Messages by Date
-
2026/07/13
Re: Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
Chuck Caldarale
-
2026/07/13
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
Turritopsis Dohrnii Teo En Ming
-
2026/07/10
[ANN] Apache Tomcat 10.1.57 Available
Christopher Schultz
-
2026/07/08
Re: Tomcat 10.1.56: Extending RequestElement no longer works!
Amit Pande via users
-
2026/07/08
[ANN] Apache Tomcat 11.0.24 Available
Mark Thomas
-
2026/07/07
[ANN] Apache Tomcat 9.0.120 available
Rémy Maucherat
-
2026/07/02
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Mark Thomas
-
2026/07/02
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Christopher Schultz
-
2026/07/02
Re: Interesting issue while deploying an angular application (Tomcat 10.1.x)
Christopher Schultz
-
2026/07/02
Re: Tomcat 10.1.56: Extending RequestElement no longer works!
Christopher Schultz
-
2026/07/01
Re: Possible regression after upgrade to [9.0.119] (java.lang.IllegalArgumentException: newPosition > limit: (8175 > 9))
Mark Thomas
-
2026/06/30
Re: tomcat 9.0.119 + jsvc
Chuck Caldarale
-
2026/06/30
RE: tomcat 9.0.119 + jsvc
Rathore, Rajendra via users
-
2026/06/30
Re: tomcat 9.0.119 + jsvc
Holger Klawitter
-
2026/06/30
Re: tomcat 9.0.119 + jsvc
Mark Thomas
-
2026/06/30
Re: tomcat 9.0.119 + jsvc
Rémy Maucherat
-
2026/06/30
tomcat 9.0.119 + jsvc
info . asf
-
2026/06/29
[SECURITY] CVE-2026-55957 Apache Tomcat - Authentication bypass with JNDIRealm and GSSAPI authenticated bind
Mark Thomas
-
2026/06/29
[SECURITY] CVE-2026-55956 Apache Tomcat - Security constraints for default servlet ignored method
Mark Thomas
-
2026/06/29
[SECURITY] CVE-2026-55955 Apache Tomcat - EncryptInterceptor not protected against replay attacks
Mark Thomas
-
2026/06/29
[SECURITY] CVE-2026-55276 Apache Tomcat - Logged effective web.xml is incomplete
Mark Thomas
-
2026/06/29
[SECURITY] CVE-2026-53434 Apache Tomcat - Invalid CRL configuration doesn't trigger failure for FFM Connector
Mark Thomas
-
2026/06/29
[SECURITY] CVE-2026-53404 Apache Tomcat - Bad ornext processing in RewriteValve
Mark Thomas
-
2026/06/29
[SECURITY] CVE-2026-50229 Apache Tomcat - XXS in number guess example
Mark Thomas
-
2026/06/26
Re: Possible regression after upgrade to [9.0.119] (java.lang.IllegalArgumentException: newPosition > limit: (8175 > 9))
Mark Thomas
-
2026/06/26
Re: Tomcat native 1.3.8
Mark Thomas
-
2026/06/26
Re: Tomcat native 1.3.8
Mark Thomas
-
2026/06/26
Tomcat native 1.3.8
Harri Pesonen via users
-
2026/06/25
Possible regression after upgrade to [9.0.119] (java.lang.IllegalArgumentException: newPosition > limit: (8175 > 9))
Stankov. Yavor
-
2026/06/24
Re: Interesting issue while deploying an angular application (Tomcat 10.1.x)
Amit Pande via users
-
2026/06/24
Re: Interesting issue while deploying an angular application (Tomcat 10.1.x)
Mark Thomas
-
2026/06/24
Re: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Not Yet Updated for 9.0.119
Mark Thomas
-
2026/06/23
Re: Tomcat 10.1.56: Extending RequestElement no longer works!
Amit Pande via users
-
2026/06/23
Re: Tomcat 10.1.56: Extending RequestElement no longer works!
Rémy Maucherat
-
2026/06/23
Re: Interesting issue while deploying an angular application (Tomcat 10.1.x)
Christopher Schultz
-
2026/06/23
Re: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Not Yet Updated for 9.0.119
Christopher Schultz
-
2026/06/23
Re: Tomcat 10.1.56: Extending RequestElement no longer works!
Christopher Schultz
-
2026/06/23
Interesting issue while deploying an angular application (Tomcat 10.1.x)
Amit Pande via users
-
2026/06/23
Tomcat 10.1.56: Extending RequestElement no longer works!
Amit Pande via users
-
2026/06/23
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Not Yet Updated for 9.0.119
Eddie Rowe via users
-
2026/06/23
[ANN] Apache Tomcat 9.0.119 available
Rémy Maucherat
-
2026/06/22
[ANN] Apache Tomcat 10.1.56 Available
Christopher Schultz
-
2026/06/22
AW: AW: [ANN] Apache Tomcat 11.0.23 Available
Thomas Hoffmann (Speed4Trade GmbH) via users
-
2026/06/22
Re: AW: [ANN] Apache Tomcat 11.0.23 Available
Mark Thomas
-
2026/06/22
Re: AW: [ANN] Apache Tomcat 11.0.23 Available
Mark Thomas
-
2026/06/22
Re: AW: [ANN] Apache Tomcat 11.0.23 Available
Mark Thomas
-
2026/06/22
AW: [ANN] Apache Tomcat 11.0.23 Available
Thomas Hoffmann (Speed4Trade GmbH) via users
-
2026/06/22
[ANN] Apache Tomcat 11.0.23 Available
Mark Thomas
-
2026/06/15
[ANN] Apache Tomcat Native 1.3.8 released
Mark Thomas
-
2026/06/15
[ANN] Apache Tomcat Native 2.0.15 released
Mark Thomas
-
2026/06/13
Re: OT: Entra ID Realm for Tomcat
Jon McAlexander
-
2026/06/13
Re: OT: Entra ID Realm for Tomcat
Zoran Avtarovski
-
2026/06/13
Re: OT: Entra ID Realm for Tomcat
Christopher Schultz
-
2026/06/13
Re: RSS
Christopher Schultz
-
2026/06/11
Re: OT: Entra ID Realm for Tomcat
Zoran Avtarovski
-
2026/06/10
Re: RSS
Roger Marquis
-
2026/06/10
Re: OT: Entra ID Realm for Tomcat
Christopher Schultz
-
2026/06/10
Re: Tomcat website, RSS and social media
Mark Thomas
-
2026/06/10
Re: Tomcat website, RSS and social media
Christopher Schultz
-
2026/06/08
OT: Entra ID Realm for Tomcat
Zoran Avtarovski
-
2026/06/08
Re: VS: VS: Log headers for failing request
Mark Thomas
-
2026/06/08
VS: VS: Log headers for failing request
Harri Pesonen via users
-
2026/06/08
Re: Tomcat website, RSS and social media
Mark Thomas
-
2026/06/08
Re: Tomcat website, RSS and social media
Mark Thomas
-
2026/06/08
Re: VS: Log headers for failing request
Mark Thomas
-
2026/06/08
Re: Tomcat website, RSS and social media
Mark Thomas
-
2026/06/08
VS: Log headers for failing request
Harri Pesonen via users
-
2026/06/08
Tomcat website, RSS and social media
Thorsten Heit
-
2026/06/07
Re: Is Tomcat affected by CVE-2026-49975 (HTTP/2 Bomb)?
Stefan Mayr
-
2026/06/05
Re: Log headers for failing request
Mark Thomas
-
2026/06/05
Re: Is Tomcat affected by CVE-2026-49975 (HTTP/2 Bomb)?
Mark Thomas
-
2026/06/05
Log headers for failing request
Harri Pesonen via users
-
2026/06/05
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.12
Mark Thomas
-
2026/06/04
Re: Is Tomcat affected by CVE-2026-49975 (HTTP/2 Bomb)?
Christopher Schultz
-
2026/06/04
Is Tomcat affected by CVE-2026-49975 (HTTP/2 Bomb)?
Stefan Mayr
-
2026/06/04
RE: Logging of which jars did or didn't need scanning?
Holle, Jess via users
-
2026/06/04
RE: Logging of which jars did or didn't need scanning?
Hemanta Pathak
-
2026/06/04
Logging of which jars did or didn't need scanning?
Holle, Jess via users
-
2026/06/02
Informal poll of Tomcat version usage
Christopher Schultz
-
2026/06/02
Re: Fwd: Questions regarding updating Apache Tomcat on a server.
Jon McAlexander
-
2026/06/01
Re: Fwd: Questions regarding updating Apache Tomcat on a server.
Christopher Schultz
-
2026/05/29
Re: [BUG] Parameters.recycle() does not reset queryStringCharset — leaks across recycled Requests
Mark Thomas
-
2026/05/29
Re: [BUG] Parameters.recycle() does not reset queryStringCharset — leaks across recycled Requests
Mark Thomas
-
2026/05/29
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Thomas Meyer
-
2026/05/29
Re: Fwd: Questions regarding updating Apache Tomcat on a server.
Jon McAlexander
-
2026/05/28
[BUG] Parameters.recycle() does not reset queryStringCharset — leaks across recycled Requests
황인엽
-
2026/05/28
Fwd: Questions regarding updating Apache Tomcat on a server.
Brian Proffitt
-
2026/05/28
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Mark Thomas
-
2026/05/27
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Christopher Schultz
-
2026/05/26
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Mark Thomas
-
2026/05/24
Fw: Tomcat Jobs
Jon McAlexander
-
2026/05/12
[SECURITY] CVE-2026-43515 Apache Tomcat - Security constraints not correctly applied
Mark Thomas
-
2026/05/12
[SECURITY] CVE-2026-43514 Apache Tomcat - AJP secret compared in non-constant time
Mark Thomas
-
2026/05/12
[SECURITY] CVE-2026-43513 Apache Tomcat - LockOutRealm treats user names as case-sensitive
Mark Thomas
-
2026/05/12
[SECURITY] CVE-2026-43512 Apache Tomcat - Digest authenticator will authenticate any unknown user
Mark Thomas
-
2026/05/12
[SECURITY] CVE-2026-42498 Apache Tomcat - WebSocket authentication header exposure
Mark Thomas
-
2026/05/12
[SECURITY] CVE-2026-41293 Apache Tomcat - HTTP/2 request headers not validated
Mark Thomas
-
2026/05/12
[SECURITY] CVE-2026-41284 Apache Tomcat - Unbounded read in WebDAV LOCK and PROPFIND handling
Mark Thomas
-
2026/05/12
Re: Apache Tomcat x.x.x Available?
Chuck Caldarale
-
2026/05/12
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Mark Thomas
-
2026/05/12
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Rémy Maucherat
-
2026/05/12
Re: Apache Tomcat x.x.x Available?
Mark Foley
-
2026/05/12
Re: Apache Tomcat x.x.x Available?
David Wall
-
2026/05/12
Apache Tomcat x.x.x Available?
Mark Foley
-
2026/05/12
Re: The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Mark Thomas
-
2026/05/12
The scheme https s not consistent with the TLS enabled setting (Re: [ANN] Apache Tomcat 11.0.22 Available)
Thomas Meyer
-
2026/05/11
[ANN] Apache Tomcat 10.1.55 Available
Christopher Schultz
-
2026/05/10
[ANN] Apache Tomcat 9.0.118 available
Rémy Maucherat
-
2026/05/06
Re: Very rare requests claim they are from 127.0.0.1
Christopher Schultz
-
2026/05/05
Re: Very rare requests claim they are from 127.0.0.1
Konstantin Kolinko
-
2026/05/05
Re: Very rare requests claim they are from 127.0.0.1
Christopher Schultz
-
2026/05/05
Re: Very rare requests claim they are from 127.0.0.1
Mark Thomas
-
2026/05/05
[ANN] Apache Tomcat 11.0.22 Available
Mark Thomas
-
2026/05/02
Very rare requests claim they are from 127.0.0.1
Christopher Schultz
-
2026/04/28
Community Over Code Conference, October 2026, Glasgow, Scotland, UK
Christopher Schultz
-
2026/04/16
Re: Clarification on Tomcat 9.1 Release Timeline and Support Plans
Christopher Schultz
-
2026/04/16
Clarification on Tomcat 9.1 Release Timeline and Support Plans
somasani nikhil
-
2026/04/14
RE: [EXTERNAL] Re: Double Slash Conversion to Single Slash in URL Not Working
Grackin, Michael A. Mr. (Fed) via users
-
2026/04/14
Re: cgi not found
Christopher Schultz
-
2026/04/14
Re: Double Slash Conversion to Single Slash in URL Not Working
Christopher Schultz
-
2026/04/13
Re: cgi not found
Holger Klawitter
-
2026/04/13
Re: Double Slash Conversion to Single Slash in URL Not Working
Mark Thomas
-
2026/04/13
Re: Limits on redirect length
Mark Thomas
-
2026/04/13
Limits on redirect length
Stephen Booth
-
2026/04/10
Double Slash Conversion to Single Slash in URL Not Working
Grackin, Michael A. Mr. (Fed) via users
-
2026/04/10
Re: cgi not found
Christopher Schultz
-
2026/04/10
cgi not found
Holger Klawitter
-
2026/04/09
Re: Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request
Christopher Schultz
-
2026/04/09
[SECURITY] CVE-2026-34487 Apache Tomcat - Cloud membership for clustering component exposed the Kubernetes bearer token
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-34486 Apache Tomcat - Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-34500 Apache Tomcat - OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-34483 Apache Tomcat - Incomplete escaping of JSON access logs
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-32990 Apache Tomcat - The fix for CVE-2025-66614 is incomplete
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-29146 Apache Tomcat - EncryptInterceptor vulnerable to padding oracle attack by default
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-29145 Apache Tomcat and Tomcat Native - OCSP checks sometimes soft-fail even when soft-fail is disabled
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-29129 Apache Tomcat - Configured TLS cipher preference order not preserved
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-25854 Apache Tomcat - Occasionally open redirect
Mark Thomas
-
2026/04/09
[SECURITY] CVE-2026-24880 Apache Tomcat - Request smuggling via invalid chunk extension
Mark Thomas
-
2026/04/08
Re: Access log Bytes Written when compression is enabled
Mark Thomas
-
2026/04/04
[ANN] Apache Tomcat 11.0.21 Available
Mark Thomas
-
2026/04/03
[ANN] Apache Tomcat 9.0.117 available
Rémy Maucherat
-
2026/04/02
[ANN] Apache Tomcat 10.1.54 Available
Christopher Schultz
-
2026/04/02
[ANN] End Of Support for Tomcat Native 1.x
Christopher Schultz
-
2026/04/01
Re: Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request
扛起一片天!✨
-
2026/04/01
Re: Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request
Christopher Schultz
-
2026/04/01
Tomcat 9.0.37 - Request Header Parsing Exception: X-Forwarded-For Lost and Host Field Duplicated Resulting in 400 Bad Request
扛起一片天!✨
-
2026/03/30
Re: Tomcat 11.0.18 - java.lang.AssertionError in Mapper#internalMap
Torsten Krah
-
2026/03/27
Re: Tomcat 11.0.18 - java.lang.AssertionError in Mapper#internalMap
Christopher Schultz
-
2026/03/27
Re: AW: [ANN] Apache Tomcat 10.1.53 Available
Christopher Schultz
-
2026/03/24
Tomcat 11.0.18 - java.lang.AssertionError in Mapper#internalMap
Torsten Krah
-
2026/03/24
AW: [ANN] Apache Tomcat 10.1.53 Available
Döscher, Andreas (ESI) via users
-
2026/03/23
[ANN] Apache Tomcat 10.1.53 Available
Christopher Schultz
-
2026/03/20
[ANN] Apache Tomcat 9.0.116 available
Rémy Maucherat
-
2026/03/20
[ANN] Apache Tomcat 11.0.20 Available
Mark Thomas
-
2026/03/18
Re: Run Priority -- Tomcat running on IBM Midrange boxes
Christopher Schultz
-
2026/03/16
Re: Apache Tomcat 9.0.108 -- Upgrading to 9.1.x and Release Info
Sebastian Trost via users
-
2026/03/16
Apache Tomcat 9.0.108 -- Upgrading to 9.1.x and Release Info
Jack Haddad
-
2026/03/16
Re: Run Priority -- Tomcat running on IBM Midrange boxes
Rainer Jung
-
2026/03/13
Re: Run Priority -- Tomcat running on IBM Midrange boxes
James H. H. Lampert via users
-
2026/03/13
Re: Run Priority -- Tomcat running on IBM Midrange boxes
Christopher Schultz
-
2026/03/13
Re: Tomcat 11 latest release version date
Christopher Schultz
-
2026/03/13
Re: Tomcat 11 latest release version date
Christopher Schultz
-
2026/03/13
Re: Apache Tomcat 10 Issue
Christopher Schultz
-
2026/03/13
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/03/12
Re: FIPS Mode
Amit Pande via users
-
2026/03/12
Re: Tomcat 11 latest release version date
Jonathan S. Fisher
-
2026/03/12
Re: Apache Tomcat 10 Issue
Zdeněk Henek
-
2026/03/12
Re: Tomcat 11 latest release version date
Mark Thomas
-
2026/03/12
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/03/12
Tomcat 11 latest release version date
Deepti Sharma S via users
-
2026/03/11
FIPS Mode
Mike Brown
-
2026/03/11
Re: Run Priority -- Tomcat running on IBM Midrange boxes
James H. H. Lampert via users
-
2026/03/11
Re: Run Priority -- Tomcat running on IBM Midrange boxes
Konstantin Kolinko
-
2026/03/11
Run Priority -- Tomcat running on IBM Midrange boxes
James H. H. Lampert via users
-
2026/03/10
Re: Apache Tomcat 10 Issue
Zdeněk Henek
-
2026/03/10
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/03/10
[ANN] Apache Tomcat Native 2.0.14 released
Mark Thomas
-
2026/03/10
[ANN] Apache Tomcat Native 1.3.7 released
Mark Thomas
-
2026/03/06
Recall: Apache Tomcat 10 Issue
Mcalexander, Jon J. via users
-
2026/03/06
RE: Apache Tomcat 10 Issue
Mcalexander, Jon J. via users
-
2026/03/06
Re: users Digest 6 Mar 2026 16:12:31 -0000 Issue 15160
Richard Huntrods
-
2026/03/06
Re: Apache Tomcat 10 Issue
Zdeněk Henek
-
2026/03/06
Re: Apache Tomcat 10 Issue
Rob Sargent
-
2026/03/06
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/03/03
Re: Access log Bytes Written when compression is enabled
Christopher Schultz
-
2026/03/03
Re: Apache Tomcat 10 Issue
Christopher Schultz
-
2026/03/02
Re: Access log Bytes Written when compression is enabled
David Cleary
-
2026/03/02
Re: Apache Tomcat 10 Issue
Sebastian Trost via users
-
2026/03/02
Re: Apache Tomcat 10 Issue
David Wall
-
2026/03/02
Re: Apache Tomcat 10 Issue
Sebastian Trost via users
-
2026/03/02
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/03/02
Re: Apache Tomcat 10 Issue
Sebastian Trost via users
-
2026/03/02
Re: Apache Tomcat 10 Issue
Sebastian Trost via users
-
2026/03/02
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/03/02
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/02/28
Re: Apache Tomcat 10 Issue
Dimitris Soumis
-
2026/02/28
Re: Apache Tomcat 10 Issue
Dimitris Soumis
-
2026/02/27
Re: Apache Tomcat 10 Issue
Rob Sargent
-
2026/02/27
RE: Apache Tomcat 10 Issue
Short, William J.
-
2026/02/27
Re: Apache Tomcat 10 Issue
Dimitris Soumis