On 20/12/2024 16:42, Carl Wick wrote:
Hello,
Mitigation:
- Upgrade to Apache Tomcat 9.0.98 or later
- running on Java 8 or Java 11: the system property
sun.io.useCanonCaches must be explicitly set to false (it defaults
to true)
In a Tomcat 9.0.98/Java 11 running on Windows 2019 environment, how is this
achieved?
add the following to setenv.bat
set CATALINA_OPTS=%CATALINA_OPTS% -Dsun.io.useCanonCaches=false
If running as a service then system properties are set on the Java tab.
You'd add:
-Dsun.io.useCanonCaches=false
Note: You only need to worry about this or CVE-2034-50379 if you have
set readonly="false" on the default servlet.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
