subject:"Re\: \[SECURITY\] CVE\-2021\-42340 Apache Tomcat DoS"

RE: [SECURITY] CVE-2021-42340 Apache Tomcat DoS [EXTERNAL]

2021-12-06 Thread Beard, Shawn

s H. H. Lampert Sent: Monday, December 6, 2021 1:29 PM To: Tomcat Users List Subject: Re: [SECURITY] CVE-2021-42340 Apache Tomcat DoS [EXTERNAL] ** CAUTION: External message On 10/14/21 7:12 AM, Mark Thomas wrote: > The fix for bug 63362 introduced a memory leak. The object introduced > to col

Re: [SECURITY] CVE-2021-42340 Apache Tomcat DoS

2021-12-06 Thread James H. H. Lampert

On 10/14/21 7:12 AM, Mark Thomas wrote: The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could le