely rewrite rule configurations
CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.5
Apache Tomcat 10.1.10 to 10.1.39
Apache Tomcat 9.0.76 to 9.0.102
Description:
Incorrect error handling for some
Rémy,
On 4/17/25 11:47 AM, Rémy Maucherat wrote:
On Thu, Apr 17, 2025 at 5:16 PM William Crowell
wrote:
Hi,
A few questions on the future direction of the project.
It seems like Project Panama is still in preview mode as of JDK 24. Is that
correct?
No, it's a stable regular part of Java
Mark and Rémy,
Thank you for your replies. I think it would be better for now if HTTP/3 is
required is to front Tomcat with NGINX as a reverse proxy.
Regards,
William Crowell
From: Mark Thomas
Date: Thursday, April 17, 2025 at 1:30 PM
To: users@tomcat.apache.org
Subject: Re: Apache Tomcat
ide I
would at least be interested.
What are the plans for the next major release of Tomcat?
Work is already underway on Tomcat 12. The plan is to start milestone
releases when there are enough 12.0.x specific features to make releases
worthwhile.
Current changelog is here:
https://github.co
On Thu, Apr 17, 2025 at 5:16 PM William Crowell
wrote:
>
> Hi,
>
> A few questions on the future direction of the project.
>
> It seems like Project Panama is still in preview mode as of JDK 24. Is that
> correct?
No, it's a stable regular part of Java since Java 22. Availability of
the API wil
Hi,
A few questions on the future direction of the project.
It seems like Project Panama is still in preview mode as of JDK 24. Is that
correct?
Is there any update on QUIC transport protocol over HTTP/3 support in Tomcat 11?
Does it have anything to do with JEP draft 8291976?
https://openjd
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.104.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.104 is a bugfix and
Hi,
Is there any current up-to-date documentation on how to setup Apache Tomcat 9
with SAML and Active Directory that is not AI generated?
I know you can do Keycloak IdP with Tomcat, but I was trying to avoid setting
up an identity provider.
I am finding links, but I think there is some
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.102.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.102 is a bugfix and
omcat Developers List ; Tomcat Users List
; annou...@tomcat.apache.org ;
annou...@apache.org
Subject: [ANN] Apache Tomcat 10.1.36 Available
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is
And the release status in the header. (Sorry for spam.)
From: Amit Pande
Sent: Wednesday, February 19, 2025 8:55 AM
To: Tomcat Users List
Subject: Re: [ANN] Apache Tomcat 10.1.36 Available
CAUTION: This email originated from outside the organization. Do not
; Tomcat Users List
; annou...@tomcat.apache.org
; annou...@apache.org
Subject: [ANN] Apache Tomcat 10.1.36 Available
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe. If you believe
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.36.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.100.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.100 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.4.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.3.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.99.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.99 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.35.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.9
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artifacts from Java EE 8 to Jakarta EE 9
On Thu, Dec 26, 2024 at 2:56 PM Luqman C
wrote:
>
> Dear Apache Tomcat Team,
> I am writing to verify if my client environment is affected by the
> CVE-2024-56337 vulnerability in Apache Tomcat, related to remote code
> execution (RCE) via a write-enabled default servlet, whi
Dear Apache Tomcat Team,
I am writing to verify if my client environment is affected by the
CVE-2024-56337 vulnerability in Apache Tomcat, related to remote code execution
(RCE) via a write-enabled default servlet, which also impacts mitigation for
CVE-2024-50379. Below are the details of the
CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet -
CVE-2024-50379 mitigation was incomplete
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
I truly appreciate your swift response, Mark. Thank you so much!
On Thu, Dec 19, 2024 at 4:23 PM Mark Thomas wrote:
> On 19/12/2024 10:49, Thiru wrote:
> > Hello There,
> >
> > Good day!
> >
> > Could you kindly help clarify the following regarding CVE-2024-50379?
> >
> > In the default Tomcat
On 19/12/2024 10:49, Thiru wrote:
Hello There,
Good day!
Could you kindly help clarify the following regarding CVE-2024-50379?
In the default Tomcat setup, the readonly initialization parameter of the
DefaultServlet is not write-enabled, even for a case-insensitive file
system (Reference: http
Hello There,
Good day!
Could you kindly help clarify the following regarding CVE-2024-50379?
In the default Tomcat setup, the readonly initialization parameter of the
DefaultServlet is not write-enabled, even for a case-insensitive file
system (Reference: https://tomcat.apache.org/tomcat-9.0-doc
CVE-2024-54677 Apache Tomcat - DoS in examples web application
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
Description:
Numerous examples in the examples web
CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
Description:
If the default servlet is write
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.34.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.34.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.98.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.98 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.2.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
asses just in
more JARs.
If you have an example where you see JPMS errors when using the standard
Tomcat JARs then please provide sufficient details for use to recreate
the issue so we can investigate.
Mark
On 07/12/2024 20:37, Erik Meuwese wrote:
Apache Tomcat copies classes of the Jakar
Apache Tomcat copies classes of the Jakarta EE API's into the Tomcat
module. The package jakarta
https://github.com/apache/tomcat/tree/main/java/jakarta should be removed
from the Tomcat module or renamed. And the Jakarta EE API's should be
included as dependencies.
Copying the source
hanks and Regards,
Rajendra Rathore
9922701491
-Original Message-
From: Mark Thomas
Sent: Monday, November 18, 2024 4:48 PM
To: Tomcat Users List
Cc: annou...@apache.org; annou...@tomcat.apache.org; Tomcat Developers List
Subject: [SECURITY] CVE-2024-52317 Apache Tomcat - Request a
CVE-2024-52318 Apache Tomcat - XSS in generated JSPs
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0
Apache Tomcat 10.1.31
Apache Tomcat 9.0.96
Description:
The fix for improvement 69333 [0] caused pooled JSP tags not to be
released after
; annou...@tomcat.apache.org; Tomcat Developers List
Subject: [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response
mix-up
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0
Note: Correction to 10.1.x affected versions
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M23 to 11.0.0-M26
Apache Tomcat 10.1.27 to 10.1.30
Apache Tomcat 9.0.92 to 9.0.95
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M23 to 11.0.0-M26
Apache Tomcat 10.1.7 to 10.1.30
Apache Tomcat 9.0.92 to 9.0.95
Description:
Incorrect recycling of the request and
CVE-2024-52316 Apache Tomcat - Authentication Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M26
Apache Tomcat 10.1.0-M1 to 10.1.30
Apache Tomcat 9.0.0-M1 to 9.0.95
Description:
If Tomcat was configured to use a custom Jakarta
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.33.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.97.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.97 is a bugfix and
вс, 3 нояб. 2024 г. в 03:46, Frankowski, Adam :
>
> Hi,
>
>
>
> We have noticed an issue that occurred when we attempted to upgrade to Apache
> Tomcat 9.0.96. We found that the standard taglib did not properly
> escape XML strings anymore. This can lead to c
Hi,
We have noticed an issue that occurred when we attempted to upgrade to Apache
Tomcat 9.0.96. We found that the standard taglib did not properly
escape XML strings anymore. This can lead to cross-site scripting (XSS)
attacks if user input is not properly escaped.
Has anybody else
On 18/10/2024 09:55, Kele Masemola wrote:
Good day,
We are trying to integrate Tomcat Apache with Sentinel, so we just wanted to
get some clarity on a few things. We installed Apache Tomcat data connector on
Sentinel. It seems the Apache servers in our environment are running on Windows
Good day,
We are trying to integrate Tomcat Apache with Sentinel, so we just wanted to
get some clarity on a few things. We installed Apache Tomcat data connector on
Sentinel. It seems the Apache servers in our environment are running on Windows
machines, so when we download and install the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.96.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.96 is a bugfix and
CVE-2024-38286 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M20
Apache Tomcat 10.1.0-M1 to 10.1.24
Apache Tomcat 9.0.13 to 9.0.89
Description:
Tomcat, under certain configurations on any
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.95.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.95 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M26 (beta).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
ol element for HTTP/2.
We currently expect to provide releases with a fix for this regression
next week.
For more information, see the associated bug report:
https://bz.apache.org/bugzilla/show_bug.cgi?id=69320
- The Apache T
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.94.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.94 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M25 (beta).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
ed and not responding.
I also had a typo below about "TLS session tokens". I meant to say "TLS session
tickets".
-Original Message-
From: Tim Zielke
Sent: Thursday, September 5, 2024 3:42 PM
To: Tomcat Users List
Subject: RE: Web browser clocking issue at Apache
and it tries to start another TLS connection.
[13132:2960:0904/130325.068:ERROR:ssl_client_socket_impl.cc(882)] handshake
failed; returned -1, SSL error code 1, net_error -101
The web browser then never does actually get a ClientHello over to the Apache
Tomcat server, as it is stuck in hitting
Am 30. August 2024 16:20:24 MESZ schrieb Mark Thomas :
>On 30/08/2024 15:15, Kenan, John wrote:
>> Apache Tomcat Security Team:
Hi,
>> Please advise when an update to Apache Tomcat will be released that
>> addresses the following Curl and libcurl security vulnerabiliti
On 30/08/2024 15:15, Kenan, John wrote:
Apache Tomcat Security Team:
Please advise when an update to Apache Tomcat will be released that addresses
the following Curl and libcurl security vulnerabilities:
What makes you think Tomcat has a dependency on Curl and/or libcurl?
Mark
Critical
John,
On 8/30/24 10:15, Kenan, John wrote:
Please advise when an update to Apache Tomcat will be released that
addresses the following Curl and libcurl security vulnerabilities:
Critical:
CVE-2023-38545
High:
CVE-2024-7264
Medium:
CVE-2023-46218
CVE-2023-46219
CVE-2024-0853
Low:
CVE-2023
Apache Tomcat Security Team:
Please advise when an update to Apache Tomcat will be released that addresses
the following Curl and libcurl security vulnerabilities:
Critical:
CVE-2023-38545
High:
CVE-2024-7264
Medium:
CVE-2023-46218
CVE-2023-46219
CVE-2024-0853
Low:
CVE-2023-38546
Thank you
configured one?
-chris
-Original Message-
From: Mark Thomas
Sent: Thursday, August 15, 2024 9:35 AM
To: users@tomcat.apache.org
Subject: Re: Web browser clocking issue at Apache Tomcat 10.1.20 on Linux
[You don't often get email from ma...@apache.org. Learn why this is important
at
: users@tomcat.apache.org
Subject: Re: Web browser clocking issue at Apache Tomcat 10.1.20 on Linux
[You don't often get email from ma...@apache.org. Learn why this is important
at https://aka.ms/LearnAboutSenderIdentification ]
[External]
On 15/08/2024 14:36, Tim Zielke wrote:
> web
On 15/08/2024 14:36, Tim Zielke wrote:
web browser clocking issues
Can you clarify what you mean by this please.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
Hello,
Even though the application mentioned below is a Spring Boot 3 application, I
am looking for Apache Tomcat help here as my question involves understanding
trace records from the org.apache.tomcat.util.net.NioEndpoint class.
I have a Spring Boot 3 application using Apache Tomcat 10.1.20
The Apache Tomcat Connectors project is part of the Tomcat project and
provides web server plugins for httpd (mod_jk) and IIS (ISAPI) to
connect those web servers with Tomcat and other backends.
The Apache Tomcat Project is proud to announce the release of version
1.2.50 of the Apache Tomcat
On 09.08.24 09:13, Sagar Palle wrote:
Hi
I am not able to find the setenv.bat in this location C:\tomcat-9.0.84\bin).
Simply create it.
It's not there by default, so it won't be overwritten with your next update.
If it's there, it's included in the startup process, and you can set
environme
Hi
I am not able to find the setenv.bat in this location C:\tomcat-9.0.84\bin).
Regards,
Sagar Palle.
From: Christopher Schultz
Sent: Thursday, August 8, 2024 7:20 PM
To: users@tomcat.apache.org
Subject: Re: Apache Tomcat Memory Allocation
CAUTION: External
things, but off-heap memory for other things.
I've seen JVM processes that use ~50% non-heap memory. Those are extreme
cases, but it does happen.
*OS Details:*
This mailing lists drops images. Use plain text.
Can you please suggest where we need to configure the memory for the
Apache
.
"Maximum Java Heap Space" < "Maximum Memory used by Java Process"
*OS Details:*
This mailing lists drops images. Use plain text.
Can you please suggest where we need to configure the memory for the
Apache tomcat service.
You should not edit catalina.bat
suggest where we need to configure the memory for the Apache
tomcat service.
Regards,
Sagar Palle.
[Aspire Systems]
This e-mail message and any attachments are for the sole use of the intended
recipient(s) and may contain proprietary, confidential, trade secret or
privileged information. Any
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M24 (beta).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.93.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.93 is a bugfix and
Chuck,
On 8/3/24 12:17, Chuck Caldarale wrote:
On Aug 3, 2024, at 06:28, MOHAMMED Bahauddin N
wrote:
I have a request related to the Keystore password in Apache
Tomcat's 'server.xml' file. Currently, the password under the
Connector port is displayed in plain text,
Displayed to whom?
w
> On Aug 3, 2024, at 06:28, MOHAMMED Bahauddin N
> wrote:
>
> I have a request related to the Keystore password in Apache Tomcat's
> 'server.xml' file. Currently, the password under the Connector port is
> displayed in plain text,
Displayed to whom?
> which is a security concern.
No, it
Behauddin,
please describe what exactly you're not understanding.
Sebastian
On 03.08.2024 13:28, MOHAMMED Bahauddin N wrote:
Hello Wisers,
Hope you are doing well.
I have a request related to the Keystore password in Apache Tomcat's
'server.xml' file. Currently, the password under the Conne
Hello Wisers,
Hope you are doing well.
I have a request related to the Keystore password in Apache Tomcat's
'server.xml' file. Currently, the password under the Connector port is
displayed in plain text, which is a security concern. I am looking to encrypt
it through configuration (not through
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.8 stable.
The key features of this release are:
- Fix a crash on Windows when SSLContext.setCACertificate() is invoked
with a null value for caCertificateFile and a non-null value for
caCertificatePath
om>>
> > Sent: Tuesday, July 9, 2024 12:31 AM
> > To: Tomcat Users List > <mailto:users@tomcat.apache.org>>
> > Subject: Re: Apache Tomcat Default Files - TEN-12085
> >
> > [External Email]
> >
> >
> > > On Jul 8, 2024, at 13:56, Pram
remote Apache Tomcat server.
These files should be removed as they may help an attacker uncover
information about the remote Tomcat install or host itself.
Vulnerability Threat
The remote web server contains default files.
Vulnerability Remediation notes
Delete the default index page and
ck
> From: Chuck Caldarale mailto:n82...@gmail.com>>
> Sent: Tuesday, July 9, 2024 12:31 AM
> To: Tomcat Users List <mailto:users@tomcat.apache.org>>
> Subject: Re: Apache Tomcat Default Files - TEN-12085
>
> [External Email]
>
>
> > On Jul 8, 2024,
Hi Chuck,
We are using tomcat version 9.87 can you guide on the same.
Thanks & Regards,
Pramod Kumar Adhi
From: Chuck Caldarale
Sent: Tuesday, July 9, 2024 12:31 AM
To: Tomcat Users List
Subject: Re: Apache Tomcat Default Files - TEN-12085
[External Email]
> On Jul 8, 2024, at 13:56,
and/or example
> servlets are installed on the remote Apache Tomcat server. These files should
> be removed as they may help an attacker uncover information about the remote
> Tomcat install or host itself.
>
> Vulnerability Threat
> The remote web server contains default files.
result in a potential disclosure of sensitive information about the
server to attackers.
Vulnerability Summary
The default error page, default index page, example JSPs and/or example
servlets are installed on the remote Apache Tomcat server. These files should
be removed as they may help an
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.91.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.91 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M22 (beta).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2024-34750 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M20
Apache Tomcat 10.1.0-M1 to 10.1.24
Apache Tomcat 9.0.0-M1 to 9.0.89
Description:
When processing an HTTP/2 stream, Tomcat did
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.90.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.90 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M21 (beta).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
Hi Kele,
On 29.05.24 13:53, Kele Masemola wrote:
Good day ,
We are trying to integrate Apache Tomcat with Azure Sentinel, we realized that
the agent that needs to be installed on our Apache Tomcat machines will be
deprecated in August 2024 and as such we would like to find out if there is
Good day ,
We are trying to integrate Apache Tomcat with Azure Sentinel, we realized that
the agent that needs to be installed on our Apache Tomcat machines will be
deprecated in August 2024 and as such we would like to find out if there is
another agent that will be provided to Microsoft as
1 - 100 of 1046 matches
Mail list logo
