Invoke methods in EL?

Environment: Tomcat 7.0.59; JRE 1.8.0_72 I suspect the answer to my problem is "You can't do that" but here goes: A simple JSP that tries to get a Calendar instance and outputs the year: <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib p

[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure

CVE-2017-5651 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M18 Apache Tomcat 8.5.0 to 8.5.12 Apache Tomcat 8.0.x and earlier are not affected Description: The refactoring of the HTTP connectors

[SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure

CVE-2017-5647 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M18 Apache Tomcat 8.5.0 to 8.5.12 Apache Tomcat 8.0.0.RC1 to 8.0.42 Apache Tomcat 7.0.0 to 7.0.76 Apache Tomcat 6.0.0 to 6.0.52 Descri

[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service

CVE-2017-5650 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M18 Apache Tomcat 8.5.0 to 8.5.12 Apache Tomcat 8.0.x and earlier are not affected Description The handling of an HTTP/2 GOAWAY frame for a

[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure

CVE-2017-5648 Apache Tomcat Information Disclosure Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M17 Apache Tomcat 8.5.0 to 8.5.11 Apache Tomcat 8.0.0.RC1 to 8.0.41 Apache Tomcat 7.0.0 to 7.0.75 Apache Tomcat 6.0.x is not affected Descri

Using Log4J2 2.8 (via the 1.2 API Bridge) for Tomcat8 Internal Logging - RollingFileAppender does not (cannot?) create new Log File

Hi, I’m using Log4J2 (2.8) via the 1.2 API Bridge for Tomcat 8 internal logging. I followed the instructions here: https://tomcat.apache.org/tomcat-8.0-doc/logging.html#Using_Log4j - With the exception that I also copied the Br

Re: [SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure

Hi, Am 10.04.2017 um 21:14 schrieb Mark Thomas: > CVE-2017-5647 Apache Tomcat Information Disclosure > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomcat 9.0.0.M1 to 9.0.0.M18 > Apache Tomcat 8.5.0 to 8.5.12 > Apache Tomcat 8.0.0.RC1 to 8.0.4

Re: [SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure

On 10/04/17 20:41, Stefan Mayr wrote: > Hi, > > Am 10.04.2017 um 21:14 schrieb Mark Thomas: >> CVE-2017-5647 Apache Tomcat Information Disclosure >> >> Severity: Important >> >> Vendor: The Apache Software Foundation >> >> Versions Affected: >> Apache Tomcat 9.0.0.M1 to 9.0.0.M18 >> Apache Tomcat

Re: Invoke methods in EL?

On 10/04/17 16:35, Tim Watts wrote: > Environment: Tomcat 7.0.59; JRE 1.8.0_72 > > I suspect the answer to my problem is "You can't do that" but here goes: > > A simple JSP that tries to get a Calendar instance and outputs the year: > > <%@ page language="java" > contentType="text/html; >

Re: Invoke methods in EL?

Thanks Mark. That does help. On Mon, 2017-04-10 at 23:24 +0100, Mark Thomas wrote: > On 10/04/17 16:35, Tim Watts wrote: > > Environment: Tomcat 7.0.59; JRE 1.8.0_72 > > > > I suspect the answer to my problem is "You can't do that" but here goes: > > > > A simple JSP that tries to get a Calenda