The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.6 stable.
The key features of this release are:
- Disable OCSP if the insecure optionalNoCA certificate verification
option is used
- The binaries for Windows in this release have been built with OpenSSL
nge / remove the HTTP header
Sec-WebSocket-Extensions
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
to me.
Eclipse is expecting an instance of Tomcat 10.0.x.
You are trying to use it with an instance of Tomcat 10.1.x.
This would be an issue for the Eclipse plugin you are using to either
provide support for 10.1.x or provide a workaround so you can use Tomcat
10.1.x.
Mark
On Mon, 2 Oct 2023, 5:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.39 stable.
The key features of this release are:
- Disable OCSP if the insecure optionalNoCA certificate verification
option is used
- The binaries for Windows in this release have been built with OpenSSL
can search for that file) you could
try removing the AJP Connector element from that file. If Ofbiz is using
embedded Tomcat then you'll definitely need to ask the Ofbiz folks.
Mark
-
To unsubscribe, e-mail:
rsion.
Mark
On 03/10/2023 06:27, Deepak Lalchandani wrote:
Mark,
In Apache Tomcat website I can install 10.1 only ,when I
configure the server by clicking on Add server and select location of
tomcat server, it adds 10.1.3 and the error with red symbol appears
On Mon, 2 Oct 2023, 11:
hen it
does." situations.
Mark
On 10/10/2023 06:51, Giuseppe Sacco wrote:
Hello Peter,
Il giorno mar, 10/10/2023 alle 11.21 +0200, l...@kreuser.name ha scritto:
Guiseppe,
did you consider the separation of CATALINA_HOME and CATALINA_BASE. Look
at the RUNNING.txt file that describes the
CVE-2023-42794 Apache Tomcat - denial of service
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.70 to 9.0.80
Apache Tomcat 8.5.85 to 8.5.93
Description:
Tomcat's internal fork of a Commons FileUpload included an unreleased,
in progress refactoring th
CVE-2023-42795 Apache Tomcat - information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93
Description:
When recyclin
CVE-2023-44487 Apache Tomcat - HTTP/2 DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93
Description:
Tomcat's HTTP/2 implement
CVE-2023-45648 Apache Tomcat - Request Smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93
Description:
Tomcat did not cor
Hello Tomcat users.
Is there a forum (like a webpage that we can search for previous
questions?)...
I am experiencing an issue with logging on to the manager and hosts
webpage(s).
Please see the tomcat-users.xml attached:
*Tomcat-users.xml*
http://tomcat.apache.org/xml";
xmlns:xs
On 10/10/2023 13:03, Mark Linton wrote:
Hello Tomcat users.
Is there a forum (like a webpage that we can search for previous
questions?)...
lists.apache.org
I am experiencing an issue with logging on to the manager and hosts
webpage(s).
What issue?
Please see the tomcat-users.xml
said, applications may have additional requirements.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M13 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
don't want to put these in $CATALINA_BASE/conf/web.xml.
Mark
This is the one thing I have struggled with this afternoon, is nothing tells
you just WHERE to put the error.jsp or whatever custom file.
Thank you!!! I appreciate everyone who helps!
Dream * Excel * Explore * Inspire
Jon McAlex
/DiskFileItem.java
Are the 10.x and 11.x streams vulnerable to CVE-2023-42794?
Are those versions listed as vulnerable in the announcement for that CVE
published by the Tomcat project?
Mark
Thanks,
*Donal Anglin*
--
This message contains proprietary information from Equifax which may be
to demonstrate that the vulnerability is present
in one or more Tomcat versions not listed in the official CVE
announcement.
I'll note that Sonatype have NOT followed the rules of responsible
disclosure as they have NOT contacted the Tomcat security team of their
finding.
Mark
*
compatible with
the classes from the old version. A failure is unlikely but not
impossible. I wouldn't risk it.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 18/10/2023 18:29, Mcalexander, Jon J. wrote:
Hi Mark, et-al,
With the recursion error with these releases in mind, should 8.5.94, 9.0.81,
and 10.1.15 be available for download via the archives? Should they not be
removed and a not placed in the location that they have been removed due to
?
Have you checked Bugzilla / CI changelog to see if the issue has already
been fixed for the next release?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
1. Do not cross-post the same question to multiple lists.
2. Do not post the same question multiple times if you don't get an
answer as quickly as you would like. We all all volunteers here. If you
want a guaranteed SLA then pick you preferred vendor and pay for support.
Mark
27 Oct
implementation that looks
for "enc:" and "decrypts" what it finds.
Note that org.apache.tomcat.util.digester.PROPERTY_SOURCE multiple
values, separated by commas.
Mark
-
To unsubscribe, e-mail: users
erties) in setenv.sh|bat
Mark
I see a comment from Chris here -
https://www.mail-archive.com/users@tomcat.apache.org/msg137824.html
"I don't see any place in Tomcat to specify the JSSE provider. Perhaps we should
expose that to the administrator in some way."
Not sure
for developers to
re-create the problem.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
) you can always
arrange to meet a release manager face to face to have your own 2-person
key signing party. Offers of $beverages can help facilitate this ;)
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For
measuring the impact.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
asses.
eg:
As its purely for development guess it makes no difference?
I doubt you'll notice if you disable it.
Mark
Cheers Greg
On 05/11/2023 10:02, Mark Thomas wrote:
On 04/11/2023 11:03, Greg Huber wrote:
Hello,
I am using the and to run tomcat for
debugging my app (and it is
On 05/11/2023 17:23, Greg Huber wrote:
Thanks Mark and Chris.
I have not noticed any slowness yet.
There are alot of jars (approx 160), but the target/classes folder are my
app's classes that I am working on. These can change (ie not static), so
may be better to switch it off.
Is
probably what you are seeing). Depending on
settings, those facades may be reused or discarded between requests.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
e jars, and add a bit
for luck. (ie 85mb +5mb).🙂
The "i.e. everything NOT under WEB-INF/lib or WEB-INF/classes" is
irrespective of which resource collection it is in. So JARs from
PostResources won't be cached.
Mark
Thanks
On 06/11/2023 09:43, Mark Thomas wrote:
On 05/11/2
referring to configuring tomcat to enforce
mutual Authn TLS on the connectors.
No. Tomcat has no involvement in outgoing TLS connections. They are
entirely an application concern.
Mark
-
To unsubscribe, e-mail: users-unsubscr
e dumps ~5 seconds apart once the start-up appears to freeze.
Enable heap dumps on OOME and analyse them in your favourite profiler.
MARK
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mai
esources to a maven project which has a
resources folder that ends up in the target/classes folder.
Ah. More precisely then, JARs and classes from WEB-INF/lib /
WEB-INF/classes won't be cached but non-class resources in those
locations will be.
Mark
ie
/home/devuser/git/mavenpro
where to start searching.
Any advice greatly appreciated.
Can you recreate the issue with a simple Servlet? Trying to do so may
shed some light on what is going on and if it doesn't you'll have a
reproducible test case for a bug repo
you install it?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 10/11/2023 14:44, Eduardo Guadalupe wrote:
Thanks Mark,
I found the issue, I assumed OpenSSL was installed because I had seen in
some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19
Sep 2023].”
That may be the OpenSSL version that is static linked to the Tomcat
seRequest(request); // Parse the
request
---
> List items = upload.parseRequest(new ServletRequestContext(request));
> // Parse the request
I have quite a few programs that use the FileUpload methods. Does anyone know
how to fix this latest breakage?
Thanks
On 10/11/2023 16:49, Mark Foley wrote:
I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously upgraded
from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed that
thanks to postings on stackoverflow, but now that I've
upgraded to 10.1.13 it is broken
On Fri, 10 Nov 2023 17:11:59 Mark Thomas
> On 10/11/2023 16:49, Mark Foley wrote:
> > I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously
> > upgraded
> > from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed
> > tha
On Fri Nov 10 15:57:50 2023 Christopher Schultz
wrote:
>
> Mark,
>
> On 11/10/23 12:53, Mark Foley wrote:
> > On Fri, 10 Nov 2023 17:11:59 Mark Thomas >>
> >> On 10/11/2023 16:49, Mark Foley wrote:
> >>> I recently upgraded from Tomcat 1
if I should include the full
file, since I've removed parts of it due to pure length.
The full file might contain a few more hints as to what went wrong.
Mark
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc005)
On Mon Nov 13 02:18:49 2023 "Thomas Hoffmann (Speed4Trade GmbH)"
wrote:
> Hello,
>
> > -Ursprüngliche Nachricht-
> > Von: Mark Foley
> > Gesendet: Sonntag, 12. November 2023 19:04
> > An: users@tomcat.apache.org
> > Betreff: Re: FileUpload
On Tue Nov 14 01:46:09 2023 "Thomas Hoffmann (Speed4Trade GmbH)"
wrote:
>
> Hello Mark,
>
> > -Ursprüngliche Nachricht-
> > Von: Mark Foley
> > Gesendet: Montag, 13. November 2023 23:12
> > An: users@tomcat.apache.org
> > Betreff: Re:
The context attribute is only populated if the Realm is defined on the
context.
I think you'll need to use reflect to get at the information you want.
Mark
От: Christopher Schultz
Отправлено: 5 ноября 2023 г. 18:16
Кому: users@tomcat.apache.org
Тема: Re:
rds in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Mark
On 14/11/2023 00:04, Peter Otto wrote:
More info….
In the Request Header-> Authorization->Response. Response is used as the
clientDigest. However this response is generated,
On Tue Nov 14 14:50:10 2023 "Thomas Hoffmann (Speed4Trade GmbH)"
thomas.hoffm...@speed4trade.com.INVALID> wrote:
>
> Hi Mark!
>
> > -Ursprüngliche Nachricht-
> > Von: Mark Foley
> > Gesendet: Dienstag, 14. November 2023 18:20
> > A
ebug log entry for each 505 we will hopefully be able
draw some further conclusions.
Given you are building from source, one possible investigative option is
providing you with a custom patch that adds additional debug logging. If
we reach the point where that would be helpful, is tha
t use different digests to
calculate the passwords.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256 and MD5.
Mark
runtime for Tomcat 9 remains Java 8.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 25/11/2023 05:30, Adwait Kumar Singh wrote:
Is there a way around this, to keep the async context open even on an error
and not close it till complete is invoked?
No. The spec requires the error handler to call complete() in onError()
and error handler doesn't, the container must.
s the
AsyncContext and always fetch the ServletRequest and ServletResponse from
it instead of passing the original references.
Ideal is going to vary depending on circumstance but passing the
AsyncContext would work.
Mark
-
To unsubscri
more complicated with
asynchronous servlets but it boils down to avoid accessing the request,
response and associated objects after complete()/dispatch() have been
called.
Mark
On Sat, Nov 25, 2023 at 5:42 AM Mark Thomas wrote:
On 25/11/2023 05:30, Adwait Kumar Singh wrote:
Is there a
g for
org.apache.coyote.http11.Http11Processor may help.
It is probably the tightening up of the HTTP parsing that is triggering
the 400 response.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: us
CVE-2023-46589 Apache Tomcat - Request Smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M10
Apache Tomcat 10.1.0-M1 to 10.1.15
Apache Tomcat 9.0.0-M1 to 9.0.82
Apache Tomcat 8.5.0 to 8.5.95
Description:
Tomcat did not cor
one of the changes to
more strictly follow the HTTP specifications is to blame. I'll do some
debugging and report back.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: us
On 29/11/2023 10:46, Markus Schlegel wrote:
Changing the config to add ":-CBC" to the default config as suggested
by Mark in bugzilla does not have any effect. Still Grade B, 10 weak
out of 12. It seems to me that -CBC might not be a valid option at
all?
Mark got different resul
s are for addressing this in the
interim. I'll note though that, generally, we don't implement
work-arounds for broken clients - especially ones no-one noticed for 3+
years.
Mark
On 29/11/2023 14:08, Mark Thomas wrote:
On 28/11/2023 22:27, Jean-Max Reymond wrote:
Hi,
I have an ap
On 29/11/2023 21:46, Christopher Schultz wrote:
Mark,
On 11/29/23 14:09, Mark Thomas wrote:
It was this change:
https://github.com/apache/tomcat/commit/147fee447e27ec14e3001d9c727db1dcd4cb930c
Reason phrase is an optional element of the HTTP response. This looks
like a bug in whichever
start a new major version as we only have to change the
minimum version in one place rather than searching through the
documentation to find all the places that reference the minimum version.
Mark
On Thu, Nov 30, 2023 at 6:10 PM Adwait Kumar Singh wrote:
Yes, JDK17 can produce JDK8 bytecode
define values that are using the defaults
so I cam more easily see the 'interesting' settings.
What am I doing wrong here? Any help would be greatly appreciated.
Nothing else jumps out at me immediately.
Mark
-
To u
et to grade "A" with this setting, I can indeed use the default
ciphers settings from Tomcat again and as a consequence, the Warning will
not anymore appear in the log.
Maybe Mark had that setting active too while doing his ssllab tests. This
would explain the difference in the results.
istribution you would create it alongside the
catalina.sh file.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
o an HTTP connection.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 05/12/2023 15:15, Burle, Saicharan wrote:
Hi Mark/Chris,
We are getting this error without even deploying any application.
Then start looking at your network to see what is sending this invalid
data to Tomcat.
Mark
currently supported
version. Failing that, the source code for the bare minimum web
application required to reproduce the issue.
At this point, it is still not clear if this is a Tomcat or an
application issue.
Mark
On 06/12/2023 07:34, Jakub Remenec wrote:
Hi,
I've experienced the
associated 400 response.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
o use virtual thread on Apache Tomcat 10.1.16 with this configuration on
macOS or on Linux:
Note that the above configuration is a) unnecessary and b) doesn't do
anything as the following Connector does not reference the Executor
Mark
But when I make a request, I'm not on a
On 08/12/2023 09:51, Mark Thomas wrote:
On 08/12/2023 02:49, Han Li wrote:
Hi Nicolas,
I took a quick look that Tomcat's VirtualThreadExecutor does not
implement the ExecutorService interface, which leads to this result.
So I think this is a Tomcat bug.
+1
This has been fixed fo
On 08/12/2023 09:27, Ivano Luberti wrote:
Il 07/12/2023 17:51, Mark Thomas ha scritto:
On 07/12/2023 15:37, Ivano Luberti wrote:
Hi, since a few days these errors started showing in my log files:
06-Dec-2023 07:39:56.082 INFO [http-nio-8080-exec-5826]
org.apache.coyote.http11
. Something, NOT tomcat, is HTML escaping the value. Generally, you
want the HTML escpaing because displaying user provided data that
contains unescaped quotes is likely to expose an XSS vulnerability.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
WDYT?
Good point. More widely, we should probably be adding the request ID to
every request related error message.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands,
d its "@" delimiter (Section 4.2 of [HTTP]).
The key word for me in the above is identical.
We probably need to go back to the HTTP working group and clarify
whether then intention was for that "identical" to be in a case
sensitive or i
smuggling, or other applications
running behind the Tomcat?
Tomcat does not provide reverse proxy configuration.
This CVE applies when Tomcat is behind a reverse proxy.
Mark
-
To unsubscribe, e-mail: users-unsubscr
On 14/12/2023 16:13, Benny Prange wrote:
Am Do., 14. Dez. 2023 um 16:51 Uhr schrieb Mark Thomas :
On 14/12/2023 15:33, Benny Prange wrote:
Hi all,
I am having trouble understanding the description of CVE-2023-46589.
Does this CVE affect scenarios where the Apache Tomcat is the reverse
proxy
ioned attribute.
I'm kindly asking the experts: is Tomcat support for this feature being planned?
No.
If not, what can be done to modestly prioritize it?
Open an enhancement request in Bugzilla. Better still, provide a PR
On 11/12/2023 17:20, Mark Thomas wrote:
On 11/12/2023 17:08, David Cleary wrote:
Just want to check if this is by design. The above property default
was changed to better secure the default configuration. We started
having some tests fail due to this.
In our scenario ( as shown below ), the
Description here
/path to directory/*
GET
POST
You *really* don't want to be specifying HTTP methods here.
Google for "uncovered HTTP methods"
hat fails, fall-back to a more
thorough normalization/comparison?
That is probably the way to go if we decide in the future that we do
need to do the normalization first. In which case I'd lean more towards
using toString() and then getting Java to do th
confirmed working with all currently supported (by Microsoft)
versions of Windows. And probably working with a lot of the out of
support versions too.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For
:
*
Hello JSP EL!
*
Tags are not allowed inside elements. The following should
work:
Hello JSP EL!
- Chuck
The JARs you added are for JSTL, not EL. And your example uses neither
JSTL nor EL.
Confused.
Mark
-
To
smuggling is possible.
And finally I wonder what the restrictions of this issue are
Does it work over HTTP/2 or HTTP/1.1 or both?
HTTP/1.1 only.
The use of separate streams in HTTP/2 for each request prevents this
type of attack.
Mark
pport things for.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
this issue in a clean
installation of a standalone Tomcat instance.
Mark
On 05/01/2024 09:48, Vaidya, Omkar wrote:
Adding information -
Tomcat Version - 9.0.62
Platform - Linux Platform
From: Vaidya, Omkar
Sent: Friday, January 5, 2024 3:15 PM
To: users@tomcat.apache.org
Cc: Shriwardhankar,
2. 9.0.X
No plans.
See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0
3. 10.0.X
Already EOL as of 31 October 2022
4. 10.1.X
No plans.
See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0
Mark
On 09/01/2024 10:11, Vaidya, Omkar wrote:
Hi Mark,
Thanks for the response. For mainly related to our Thingworx IOT-based
application, we are using the Tomcat 9.0.62 server. So for that, we are getting
zombie or defunct processes.
"Please provide the steps you used to recreate this iss
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M16 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
No.
Attached are the questions and the source code found
Attachments are removed automatically. Please use plain text.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: us
CVE-2023-46589 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache Tomcat 8.5.7 to 8.5.63
Description:
Incomplete POST requests triggered an error response that could contain
data from a
Correcting the CVE reference in the text (the subject line is correct)
Mark
On 19/01/2024 10:17, Mark Thomas wrote:
CVE-2023-21733 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache
On 19/01/2024 19:06, Francisco Dellanio Leite Alencar wrote:
@Mark Thomas,
Is it possible to consider that the minimum support time of Apache Tomcat 9.0.X
is until 2027 (10 years since Released)?
I'd say 2027 is a reasonable estimate of the likely EOL date for 9.0.x
but I'm no
licitly as LocalMember or as an ordinary Member and Tomcat
will figure out it is the local one.
Mark
On 22/01/2024 08:39, Manak Bisht wrote:
I thought that this https://marc.info/?l=tomcat-user&m=119376798217922&w=2
might be the problem.
*"The uniqueId is used to be able to di
On 24/01/2024 15:48, joan.balagu...@ventusproxy.com wrote:
Any help would be really appreciated.
Configuration error.
Someone has done the equivalent of
Or possibly a mis-configured RemoteIpFilter (or Valve).
Or similar.
Mark
ty can help you with. You need to
contact whichever organization provides you with support for Business
Objects and/or OpenSAML.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
ere a better way to do this?
It depends what you are trying to do - which you haven't explained.
You have direct access to the request object in the invoke() method.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apac
e app uses) to
me at the moment.
If you are able to reproduce this on a clean install of the latest
10.1.x release (or any other currently supported version) I'd be happy
to take another look. All we'd need would be the steps to recreate the
issue from the clean insta
On 27/01/2024 14:38, Dan McLaughlin wrote:
Hey Mark,
If you see a bug report, then that will mean I was able to reproduce it. I
see different behaviors in our local docker environment. Still, it's
nowhere as complex as our production environment--where everything is
clustered and b
ccess token for authentication?
Thank you for any input or advice. I'd be happy to share additional details.Ryan
Take a look at AuthenticatorBase.register()
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For
On 01/02/2024 17:48, Ryanesch@yahoo wrote:
On Feb 1, 2024, at 10:34 AM, Mark Thomas wrote:
On 31/01/2024 00:15, Ryan Esch wrote:
From what I understand, the container knows if a user is authenticated by
using the session id passed to it and then looking up the user principal. If
101 - 200 of 10549 matches
Mail list logo
