Is there any way to allow servlets to auto-logout a user when the timeout
has been reached. Right now, I have tomcat configured for a 20 minute
session timeout. When the session times out, the user gets no notification
of this event. Is there any way to show the user that they have logged out?
Tha
So there is no way to provide this functionality using just servlets :(
On 11/14/05, Darryl L. Miles <[EMAIL PROTECTED]> wrote:
>
> Mark wrote:
>
> >Is there any way to allow servlets to auto-logout a user when the timeout
> >has been reached. Right now, I have tomcat
Check out the Web Tools Platform, as part of the Eclipse project. It does a
great job of getting a new servlet developer up and running.
On 11/22/05, Suresh Nair <[EMAIL PROTECTED]> wrote:
>
> You must have send this to me by mistake.
>
> Please delete me from your message list.
>
> Thank you.
>
Check out either PDFBox, it allows you to convert PDF pages into JPG.
On 11/23/05, Caldarale, Charles R <[EMAIL PROTECTED]> wrote:
>
> > From: Khawaja Shams [mailto:[EMAIL PROTECTED]
> > Subject: Displaying PDF's within a servlet
> >
> > However, starting Acrobat for this purpose
> > everytime co
I want to use the RemoteAddrValve and allow multiple hosts. What is the
syntax for doing this?
Thank you.
Hello,
Can somebody recommend the version for upgrade from tomcat 5.0.28
that will use java 1.4.2.
Thank you,
Mark.
__
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yaho
ets Encoding.
Can anybody confirm that resp.setContentType("text/html"); is not
nessesary
Thanks!
Mark.
--- "Frank W. Zammetti" <[EMAIL PROTECTED]> wrote:
> Mark, have a look here:
>
>
http://javawebparts.sourceforge.net/javadocs/javawebparts/filter/Cha
I would recommend placing Apache in front of Tomcat. You can also use
mod_security on Apache to further lock down your application. I have found
that if you want security, do not use Tomcat by itself. I never liked the
idea of placing keystore passwords in XML files. At least Apache prompts you
for
I would recommend placing Apache in front of Tomcat. You can also use
mod_security on Apache to further lock down your application. I have found
that if you want security, do not use Tomcat by itself. I never liked the
idea of placing keystore passwords in XML files. At least Apache prompts you
for
I would recommend placing Apache in front of Tomcat. You can also use
mod_security on Apache to further lock down your application. I have found
that if you want security, do not use Tomcat by itself. I never liked the
idea of placing keystore passwords in XML files. At least Apache prompts you
for
Is Apache part of your setup?
On 10/24/05, Daniel <[EMAIL PROTECTED]> wrote:
>
> If so, whats the magic to the certs and keystores?
> - Daniel
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
= null) wa = "blank";%>
<% out.print(wa); %>
But it doesn't work :( "blank" always get displayed, which means I'm
not getting the object from request in jsp.
I have Tomcat 5.5.20, Java 1.5.0_10 knoppix 2007-01 with 2.6.19
kernel
Can any body tell how
Oh, what a typo!
Thanks a lot!
Mark
--- Mikolaj Rydzewski <[EMAIL PROTECTED]> wrote:
> Mark wrote:
> > req.setAttribute("NP", target);
> > [...]
> > <% String wa = (String)request.getParameter("NP"); %>
> >
> They simpy do not matc
in catalina.log
Any hint what can wrong and where I should start looking for ?
Thanks,
Mark
Be a better sports nut! Let your teams follow you
with Yahoo Mobile. Try it now.
http://mobile.yahoo.com
CTED]> wrote:
> > From: Mark [mailto:[EMAIL PROTECTED]
> > Subject: 5.5.20 returns empty page
> >
> > I took the entire tomcat directory from another PC where it
> works.
> > Changed JAVA_HOME.
> >
> > OS: Fedora 8
> > Java: 1.5_14
&g
lower case directory
names) I even didn't 404 error.
So the questions now is: why I've got no error for non-existing
webapp?
Mark
--- "Caldarale, Charles R" <[EMAIL PROTECTED]> wrote:
> > From: Mark [mailto:[EMAIL PROTECTED]
> > Subject: RE: 5.5.20 returns e
that triggers the issue. The simpler the test
case the better but at this point I'd settle for anything that triggered
the issue in a reasonable time frame.
Mark
On 2024/10/04 10:00:03 Ahmed Ashour wrote:
> > How rare? Once in how many requests? Can you trigger this via
automa
t the heap usage to see where the memory is being used.
Most profilers should also be able to tell where the CPU time is being
spent.
Did you look at DAEMON-460? Does it apply to you?
Mark
Regards,
Sajid
On 10/9/2024 4:24 PM, Mark Thomas wrote:
Please send your reply to the users list so
ow use the XML but mask any
sensitive information like passwords)?
What do the logs show for that Connector when Tomcat starts?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mai
Eric,
My apologies. I dropped the ball on this one. I've just re-read the
thread to remind myself of the details. I'm aiming to get this fixed for
the November release round.
Mark
On 10/10/2024 10:10, Eric Robinson wrote:
Hi Mark,
Just following up on this. Did you arrive a
HTTP
header "Transfer-Encoding: chunked".
Applications do not have sufficient control over the bytes on the wire
to manually control chunked encoding.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat
arking the UpgradeProtocol configuration makes the team uses the application
server again.
Please let me know if anything to be done to help in this regard.
Does setting discardRequestsAndResponses="true" help at all?
Mark
Thank
On 04/10/2024 20:32, Anurag Sharma wrote:
HI Mark And Christopher,
Apologies for the late response,
Tomcat act as a reverse proxy to 3rd party legacy system. We have recently
upgraded Tomcat to use HTTP/2 protocol; this causes the legacy system not to
render and get an error message when
that can be disabled if it is an issue)
There is a small risk you find a JRE bug you didn't see with Oracle.
Overall, all of those risks are very small. I'd expect it to just work.
Mark
-
To unsubscribe, e-mail: user
run in the environment is
Apache Tomcat/9.0.85, is it compatible with the Deprecated Apache Tomcat data
connector on MS Sentinel, which was developed using Apache Tomcat version
10.0.4?
Another question for your MS Sentinel support channel.
Regards,
Mark
ffect request attributes being passed over AJP?
Compare the AJP Connector configuration between 10.1 and 11.0. I suspect
allowedRequestAttributesPattern is not set correctly for 11.0.
Mark
-
To unsubscribe, e-mail: users-uns
On 20/10/2024 15:45, Andreas Moroder wrote:
Hello Mark,
I made some more test, but it works only for a few clicks, then the
service stops. It's running on windows ( for reasons I dont'know and
can't change)
with semeru 17 I see this lines in the logs
I see a couple of problems
ed as a JAR or a WAR?
How are you running this as a Windows service? If you are using Apache
Commons Daemon (the default way to run Tomcat as a Windows service) then
this might be useful:
https://issues.apache.org/jira/projects/DAEMON/issues/DAEMON-460
at I do recommend is start with the security how-to in the Tomcat docs
and then ask any questions you have here.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
IllegalStateException: Error starting child
Caused by: java.lang.NoClassDefFoundError: javax/mail/Authenticator
any help would be appreciated please.
Could we see the full stack trace?
Have you included it in your web application? If so, where?
Mark
app
How do I fix this so env.lookup("") find my env-entry?
How do I get the path to the jsp file?
Thanks --Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On Wed, 23 Oct 2024 19:13:44 Mark Thomas wrote:
>
> On 23/10/2024 18:57, Mark Foley wrote:
> > I'm running Tomcat 8.5.11. I have a hopefully small problem.
>
> Tomcat 8.5.x is EOL and no longer supported.
>
> 8.5.11 is also rather old with quite a long list of know s
On 23/10/2024 18:57, Mark Foley wrote:
I'm running Tomcat 8.5.11. I have a hopefully small problem.
Tomcat 8.5.x is EOL and no longer supported.
8.5.11 is also rather old with quite a long list of know security issues.
I have a webapp directory: $CATALINA_HOME/webapps/myapp/. In
CVE-2024-46544 Apache mod_jk - Information Disclosure / DoS
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only)
Description:
Incorrect default permissions for the memory mapped file configured by
the JkShmFile dir
CVE-2024-38286 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M20
Apache Tomcat 10.1.0-M1 to 10.1.24
Apache Tomcat 9.0.13 to 9.0.89
Description:
Tomcat, under certain configurations on any platfo
on
- start instance
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
anner$TldScannerCallback.scan No TLD
files were found in ... tomcat-coyote-ffm.jar
Should the jar be added to the default exclude list within Tomcat?
It is as of 10.1.29.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.or
ually triggers multiple further errors. If you don't
fix the first error first you will waste a huge amount of time fixing
symptoms rather than the root cause.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apac
being released at the same time. The download
pages are per major but the docs are the latest release of each minor.
It looks slightly odd at the moment now you mention it but not enough
I'm motivated to go and fix it.
Do we want a single download page for all Tomcat versions?
On 24/09/2024 12:40, Thomas Meyer wrote:
Am 24. September 2024 10:44:46 MESZ schrieb Mark Thomas :
On 24/09/2024 08:59, Thomas Meyer wrote:
Hi,
We see sometimes elapsed time values with over 100 million milliseconds and
status code 500 in the Tomcat logs for HTTP/2.0 connections.
Is that
*.navigation.
Now I am using Java 17 and Tomcat 10.1 with version 5.0 of the web-app specs.
Is the above allowed with a URL redirection?
Yes.
I think the *.xyz might be the issue with HttpServletResponse sendRedirect .
> > Thoughts?
Unlikely related given the error you are seeing.
have a packetSize attribute? If yes,
you need to copy that across to 10.1
You can also check your work configuration on httpd for max_packet_size.
The two values have to agree.
Mark
I am getting this error in the tomcat app after sending a web request. It seems
like it is starting to load
re precise about what the problem is?
Mark
Here is out server.xml config. All request from our app is http2 protocol.
Thank you so much for your help.
Thanks and Regards,
Anu
codes unexpected as well?
If the 500s are expected (or at least explainable) it is possible the
elapsed time calculation isn't right for some error conditions.
Mark
I assume this is because of http2 multiplexing maybe?
Tomcat version is 10.1.30
Mfg
T
On 23/10/2024 23:13, Mark Foley wrote:
On Wed, 23 Oct 2024 19:13:44 Mark Thomas wrote:
That won't work. What will work is renaming:
$CATALINA_HOME/webapps/myapp
to
$CATALINA_HOME/webapps/myapp#subapp/
Mark
Hmmm ... what I was attempting was splitting many webapps into mul
On 11/10/2024 01:05, Eric Robinson wrote:
Mark,
Thanks very much for the update. We'll check back in November!
I've just committed the fix. It should be in the next set of releases
(November).
Mark
-Eric
-Original Message-----
From: Mark Thomas
Sent: Thursday, October
nformation to provide useful advice including:
- which protocol are you using to reverse proxy from httpd to Tomcat
- httpd configuration for the reverse proxy
- Tomcat Connector configuration for whichever port(s) httpd is passing
request
CVE-2024-52316 Apache Tomcat - Authentication Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M26
Apache Tomcat 10.1.0-M1 to 10.1.30
Apache Tomcat 9.0.0-M1 to 9.0.95
Description:
If Tomcat was configured to use a custom Jakarta A
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M23 to 11.0.0-M26
Apache Tomcat 10.1.7 to 10.1.30
Apache Tomcat 9.0.92 to 9.0.95
Description:
Incorrect recycling of the request and
element.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
CVE-2024-52318 Apache Tomcat - XSS in generated JSPs
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0
Apache Tomcat 10.1.31
Apache Tomcat 9.0.96
Description:
The fix for improvement 69333 [0] caused pooled JSP tags not to be
released after use
Only if you are using Tomcat's HTTP/2 implementation in any of the
affected versions is this vulnerability applicable.
Mark
On 18/11/2024 11:59, Rathore, Rajendra wrote:
Hi Mark/All,
As we are using Apache Http server with Ajp proxy with tomcat. We are also
using Apache Http server
Note: Correction to 10.1.x affected versions
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M23 to 11.0.0-M26
Apache Tomcat 10.1.27 to 10.1.30
Apache Tomcat 9.0.92 to 9.0.95
Descr
This has been fixed (by Rémy) for the August release round.
Mark
On 27/07/2023 01:41, Fong Mason wrote:
Hi Chris,
寄件者: Christopher Schultz
寄件日期: 2023年7月27日 0:35
收件者: users@tomcat.apache.org
主旨: Re: Persist function in host manager working in 9.0.60 but not
_context != null)
_jspx_page_context.handlePageException(t);
else throw new ServletException(t);
}
you can see it is missing lot of HTML code in the JSP to Java compilation.
Any idea why it is happening. It is generating fine in another machine.
If you delete the generated java code so Tomc
On 03/08/2023 16:53, Amit Pande wrote:
What am I missing in the logger configuration? Do we have to have the console
handler configured?
Is CATALINA_HOME set correctly?
Do you see any log file at all in the expected location?
Mark
uest,response);
HTH,
Mark
On 11/08/2023 08:52, Andy Pont wrote:
Hello!
We have a commercial application that runs under Tomcat 8.5.65 (on
Windows Server 2019). In the tomcat/webapps directory there are the
following three directories (names changed):
backend
frontend
ROOT
The “frontend” di
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M10 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.12.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificati
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.92.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.92 is a bugfix and fea
.
I would appreciate your help.
Look at the request. Despite the curl command using an IP address, the
actual request does not contain a host in the request line hence there is
no mismatch.
Mark
curl - -k "https://*10.40.43.26*/login?sessionExpire=true"; -H
'*Host:
t appears in?
It would also be helpful to confirm if the issue is still present in
10.1.12.
Is this something already tracked?
Not that I am aware of.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 20/08/2023 05:21, Mark Thomas wrote:
On 18/08/2023 11:28, Rubén Pérez wrote:
I started experiencing exactly the same issue when updating from Spring
6.0.7 to 6.0.9, therefore updating tomcat from 10.1.5 to 10.1.8. The
Memory
leak is very clearly visible in my monitoring tools. A
Tomcat doesn't expose the SNI information.
What problem are you trying to solve here?
Tomcat rejects requests with mis-matched host headers by default and can
be configured to allow them in 8.5.x, 9.0.x and 10.1.x. You shouldn't
need to write any extra code for this.
Mark
On 21/
On 22/08/2023 11:53, Jason Guild wrote:
Hi All:
I have a web application MYAPP which embeds its logging configuration in
WEB-INF/classes/logging.properties.
I'd like to see more detailed logging when running the application
inside my IDE without making any temporary changes to this file.
The
https://tomcat.apache.org/tomcat-11.0-doc/config/http.html
Search for useVirtualThreads
The same option exists in the latest 8.5.x, 9.0.x and 10.1.x releases.
You need to be using Java 21 to use virtual threads.
Mark
On 22/08/2023 14:14, William Crowell wrote:
Hi,
To use virtual threads
ng JSSE support for most of that.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 23/08/2023 10:07, William Crowell wrote:
Mark,
Thanks for your reply. Just to clarify…this is all I need in Tomcat 11’s
server.xml (as well as JDK21):
…
Correct.
Mark
-
To unsubscribe, e-mail: users-unsubscr
On 23/08/2023 14:20, John Jiang wrote:
Hi Mark,
Thanks for your reply!
On Thu, Aug 24, 2023 at 12:15 AM Mark Thomas wrote:
On 23/08/2023 00:44, John Jiang wrote:
Hi,
I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19.
My project needs a custom javax.net.ssl.SSLContext implement
version numbers hadn't been updated. Should be fixed now.
Mark
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urba
glibs/standard/tag/common/fmt/SetLocaleSupport.java#L138
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M11 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.13.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificati
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.80.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.80 is a bugfix and fea
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.93.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.93 is a bugfix and fea
CVE-2023-41080 Apache Tomcat - Open redirect
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M10
Apache Tomcat 10.1.0-M1 to 10.1.12
Apache Tomcat 9.0.0-M1 to 9.0.79
Apache Tomcat 8.5.0 to 8.5.92
Description:
If the ROOT (default) w
28 Aug 2023 17:11:20 Amit Pande :
Mark,
Just checking - Did this issue get discussed in any of the core
members' meeting?
There are no such meetings. Discussion happens on the mailing lists.
Mark
Thanks,
Amit
-Original Message-
From: Amit Pande
Sent: Monday, July 31, 2
e can try and re-create the issue.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
x27;t updated for long. Perhaps add comments/ask the folks on user list to vote?
That is more likely to irritate folks rather than encourage them to help
you progress your patch.
Mark
Thanks,
Amit
-Original Message-
From: Mark Thomas
Sent: Monday, August 28, 2023 11:20 AM
To: Tomcat
On 29/08/2023 08:00, Bhavesh Mistry wrote:
Hi Mark,
I am sorry for delayed response.
Basically, when request url does not match host header then I would reject
it. For example,
curl - -k "https://www.mydomain.com/login"; -H 'Host:
attackerHostHeaderInjection.com'
W
r-tracker
file should also create at least one log message.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 29/08/2023 21:51, Bhavesh Mistry wrote:
Hi Mark,
curl - -k "https://www.mydomain.com/login"; -H 'Host:
attackerHostHeaderInjection.com'
*Why? What problem are you trying to solve?*
Host Header injection is a vulnerability that needs to be addressed., I am
trying
rsion that depends on Jakarta
EE. If no such update is available, the Tomcat migration tool for
Jakarta EE may help.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mai
thout editing the JAR contents. In short, you can simply
override the individual file by placing at the right place in the file
system:
$CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties
HTH,
Mark
On 05/09/2023 14:54, Robert Turner wrote:
Thanks Peter. Just to be clear that I
I think you have summed things up pretty well. I don't see a way with
the current API to specify multiple virtual thread schedulers (which is
what I think you would need to address this).
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 04/09/2023 15:41, Jonathan S. Fisher wrote:
Mark thank you again for your leadership and setting expectations. I'm
going to commit to working on this with anyone else that wants to help with
the goal of a patch by year end. I want to nail the patch with minimal
rework that meets T
On 05/09/2023 22:02, Christopher Schultz wrote:
Mark,
On 9/5/23 15:55, Mark Thomas wrote:
On 05/09/2023 20:38, Christopher Schultz wrote:
All,
I have some questions about Virtual Threads and their use within
Tomcat. Note that only Tomcat 11 currently has support for Virtual
Threads when
ct maps CVEs to Tomcat versions. We do not break it down
to the component level. You need to raise this with whichever entity is
mapping the Tomcat CVEs to specific components rather than all
components for that version. It looks like dependency track should be
you first point of call.
Mark
I&#x
On 06/09/2023 21:24, Christopher Schultz wrote:
On 9/6/23 03:29, Mark Thomas wrote:
On 05/09/2023 22:02, Christopher Schultz wrote:
Thanks for the correction. I just did a quick docs[1] search for
"virtual" in Tomcat 10.x for example and I didn't see
useVirtualThreads,
On 07/09/2023 15:41, Christopher Schultz wrote:
On 9/6/23 16:29, Mark Thomas wrote:
There isn't
much point using an executor with virtual threads.
Okay then perche
https://tomcat.apache.org/tomcat-11.0-doc/config/executor.html#Virtual_Thread_Implementation ?
That is the int
configured your JSP(s) to use this alternative base class?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
The Apache Tomcat Connectors project is part of the Tomcat project and
provides web server plugins for httpd (mod_jk) and IIS (ISAPI) to
connect those web servers with Tomcat and other backends.
The Apache Tomcat Project is proud to announce the release of version
1.2.49 of the Apache Tomcat Co
CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat Connectors mod_jk Connector 1.2.0 to 1.2.48
Description:
In some circumstances, such as when a configuration included
"JkOptions
.java
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
ers
org.apache.catalina.connector.ClientAbortException:
Not a Tomcat issue. The client is dropping the connection.
Mark
java.net.SocketTimeoutException
at
org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:318)
at
org.apache.catalina.connector.InputBuffer.checkByteBuffer
the next release.
I can recall one such instance in recent years.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
IS supported. So try using "PKCS12" which I
think is the default.
Default for all keystore types is JKS.
As Chris says, "pkcs12" should work.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
enSSL implementation won't be available for TLS.
Only JSSE will be available. If you don't want/need to use OpenSSL then
you can ignore this informational message. If you want to stop the
message appearing, removing (or comment out) the AprLifecycleListener in
server.xml
Mark
rks
with Tomcat 9 before you tried deploying it on Tomcat 10?
I suspect you need to use the EE profile rather than the Tomcat profile.
Mark
*XMLNS:*
*sub-jaxws.xml:* http://java.sun.com/xml/ns/jax-ws/ri/runtime";>
*web.xml:* http://xmlns.jcp.org/xml/ns/javaee"
loyed(String name)
to find out whether a webapp has been deployed or not.
If you are going the bespoke route, I'd suggest a health check / status
endpoint for each app and call them in turn. It could easily be a
standard component you deploy as part of each applicati
1 - 100 of 10504 matches
Mail list logo
