On 17/03/2023 14:02, Roe, Jennifer L wrote:
Hi,

   We have opened a case with New Relic. The behavior exists with the 7.11.1 and 8.0.1 java agents per multiple applications teams. [The behavior was first noticed with Tomcat 9.0.72; Tomcat 9.0.73 which was released shortly after 9.0.72 also experiences this behavior.]

   The app teams stated disabling the java agent allows the application to function as expected. However, without the agent our observability and monitoring of the applications takes a hit as metrics are not available.

    Could this be related to fix 66441?

Fix:66441 <https://bz.apache.org/bugzilla/show_bug.cgi?id=66441>: Make imports of static fields in JSPs visible to any EL expressions used on the page. (markt)

On one hand that is one of only two code changes (the other changes for formatting and/or comments) in the org.apache.jasper packages between 9.0.71 and 9.0.72 so it seems possible. On the other hand, I'm struggling to see how either of those code changes could cause the sort of corruption being observed.

I'm be interested in hearing New Relic's explanation for this.

Mark



Regards,

Joel

Nationwide is on your side.

        

*Jennifer Roe*

Consultant, Technology Engineer

Proud Nationwide Member

Middleware Technology

ro...@nationwide.com

/FORTUNE® and Time Inc. are not affiliated with, and do not endorse the products or services of, Nationwide Mutual Insurance Company./

*From:* Thomas Meyer <tho...@m3y3r.de>
*Sent:* Friday, March 17, 2023 9:27 AM
*To:* Tomcat Users List <users@tomcat.apache.org>; Roe, Jennifer L <ro...@nationwide.com> *Cc:* Whitesel, Joel M <whit...@nationwide.com>; Adcock, Troy Allen <troy.adc...@nationwide.com>; Abbott, William H (Bill) <bill.abb...@nationwide.com>
*Subject:* [EXTERNAL] Re: Tomcat 9.0.72 and New Relic APM java agent issues

*Nationwide Information Security Warning: **This is an **EXTERNAL****email. *Use *CAUTION****before clicking on links, opening attachments, or responding.*(*Sender:*tho...@m3y3r.de <mailto:tho...@m3y3r.de>)

------------------------------------------------------------------------

Hi,

We may see something similar with tomcat 9.0.73 and jsp pages.

Need to test with newrelic app disabled.

Did you already create a case with newrelic with this problem?

Mfg
Thomas

Am 13. März 2023 20:18:12 MEZ schrieb "Roe, Jennifer L" <ro...@nationwide.com <mailto:ro...@nationwide.com>>:

    We are using 9.0.73 Tomcat version and New Relic APM java agent
    7.11.0, it seems we are missing the injected New Relic script and
    the DOM looks much different than in 9.0.71. Looks as though it's
    incorrectly escaping certain html tags as if they're text (EG:
    changing < to "/&gt")

    In our application login page is not fully displayed and we see the
    following at the bottom:

    This field is required.", }, "j_password": { required: "This field
    is required.", }, }, showErrors: function (errorMap, errorList) {
    var numOfInvalids = this.numberOfInvalids(); if (numOfInvalids != 0)
    { $("#loginErrorSummary").html("

    Version 9.0.72 is when this was first noticed, nothing seemed to
    change with .73 and the New Relic version has remained the same 7.11.0.

    We have run a test with New Relic 8.01 agent with the same results

    System details:

    Ubuntu 20.04.5 LTS

    OpenJDK Runtime Environment Temurin-17.0.6+10

    Example of where it seems to be doing an incorrect escape on the
    html produced from our .jsp

    Working page 9.0.71

    <form id="loginForm" name="LoginForm" action="spring_security_check"
    method="post" novalidate="novalidate">

         <input type="hidden" name="redirectUri" value="">

         <div class="container page-container">

             <div class="page-content">

                 <div class="row">

                     <div class="col-sm-8 col-lg-6">

    Not working 9.0.73

    <form id="loginForm" name="LoginForm" action="spring_security_check"
    method="post">

         "/&gt;

    Thanks

    Nationwide is on your side.

        

    *Jennifer Roe*

    Consultant, Technology Engineer

    Proud Nationwide Member

    Middleware Technology

    ro...@nationwide.com <mailto:ro...@nationwide.com>

    /FORTUNE® and Time Inc. are not affiliated with, and do not endorse
    the products or services of, Nationwide Mutual Insurance Company./

--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to