On Fri, 10 Jan 2025 at 13:40, Chuck Caldarale wrote:
>
>
> > On Jan 9, 2025, at 23:09, Maxim Solodovnik wrote:
> >
> > Hello All,
> >
> > just have noticed Javadoc search is broken :(
> > my steps:
> > - open Javadoc main page at
> > https://tomcat.apache.org/tomcat-10.0-doc/api/index.html
> > -
> On Jan 9, 2025, at 23:09, Maxim Solodovnik wrote:
>
> Hello All,
>
> just have noticed Javadoc search is broken :(
> my steps:
> - open Javadoc main page at
> https://tomcat.apache.org/tomcat-10.0-doc/api/index.html
> - paste 'SSLHostConfig' into search box (at top-right)
> - hit Enter key
>
On Fri, 10 Jan 2025 at 11:51, S Abirami wrote:
>
> Hi Chris,
>
> Below is the stack trace, the same keystore file working fine in tomcat 9.
>
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at
> org.apache.catalina.connector.Connector.initI
Hello All,
just have noticed Javadoc search is broken :(
my steps:
- open Javadoc main page at
https://tomcat.apache.org/tomcat-10.0-doc/api/index.html
- paste 'SSLHostConfig' into search box (at top-right)
- hit Enter key
Result: got 404 page at URL:
https://tomcat.apache.org/tomcat-10.0-doc/a
Hi Chris,
Below is the stack trace, the same keystore file working fine in tomcat 9.
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at org.apache.catalina.util
Pascal,
On 1/9/25 7:31 AM, Pascal Rigaux wrote:
On 08/01/2025 22:13, Christopher Schultz wrote:
[...]
It would allow anyone to force a logout of all current users at will
just by making any request that causes an unauthenticated session to
be created.
Instant DOS.
Note that current "maxAc
Abirami,
On 1/9/25 6:57 AM, S Abirami wrote:
After migrating from Tomcat 9 to Tomcat 10, there is an error to introduce
SSLHostConfig.
Introduced SSLHostConfig with Keystorefile and KeystorePassword as mentioned
below is not working and throwing error with file is tampered.
SSLHostConfig sslH
The following is a configuration that we have used to set up the Client
Authorization to work in Tomcat. We use introspection
the IntrospectionUtils.PropertySource to decipher the password and set the
following environment variables
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
The proposal does not create instant DOS, because applications can always
create new session if the old session is closed.
Instead the current behavior creates instant DOS, as no new sessions can be
created.
😊
Although the current behavior is still probably the better option, so that at
least ex
On 03/01/2025 07:44, Mark Thomas wrote:
Arjan,
This is the right place to ask that question. Taking a look at this is
on my TODO list. Between addressing CVE-2024-50379 and CVE-2024-56337
and the holiday season I haven't got to it yet. I expect to look at it
before the next release (it isn't
On Thu, Jan 9, 2025 at 1:31 PM Pascal Rigaux
wrote:
>
> Hi,
>
> On 08/01/2025 22:13, Christopher Schultz wrote:
> > [...]
> > It would allow anyone to force a logout of all current users at will just
> > by making any request that causes an unauthenticated session to be created.
> >
> > Instant D
Hi,
On 08/01/2025 22:13, Christopher Schultz wrote:
[...]
It would allow anyone to force a logout of all current users at will just by
making any request that causes an unauthenticated session to be created.
Instant DOS.
Note that current "maxActiveSessions" implementation also causes a DOS:
Hi All,
After migrating from Tomcat 9 to Tomcat 10, there is an error to introduce
SSLHostConfig.
Introduced SSLHostConfig with Keystorefile and KeystorePassword as mentioned
below is not working and throwing error with file is tampered.
SSLHostConfig sslHostConfig = new SSLHostConfig();
SSLHos
13 matches
Mail list logo
