[ANN] Apache Tomcat 10.1.14 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.14. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specificati

[ANN] Apache Tomcat 8.5.94 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.94. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.94 is a bugfix and fea

Re: Sharing catalina home among tomcat machines in a load balanced environment gives problems with log files

both servers will be affected and that may not be what you want. Automation is very flexible and disk space is cheap. Do yourself a favor and just separate things so you don't have unforeseen problems. -chris -Original Message----- From: Christopher Schultz Sent: Tuesday, October

Re: Tomcat upgrade from 9.0.80 to 9.0.81

All, On 10/11/23 08:06, i...@flyingfischer.ch wrote: Am 11.10.23 um 14:02 schrieb Alexander Veit: Caused by: org.apache.http.ConnectionClosedException: Premature end of Content-Length delimited message body (expected: 4,999; received: 3,040)     at org.apache.http.impl.io.ContentLengthIn

Re: JSF errors when upgrading Tomcat and Eclipse: com.sun.faces.config.JavaClassScanningAnnotationScanner$ConstantPoolInfo.containsAnnotation Unknow type constant pool XX at position XX

Brian, On 10/12/23 16:55, Brian Braun wrote: Hello, First of all, I apologize if maybe my issue is not exclusively related to Tomcat, but I think it is. I started my website many years ago, using Struts 1.2.4 and since then I have been using it. Some years after that I had the intention to mig

[ANN] Apache Tomcat 8.5.95 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.95. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.95 is a bugfix and fea

Re: Tomcat 9 -> Intermittent 404 (3-4 fails in 20-30 million requests daily sometimes )

Anurag, On 10/15/23 04:48, Anurag Kumar wrote: Hi, we are experiencing intermittent 404 errors with both GET and POST calls. These errors are quite rare and have proven difficult to reproduce in our testing environment. However, on our production system, we encounter 3-4 cases daily out of 2

Re: Stale tomcat.pid file prevented Tomcat from starting

Darryl, On 10/17/23 10:30, Darryl Baker wrote: We are running 9.0.78 on RHEL 7. During our monthly patch and reboot cycle one the Tomcat running on one system failed to restart. The error said that there was a running version of Tomcat with a low PID number. Just rerunning the start “systemct

Re: Tomcat minor update

Mark and Aditya, On 10/18/23 04:21, Mark Thomas wrote: On 17/10/2023 22:47, Aditya Shastri wrote: Hello, We have several tomcat instances that use a single CATALINA_HOME which is a symlink for a specific version. The Tomcat instance we use is very barebones and doesn't have any of the apps tha

Re: Tomcat 9 -> Intermittent 404 (3-4 fails in 20-30 million requests daily sometimes )

Anurag, On 10/17/23 10:01, Anurag Kumar wrote: Thanks, Christopher, for looking into this issue. Wait until I actually help before thanking me. I'm mostly trying to get more information so people smarter than I am can maybe help you. ;) Tomcat version: Server version: Apache Tomcat/9

Re: Question about releases available for download

Jon, On 10/18/23 15:39, Mcalexander, Jon J. wrote: Thanks Mark. I'm sorry if I stated it incorrectly. I meant the issue with JDBC being broken, etc. the stuff that prompted the immediate new releases. I think the word you were looking for was "regression", not "recursion" ;) -chris -Orig

Re: Question about releases available for download

Jon, On 10/19/23 11:33, Mcalexander, Jon J. wrote: Ding Ding Ding. Chris wins! Yes, that was the word. https://www.youtube.com/watch?v=NtfVgzXTp7Q -chris -Original Message- From: Christopher Schultz Sent: Wednesday, October 18, 2023 9:42 PM To: users@tomcat.apache.org Subject: Re

Re: [OT] Dealing with an insecure Struts application on Tomcat

Alan, On 10/19/23 12:44, Alan F wrote: I am looking at security steps to mitigate issues with a 1.x Struts based app. Is this from a "Struts 1 is vulnerable" perspective? Because -- on paper -- it is. Vulnerable that is. But that doesn't necessarily mean that your application is vulnerable.

Re: Tomcat minor update

and hard-ish-links in NTFS plus some other hand-wavy things in DOS/Windows land. I don't pretend to understand them all, but I've been surprised to discover that various weird combinations of special symbols can be used along with environment variables to get paths in certain forms

Re: Dealing with an insecure Struts application on Tomcat

Greg, On 10/20/23 11:52, Greg Huber wrote: Remember seeing this, a maintained version of Struts 1. Might be work a look. https://github.com/weblegacy/struts1 This is interesting. I knew about this one: https://github.com/kawasima/struts1-forever But the weblegacy folks look *serious* about

Re: CredentialHandler tomcat 7

7.092/ I was looking at this presentation by Christopher Shultz http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgrades%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf it mentions that Credention handler should be available to a web app in Tomcat 7.0.70+ But t

Re: Need Help : Tomcat 9.0.75 not honoring session timeout configured in tomcat web.xml for FORM Authentication

Channa, On 10/27/23 00:07, Channa Puchakayala wrote: Tomcat Version : 9.0.75 Operating System: Windows and Linux Bits: 64 Tomcat 9.0.75 not honoring  session timeout configured in tomcat/conf/web.xml for FORM Authentication and it is effecting customers. ==   

Re: How to custom java program to decrypt keystore password in Tomcat 10.1.15

yanyizhong and Mark, On 10/27/23 04:44, Mark Thomas wrote: On 26/10/2023 11:05, yanyizhong wrote: Hi Tomcat team, Version: Tomcat 10.1.15 I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and found that there is no setKeystorePass(String) method in tomcat 10.1.15. As we wa

Re: Accessing Credential handler inside the web application always returns null

Азат, On 10/29/23 20:45, Усманов Азат Анварович wrote: Hi everyone!I'm trying to test CredentialHandeler functionality onour test server (Tomcat 9.0.64) inside the web-app I Our realm is defined as follows( excerpt from server.xml ) Currently pwd column defined as O

Re: Verifying Tomcat downloads

James, Mark, On 11/3/23 12:33, Mark Thomas wrote: On 03/11/2023 15:45, James H. H. Lampert wrote: Forgive me if this might be a bit off-topic. But I haven't found a lot of resources on the subject (and that includes a search of List archives). For years now, I've been ignoring the note on th

Re: Accessing Credential handler inside the web application always returns null

mcat.apache.org Тема: RE: Accessing Credential handler inside the web application always returns null I did recheck using 9.0.82, unfortunately nothing has changed CredentialHandler is still null ____ От: Christopher Schultz Отправлено: 30 октября 2023 г. 18:52 Ком

Re: FIPS Configuration for Java 11/17 and Tomcat 9

Amit, On 11/2/23 21:18, Amit Pande wrote: Please refer to the link below in case you are interested in configuring FIPS for Tomcat 9 running on Java 17. https://github.com/amitlpande/tomcat-9-fips/wiki/Java-11-17-Tomcat-9-FIPS-Configuration-Using-Bouncy-Castle I have tested steps for Java 11

Re: Admin password for Tomcat

Jerry, On 11/4/23 20:17, Jerry Malcolm wrote: My support team needs to be able to log in to our site as various users (on behalf of...) to be able to see exactly what they are seeing since roles, access groups, history is different for different users.  I would like to implement an admin passw

Re:

Greg and Mark, On 11/5/23 09:31, Mark Thomas wrote: On 05/11/2023 10:18, Greg Huber wrote: OK thanks, the docs mention "static resource cache" but I could not find info on what it actually is. It caches the content of static resources in memory and uses that rather than accessing disk. I

Re: tomcat 10

直以来, On 11/6/23 06:25, 一直以来 wrote: What can I do to see that the request is reused, using what settings? What problem are you trying to solve? -chris -- Original -- From: Mark Thomas - To u

Re: Vulnerabilities Patches

All, On 11/6/23 20:32, James H. H. Lampert wrote: On 11/6/23 5:21 PM, Nithiyanandam BALASUBRAMANIYAN (Oneberry) wrote: I am using Tomcat Apache Version 8.5.94 in Windows server 2012. Recently received following vulnerabilities alert to fix : Short answer: you're already there. And the latest

Re: Admin password for Tomcat

Jerry, On 11/6/23 23:22, Jerry Malcolm wrote: On 11/5/2023 11:54 AM, Jerry Malcolm wrote: On 11/5/2023 9:26 AM, Christopher Schultz wrote: Jerry, On 11/4/23 20:17, Jerry Malcolm wrote: My support team needs to be able to log in to our site as various users (on behalf of...) to be able to

Re: Are there any known class loader leaks in Tomcat 9?

William, On 11/7/23 05:59, William Crowell wrote: Olaf and Sevendu, Thank you for your replies. Correct, I sincerely doubt this is a Tomcat class loading bug. I am using Tomcat’s normal class loader (webapp/WAR) to load the classes into memory, and it is a single class loader. I am going t

Re: Vulnerabilities Patches

"the JARs". You may sometimes be able to get away with that, but it's best to leave Tomcat's installation directory untouched to make sure you have all the resources Tomcat is expecting to find there. -chris -Original Message----- From: Christopher Schultz Sent:

Re: CredentialHandler not working for MD5

Peter, On 11/10/23 13:27, Peter Otto wrote: Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current Steps to reproduce. Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1 tomcat:UserDatabase:nobueno tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2c900e0 S

Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10

Mark, On 11/10/23 10:27, Mark Thomas wrote: On 10/11/2023 14:44, Eduardo Guadalupe wrote: Thanks Mark, I found the issue, I assumed OpenSSL was installed because I had seen in some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19 Sep 2023].” That may be the OpenSSL ver

Re: FileUpload class not working with Tomcat 10.1

Mark, On 11/10/23 12:53, Mark Foley wrote: On Fri, 10 Nov 2023 17:11:59 Mark Thomas On 10/11/2023 16:49, Mark Foley wrote: I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously upgraded from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed that thanks to p

Re: CredentialHandler not working for MD5

g done when you try to authenticate. -chris From: Christopher Schultz Date: Friday, November 10, 2023 at 12:35 PM To: users@tomcat.apache.org Subject: Re: CredentialHandler not working for MD5 Peter, On 11/10/23 13:27, Peter Otto wrote: Logging into manager using MD5 works in 9.0.73 but now

Re: [OT] Is the HTTP/2 Rapid Reset Exploit still possible on 2.4.58?

All, On 11/13/23 17:36, Chuck Caldarale wrote: You may have the wrong mailing list - this one is for Tomcat, but your query seems to be solely about Apache httpd. Also, the httpd project has stated that they were never vulnerable to CVE-2023-44487. https://github.com/icing/blog/blob/main/h

[ANN] Apache Tomcat 8.5.96 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.96. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.96 is a bugfix and fea

Re: Wondering about tomcat-users.xml could not be found

Christoph, On 11/15/23 10:32, Christoph Kukulies wrote: I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. I'm wondering about the following in the logs: Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/li

Re: Partitioned cookies

Adam, On 11/15/23 09:06, Adam Warfield wrote: The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but starting in 2024, browsers will begin enforcing the newer "Partitioned" attribute for third-party cookies. Is there a way to set this attribute within Tomcat for things li

Re: AW: FileUpload class not working with Tomcat 10.1

Mark, Apologies for not replying earlier; looks like you have made good progress. See below. On 11/14/23 12:19, Mark Foley wrote: Anyway, enough griping! I have gotten it partially working thanks to your suggested link, and particulary you suggestion to put the servlet info in web.xml. I've

Re: Wondering about tomcat-users.xml could not be found

Peter, On 11/16/23 14:19, l...@kreuser.name wrote: Hi Chris*, Am 16.11.2023 um 20:12 schrieb Christopher Schultz : Christoph, On 11/15/23 10:32, Christoph Kukulies wrote: I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. I'm wondering about the follow

Re: Java/Tomcat is being killed by the Linux OOM killer for using a huge amount of RAM. How can I know what was going on inside my app (& Tomcat & the JVM) to make that happen?

Brian, On 11/16/23 15:26, Brian Braun wrote: First of all, this is my stack: - Ubuntu 22.04.3 on x86/64 with 2GM of physical RAM that has been enough for years. - Java 11.0.20.1+1-post-Ubuntu-0ubuntu122.04 / openjdk 11.0.20.1 2023-08-24 - Tomcat 9.0.58 (JAVA_OPTS="-Djava.awt.headless=true -Xmx9

Re: CredentialHandler not working for MD5

Peter, On 11/16/23 13:06, Peter Otto wrote: 1. Configure BASIC auth with clear-text passwords in the Realm and get that working. 2. Switch to DIGEST auth with clear-text passwords in the Realm and get that working. 3. Then configure DIGEST auth and digested passwords in the Realm. Hi

Re: CredentialHandler not working for MD5

Mark, On 11/17/23 03:55, Mark Thomas wrote: On 16/11/2023 18:06, Peter Otto wrote:    1.  Configure BASIC auth with clear-text passwords in the Realm and get that working.    2.  Switch to DIGEST auth with clear-text passwords in the Realm and get that working.    3.  Then configure DIGEST a

Re: Wondering about tomcat-users.xml could not be found

Christoph, On 11/17/23 03:55, Christoph Kukulies wrote: Am 16.11.2023 um 20:12 schrieb Christopher Schultz What is the user-owner of the JVM process? root      125216  0.0  0.0      0     0 ?        I    09:42   0:00 [kworker/0:0-events] root      125221  0.0  0.0      0     0 ?        I

Re: CredentialHandler not working for MD5

Mark, On 11/17/23 03:55, Mark Thomas wrote: On 16/11/2023 18:06, Peter Otto wrote:    1.  Configure BASIC auth with clear-text passwords in the Realm and get that working.    2.  Switch to DIGEST auth with clear-text passwords in the Realm and get that working.    3.  Then configure DIGEST a

Re: CredentialHandler not working for MD5

Mark, On 11/18/23 07:52, Mark Thomas wrote: On 17/11/2023 19:36, Christopher Schultz wrote: Is there any reason why SHA-256 is the default? MD5 is the historical default / only implementation for HTTP DIGEST. RFC 7616 (2015) Chrome will choose SHA-256 if presented with a choice of SHA-256

Re: Web.xml file question

Lance, On 11/21/23 11:33, Campbell, Lance wrote: Tomcat 10.1 Java migration from 8 to 11 Eclipse I am trying to migrate my thirteen tomcat web applications from java 8 to java 11. And from tomcat 9 to tomcat 10.1 . I have been using the web.xml file for years with Java 8 and tomcat 9. However

Re: Performance tuning embedded Tomcat 10.1.7: High requests/second, HTTPs and a lot of keep alive connections

Daniel, This is obviously a "big" question whose answer likely take months to really determine. But we can get started :) On 11/27/23 08:59, Daniel Andres Pelaez Lopez wrote: We are facing some challenges with performance tunning for embedded Tomcat using Spring Boot 3 (Tomcat version 10.1.7)

Re: Datadog _ JMX Integration facing connection issues.

Sai Vamsi, On 11/28/23 04:29, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: Hello team, I am trying to add Tomcat-JMX Integration to the Datadog Agent, in order to achieve Remote Monitoring . I am following the docs https://docs.datadoghq.com/containers/guide/autodiscovery-with-jmx/

Re: Tomcat9 not listening to ipv4 port 8080, only ipv6

Christoph, On 11/28/23 08:26, Christoph Kukulies wrote: not that I kew of (changes in JVM arguments). I will try your suggestion: -Djava.net.preferIPv4Stack=true and thanks, it helped: I put it into /etc/defaults/tomcat9 (under Ubuntu 22.04) JAVA_OPTS="-Djava.awt.headless=true -Djava.net.pre

Re: Tomcat9 not listening to ipv4 port 8080, only ipv6

config/http.html#Standard_Implementation Am 28.11.2023 um 15:15 schrieb Christopher Schultz mailto:ch...@christopherschultz.net>>: Christoph, On 11/28/23 08:26, Christoph Kukulies wrote: not that I kew of (changes in JVM arguments). I will try your suggestion: -Djava.net.preferIPv4Stack=true

Re: 400 Bad Request - where do I find the detailed reason for the bad request so I can fix it?

Graham, On 11/28/23 12:12, Graham Leggett wrote: On 28 Nov 2023, at 09:41, Mark Thomas wrote: What do I need to do to see the exception that generated the bad request, so that I know specifically what’s wrong and can fix it? Enabling debug logging for org.apache.coyote.http11.Http11Proces

Re: 400 Bad Request - where do I find the detailed reason for the bad request so I can fix it?

Graham, On 11/29/23 05:01, Graham Leggett wrote: On 28 Nov 2023, at 21:10, Graham Leggett wrote: So the reason we get a 400 Bad Request with no error detail is that we arrive at this line with throwable set to null: https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/catalina/valves

Re: 400 Bad Request - where do I find the detailed reason for the bad request so I can fix it?

Graham, On 11/28/23 14:11, Graham Leggett wrote: On 28 Nov 2023, at 18:42, Christopher Schultz wrote: In your debugger, when you break-on-exception, what happens if you allow the exception to propagate up to the first exception-handler? Does Tomcat swallow the exception? Or it it caught

Re: How to get Remote user value in Apache

Koustav, On 11/29/23 10:22, Naha, Koustav wrote: I am using Apache(2.4) in the front end and Jboss(7.4) in the backend. The page is coming up and after giving the user id and password it is being authenticated. next is when we go to some create function which takes the REMOTE_USER value and inse

Re: webdav and libreoffice

Mark, On 11/29/23 14:09, Mark Thomas wrote: It was this change: https://github.com/apache/tomcat/commit/147fee447e27ec14e3001d9c727db1dcd4cb930c Reason phrase is an optional element of the HTTP response. This looks like a bug in whichever WebDAV client library is being used by LibreOffice.

Re: Tracking keep alive connections

Daniel, On 11/28/23 15:23, Daniel Andres Pelaez Lopez wrote: Hi community, We have a heavy workload where the client uses a lot of keep-alive connections, and we want to measure how many keep-alive connections are open, but we cannot find metrics (MBean) with that information. The closest one i

Re: [EXT] Re: Datadog _ JMX Integration facing connection issues.

Sai Vamsi, On 11/29/23 03:50, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: I am trying to add Tomcat-JMX Integration to the Datadog Agent, in order to achieve Remote Monitoring . I am following the docs https://docs.datadoghq.com/containers/guide/autodiscovery-with-jmx/?tab=helm#au

Re: Tracking keep alive connections

Daniel, On 11/30/23 07:08, Daniel Andres Pelaez Lopez wrote: What kind of number are you looking for? I would say something like the time a connection has been open. Can you please give the JMX path to tomcat_connections_keepalive_current and tomcat_connections_current? I have no idea what y

Re: Tracking keep alive connections

Daniel, On 12/1/23 00:09, Daniel Andres Pelaez Lopez wrote: Christopher, So... when a connection is established, save the current timestamp on the connection. When it closes, take the delta of the start-of-connection and end-of-connection, and add it to a bounded queue (say, 100? 1000?) of

Re: (No members active in cluster group) Cannot discover members in cluster using Delta Manager with static membership Unicast

Manak, On 12/1/23 03:27, Manak Bisht wrote: Hi, I am trying to implement non-sticky session replication using Delta Manager with static membership. The nodes are across two different machines. This isn't really relevant to your issue, but I would *always* recommend enabling stickiness. Why?

Re: (No members active in cluster group) Cannot discover members in cluster using Delta Manager with static membership Unicast

Peter, On 12/1/23 10:12, l...@kreuser.name wrote: Chuck, Am 01.12.2023 um 16:07 schrieb Chuck Caldarale : On Dec 1, 2023, at 02:27, Manak Bisht wrote: Hi, I am trying to implement non-sticky session replication using Delta Manager with static membership. The nodes are across two different

Re: Tomcat 9 build from scratch

Aditya, On 12/1/23 12:48, Aditya Shastri wrote: Yes. Equally importantly it also ensures that the code is compiled against the Java 8 API. > Makes sense! It is used for property replacement in the documentation for the minimum Java version required at runtime. We do it this way so the docume

Weird CSRF prevention behavior

All, I'm experimenting with the CsrfPreventionFilter in Tomcat 8.5. I've had issues with it in the past so I haven't actually enabled it in any of my applications, but I'm sufficiently motivated at this point to get it done. My "application" is actually split up into two applications, each r

Re: Weird CSRF prevention behavior

22.28 Christopher Schultz ( ch...@christopherschultz.net) kirjoitti: All, I'm experimenting with the CsrfPreventionFilter in Tomcat 8.5. I've had issues with it in the past so I haven't actually enabled it in any of my applications, but I'm sufficiently motivated at this

Re: [EXT] Re: Datadog _ JMX Integration facing connection issues.

Sai Vamsi, On 12/4/23 03:53, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: Firstly thanks for adding a point me in asking me to check, if the annotations are reflecting in the Java process, which opened me a door to add the concerned annotations in correct place., by adding in java_

Re: [EXT] Re: Datadog _ JMX Integration facing connection issues.

Thanks, -chris From: Christopher Schultz Sent: Monday, December 4, 2023 23:22 To: users@tomcat.apache.org Subject: Re: [EXT] Re: Datadog _ JMX Integration facing connection issues. Sai Vamsi, On 12/4/23 03:53, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: Firstly thanks for addin

Re: Tomcat Build Issue

Mark, On 12/5/23 07:15, Mark Thomas wrote: On 05/12/2023 09:45, Burle, Saicharan wrote: Hi All, I am trying to build a tomcat instance in a net new server and getting the below error while starting. Although instance has come up but I am unable to debug the below error. Can someone please as

Re: Weird CSRF prevention behavior

All, Ping. Any ideas? -chris On 12/1/23 15:26, Christopher Schultz wrote: All, I'm experimenting with the CsrfPreventionFilter in Tomcat 8.5. I've had issues with it in the past so I haven't actually enabled it in any of my applications, but I'm sufficiently motivated

Re: [EXT] Re: Datadog _ JMX Integration facing connection issues.

itself, or only internally to the container? -chris Thanks & Regards, -- SAI VAMSI .B Senior DevOps Engineer ____ From: Christopher Schultz Sent: Tuesday, December 5, 2023 19:19 To: users@tomcat.apache.org Subject: Re: [EXT] Re: Datadog _ JMX Integration fac

Re: Thread Pool Question

William, On 12/5/23 14:39, William Crowell wrote: I should clarify the ask here… I have some long running JDBC queries against Oracle, and I do not want to tie up Tomcat’s web thread pool with them. I would only have between 1-10 threads in this pool. Executors aren't directly-accessible by

Re: Looking for examples...

Jon, On 12/5/23 19:02, Mcalexander, Jon J. wrote: I am trying to find decent examples for Property Replacements in Catalina.properties. I have an instance that is giving me the following Warning and it bugs me: Dec 05, 2023 5:48:51 PM org.apache.tomcat.util.digester.Digester replaceSystemProp

Re: Looking for examples...

at we've got. Plus, k8s can act as a configuration-deployment system and it can do that by writing directories full of configuration files like the one used by (wait for it) ServiceBindingPropertySource. So that's the what and why with my example(s). Hope that helps, -chris -Ori

Re: [EXT] Re: Datadog _ JMX Integration facing connection issues.

Sai Vamsi, On 12/6/23 11:04, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: Hello Christopher. Thanks for the response! Let me walk you through the Environment., I have a cluster and I am installing multiple microservices in the cluster. And one of the microservices I am integrating

Re: 9.0.83 addSslHostConfig failures?

Daniel, On 12/6/23 23:19, Daniel Skiles wrote: Please disregard that, I got overexcited. It looks like you can query the operation, and it will return the correct name and the correct parameters, but when you try to run it, you get the following stack trace: Caused by: javax.management.Service

Re: 9.0.83 addSslHostConfig JMX Operation Regression (Sample Code Attached)

Daniel, On 12/7/23 13:25, Daniel Skiles wrote: All, I've been doing some testing, and I'm pretty sure the addSslHostConfig operation on ProtocolHandler is busted in 9.0.83. In versions prior to 9.0.82, you can call the operation with a single argument of type SSLHostConfig. In 9.0.82, that

Re: [EXT] Re: Datadog _ JMX Integration facing connection issues.

Sai Vamsi, On 12/8/23 00:43, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: Hey Christopher., Greetings of the day. 1. Might I have confused you with posting the arguments directly ., Yeah as i just shared you the annotations with comments , to state you the stuff i am using

Re: JAVA -tomcat- Request header is too large

Mark, On 12/8/23 06:50, Mark Thomas wrote: On 08/12/2023 09:27, Ivano Luberti wrote: Il 07/12/2023 17:51, Mark Thomas ha scritto: On 07/12/2023 15:37, Ivano Luberti wrote: Hi, since a few days these errors started showing in my log files: 06-Dec-2023 07:39:56.082 INFO [http-nio-8080-exec-58

Re: JAVA -tomcat- Request header is too large

ganization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. On 08/12/2023 22:01, Christopher Schultz wrote: Are request-ids always allocated, or on

Re: Weird CSRF prevention behavior

Cris, On 12/11/23 12:48, Berneburg, Cris J. - US wrote: Hi Chris Any ideas? About EITHER issue? Ping. Any ideas? Yeah, and hopefully you won't gag too much. :-P [SNIP] My application is using log4j2, but that library is only used by the application and the JAR file is in WEB-INF/lib/. I w

[ANN] Apache Tomcat 8.5.97 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.97. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.97 is a bugfix and fea

Apache Tomcat 10.1.17 Available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.17. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specificati

Re: channelStartOptions for cluster with static membership

Manak, On 12/12/23 10:05, Manak Bisht wrote: To use *DeltaManager* with unicast (static membership), the Tomcat 8.5 documentation (https://tomcat.apache.org/tomcat-8.5-doc/config/cluster.html) states that the channelStartOptions should be equal to *3*. However, the value should be left as the d

Re: Typo in the release announcement

Anmed, On 12/12/23 12:51, Ahmed Ashour wrote: Hi all, In https://tomcat.apache.org/, there are three places of occurs during HTTP HTTP request processing with an extra `HTTP`. Thanks,Ahmed Thanks for the report. I've fixed the web site, but we won't bother to re-send the release announcem

Re: 9.0.83 addSslHostConfig JMX Operation Regression (Sample Code Attached)

hat parameters are you passing it and what types? What parameters and types are expected by the operation you are trying to invoke? -chris On Fri, Dec 8, 2023 at 4:55 PM Christopher Schultz < ch...@christopherschultz.net> wrote: Daniel, On 12/7/23 13:25, Daniel Skiles wrote: All, I&#

Re: [EXT] Datadog _ JMX Integration facing connection issues.

Sai Vamsi, On 12/14/23 00:26, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) wrote: Hai Chuck., Thanks for jumping in., thats what my concern is. as previously added by Chris, I have added my annotations in Catalina_opts ., Which is preferred by Java_Process for adding the annotations., But

Re: security-constraint url-pattern question

Kent, On 12/14/23 09:13, ResSoft wrote: I am currently forcing my app to use https. Here is what I have in my app web.xml file and it works as intended securedapp /* CONFIDENTIAL I also now want to restrict the browser from pulling up files in certain

Re: 9.0.83 addSslHostConfig JMX Operation Regression (Sample Code Attached)

tly one operation defined: the two-argument version. So I'm not sure how you are ever able to invoke this operation with only a single argument. -chris On Wed, Dec 13, 2023 at 10:27 AM Christopher Schultz < ch...@christopherschultz.net> wrote: Daniel, On 12/12/23 19:45, Daniel

Re: 9.0.83 addSslHostConfig JMX Operation Regression (Sample Code Attached)

arguments match, otherwise you're going to randomly pick one of the two methods and fail half the time. Rémy On Wed, Dec 13, 2023 at 10:27 AM Christopher Schultz < ch...@christopherschultz.net> wrote: Daniel, On 12/12/23 19:45, Daniel Skiles wrote: I apologi

Re: I can't find how to stop TOMCAT during INITIALIZATION phase

All, On 12/15/23 03:29, Simon Matter wrote: Hi, Our question is: 1. It is possible to stop tomcat during initialization phase? 2. If yes how and if not are any plans to implement it in future versions? It seems to me that my solutions for now are: 1. sending SIGKILL signal to tomcat (this is

Re: [EXTERNAL] - Re: Partitioned cookies

Mark, On 12/15/23 04:03, Mark Thomas wrote: On 14/12/2023 21:15, André van der Lugt wrote: From: Chuck Caldarale Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List Subject: [EXTERNAL] - Re: Partitioned cookies On Nov 15

Re: Should allowHostHeaderMismatch be case sensitive

Mark, On 12/15/23 04:12, Mark Thomas wrote: On 11/12/2023 17:20, Mark Thomas wrote: On 11/12/2023 17:08, David Cleary wrote: Just want to check if this is by design. The above property default was changed to better secure the default configuration. We started having some tests fail due to thi

Re: 9.0.83 addSslHostConfig JMX Operation Regression (Sample Code Attached)

uot;Fixing" the introspection process is a better move. -chris On Thu, Dec 14, 2023 at 10:17 AM Christopher Schultz < ch...@christopherschultz.net> wrote: Daniel, On 12/14/23 09:43, Daniel Skiles wrote: Do you have any pointers on how to do that using JMX? So far as I can tell from w

Re: Issues of Ahead of Time compilation support

Jun, On 12/15/23 08:56, Jun Suzuki wrote: 2023年12月15日(金) 20:37 Rémy Maucherat : On Fri, Dec 15, 2023 at 11:54 AM Jun Suzuki wrote: Rémy Thank you so much for your support. May I confirm a little bit further regarding your reply. 2023年12月15日(金) 17:08 Rémy Maucherat : On Fri, Dec 15, 2023

Re: Weird CSRF prevention behavior

Konstantin, On 12/20/23 12:10, Konstantin Kolinko wrote: пт, 1 дек. 2023 г. в 23:27, Christopher Schultz : [...] I build-from-source and launch my custom-build Tomcat with my application in it. No logging. Oh, right... logging.properties. So I add this to my conf/logging.properties file

Re: need features list that were removed in tomcat 10 while moving from tomcat 9

Rajendra, On 12/22/23 04:31, Rathore, Rajendra wrote: We are migrating from tomcat 9 to tomcat 10, we run the migration tool on our codebase, that work perfectly, can you please share the changes from 9 to 10, we are interested in removed API or features that we can fix manually as migrator tool

Re: Admin password for Tomcat

Jerry, On 12/24/23 19:18, Jerry Malcolm wrote: Chris, On 11/8/2023 2:43 PM, Christopher Schultz wrote: Jerry, On 11/6/23 23:22, Jerry Malcolm wrote: On 11/5/2023 11:54 AM, Jerry Malcolm wrote: On 11/5/2023 9:26 AM, Christopher Schultz wrote: Jerry, On 11/4/23 20:17, Jerry Malcolm wrote

Re: [EXT] Datadog _ JMX Integration facing connection issues.

ay need to consult the Spring documentation to see how best to set all of those JVM parameters. -chris ____ From: Christopher Schultz Sent: Thursday, December 14, 2023 20:33 To: users@tomcat.apache.org Subject: Re: [EXT] Datadog _ JMX Integration facing connection is

Re: Admin password for Tomcat

Jerry. On 12/27/23 02:13, Jerry Malcolm wrote: I implemented the filter as you suggested.  But I guess I'm going to need some education on sessions.  Down in a user profile web page I have a button to "Impersonate". I'm with you so far. I create the GenericPrincipal object and store it in t

Re: Admin password for Tomcat

Jerry, On 12/28/23 18:33, Jerry Malcolm wrote: Chris, On 12/28/2023 3:38 PM, Christopher Schultz wrote: Jerry. On 12/27/23 02:13, Jerry Malcolm wrote: I implemented the filter as you suggested.  But I guess I'm going to need some education on sessions.  Down in a user profile web p

Re: Servlet-Mapping having %-sign

Peter, On 12/29/23 07:56, Peter Rader wrote: having a URL like this: https://localhost:8443/index.html works perfect. This is my mapping: Nano-Nano-Servlet /index.html Nano-Nano-Servlet *.ts Unfortunately this URI does not load (because of the %-sign): https://localhost:8443/@rm

<    1   2   3   4   5   6   7   8   9   10   >