The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M3.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 9.0.0.M3 is a milestone release o
Hi,
We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
on apache tomcat 8.0.27 while running on unix operating system. Below is
the system configuration:
OS Name: HP-UX
OS Version:B.11.31
Architecture: IA64N
Java Home:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrishikesh,
On 2/6/16 1:17 PM, Hrishikesh Gadre wrote:
> Thanks for the reply. Let me try this out. But do you think its a
> bug in Tomcat ?
No. There's nothing Tomcat can do about this, aside from allowing your
application to load /more/ classes on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chiranga,
On 2/7/16 2:27 AM, Chiranga Alwis wrote:
> I think OpenSAML seems to be using
> org.apache.xerces.jaxp.DocumentBuilderFactoryImpl. I am actually
> having this class within the lib folder of Tomcat.
Replacing XML parsers within applications
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrishikesh,
On 2/8/16 9:50 AM, Christopher Schultz wrote:
> Hrishikesh,
>
> On 2/6/16 1:17 PM, Hrishikesh Gadre wrote:
>> Thanks for the reply. Let me try this out. But do you think its
>> a bug in Tomcat ?
>
> No. There's nothing Tomcat can do abou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrishikesh,
On 2/8/16 9:50 AM, Christopher Schultz wrote:
> Hrishikesh,
>
> On 2/6/16 1:17 PM, Hrishikesh Gadre wrote:
>> Thanks for the reply. Let me try this out. But do you think its a
>> bug in Tomcat ?
>
> No. There's nothing Tomcat can do abou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yuval,
On 2/7/16 2:27 AM, Yuval Schwartz wrote:
> tomcat version: 8.0.22 java: jdk1.8.0_05 server: amazon linux ami
>
> This might be outside the scope of this forum. I have an ELB
> (Elastic Load Balancer) distributing load between two instances
> t
On 08/02/2016 14:49, dku...@ccilindia.co.in wrote:
> Hi,
>
> We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
That is a not a security vulnerability. It is a configuration choice.
> on apache tomcat 8.0.27 while running on unix operating system. Below is
> the system
Hello All - I'm running Tomcat 8.0.21 on Linux 64x and there is a recent issue
where clients making requests and declaring the header -
Transfer-Encoding:chunked, have their connections hang, with no obvious leads
in the logs.
I'm aware that up to version 8.0.9 there was a Tomcat vulnerability
Hello!
Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature.
In your web.xml
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
hstsEnabled
true
hstsMaxAgeSeconds
3153
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo,
On 2/8/16 10:17 AM, Theo Sweeny wrote:
> Hello All - I'm running Tomcat 8.0.21 on Linux 64x and there is a
> recent issue where clients making requests and declaring the header
> - Transfer-Encoding:chunked, have their connections hang, with no
Yuval,
On 2/8/16, 6:57 AM, "Christopher Schultz" wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Yuval,
>
>On 2/7/16 2:27 AM, Yuval Schwartz wrote:
>> tomcat version: 8.0.22 java: jdk1.8.0_05 server: amazon linux ami
>>
>> This might be outside the scope of this forum. I have an ELB
On Mon, Feb 8, 2016 at 6:53 PM, Peter Rifel wrote:
> Yuval,
>
>
>
> On 2/8/16, 6:57 AM, "Christopher Schultz"
> wrote:
>
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >Yuval,
> >
> >On 2/7/16 2:27 AM, Yuval Schwartz wrote:
> >> tomcat version: 8.0.22 java: jdk1.8.0_05 server: amazon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yasi,
On 2/1/16 8:17 PM, Yasi Xi (yxi) wrote:
> Hi, Dear Mark T and all
>
> Sorry to resend this mail. I don't quite understand Mark's comment
> on this problem.
>
> WHAT IS THE PROBLEM
>
> I'm doing Tomcat upgrade for my J2EE server. Whe
I have an application that sends binary websocket messages between a
class and the web application using a websocket server written in
java.
The data being sent from the java class is encoded in a binary buffer
with the bytes in ISO8859_1. However, when I receive the bytes on the
websocket server
On 08.02.2016 19:41, Jason Ricles wrote:
I have an application that sends binary websocket messages between a
class and the web application using a websocket server written in
java.
The data being sent from the java class is encoded in a binary buffer
with the bytes in ISO8859_1. However, when I
The message is built and sent in a javaclass connected to a websocket
server for the web application also written in java then the message
is passed to the webpage which uses javascript
On Mon, Feb 8, 2016 at 2:25 PM, André Warnier (tomcat) wrote:
> On 08.02.2016 19:41, Jason Ricles wrote:
>>
>>
Hi,
Recent changes to Tomcat altered the behavior of our applications a bit so I've
got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am
aware of which is also described in the changelog for 7.0.67.
I have a filter acts on application "/myapp" that does a redirect in t
On 08.02.2016 20:27, Jason Ricles wrote:
The message is built and sent in a javaclass connected to a websocket
server for the web application also written in java then the message
is passed to the webpage which uses javascript
1) on this list, do not "top post". See :
http://tomcat.apache.org/l
On 08/02/2016 18:41, Jason Ricles wrote:
> I have an application that sends binary websocket messages between a
> class and the web application using a websocket server written in
> java.
>
> The data being sent from the java class is encoded in a binary buffer
> with the bytes in ISO8859_1. Howev
In Tomcat 7.0.67 with no "useRelativeRedirects" set on the context (which
defaults it to "true"), I see
GET http://hostname/myapp?m=n&o=p
==> 302: "login?a=b&c=d"
Now, this is expected behavior given the fix for [1]
[1] http://bz.apache.org/bugzilla/show_bug.cgi?id=56917
I rer
Hi,
Recent changes to Tomcat altered the behavior of our applications a bit so I've
got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am
aware of which is also described in the changelog for 7.0.67.
I have a filter acts on application "/myapp" that does a redirect in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 2/8/16 3:43 PM, Mark Thomas wrote:
> On 08/02/2016 18:41, Jason Ricles wrote:
>> I have an application that sends binary websocket messages
>> between a class and the web application using a websocket server
>> written in java.
>>
>> The data
On 08.02.2016 23:31, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 2/8/16 3:43 PM, Mark Thomas wrote:
On 08/02/2016 18:41, Jason Ricles wrote:
I have an application that sends binary websocket messages
between a class and the web application using a websocke
On 08/02/2016 21:55, George Stanchev wrote:
>
>
> Hi,
>
> Recent changes to Tomcat altered the behavior of our applications a bit so
> I've got couple of questions. The versions in questions are 7.0.64 and
> 7.0.67. I am aware of which is also described in the changelog for 7.0.67.
There are
25 matches
Mail list logo
