Hi Christopher!
I did a bit radical step and upgraded to 11.0.9.
Now waiting to see what happens.
Thanks a lot for your time!
On Thu, Jul 10, 2025 at 1:54 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Hrvoje,
>
> On 7/10/25 6:52 AM, Hrvoje Lončar wrote:
> > Currently it's 10.
Daniel,
On 7/11/25 11:57 AM, Daniel Sheridan wrote:
>
> [snip]
>
Correct, almost the entire delay is during the JAR scanning when the
files are being accessed.
We are using expanded-WAR deployment.
Good. That fixes at least one known performance issue (scanning WAR
files is inefficient regar
Mark,
Oops, I'm sorry I didn't see this correction and just sent one of my own. :(
-chris
On 7/10/25 3:18 PM, Mark Thomas wrote:
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart uploa
>On 7/8/25 16:32, Christopher Schultz wrote:
>Daniel,
>
>On 7/8/25 11:15 AM, Daniel Sheridan wrote:
>> On 7/2/25 10:22 AM, Daniel Sheridan wrote:
>>> Hi folks,
>>>
>>> We're using Tomcat 10.1.40, but also seeing this issue with multiple Tomcat
>>> 9 versions, running on Windows Server 2019 and Ser
Joey,
On 7/10/25 3:14 PM, Joey Cochran wrote:
Is this accurate?
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.42
Mitigation:
- Upgrade to Apache Tomcat 10.1.32 or later
Nope, this should be "Upgrade to 10.1.43 or later".
Thanks for noticing; we'll get this corrected anywhere it needs t
